Novell Database Abstraction Layer merge.
authorKen Raeburn <raeburn@mit.edu>
Tue, 21 Jun 2005 01:36:03 +0000 (01:36 +0000)
committerKen Raeburn <raeburn@mit.edu>
Tue, 21 Jun 2005 01:36:03 +0000 (01:36 +0000)
Will probably break things.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17258 dc483132-0cff-0310-8789-dd5450dbe970

118 files changed:
src/ChangeLog
src/aclocal.m4
src/include/krb5/ChangeLog
src/include/krb5/Makefile.in
src/include/krb5/adm.h
src/include/krb5/adm_proto.h
src/include/krb5/kdb.h
src/include/krb5/stock/ChangeLog
src/include/krb5/stock/osconf.h
src/kadmin/cli/ChangeLog
src/kadmin/cli/Makefile.in
src/kadmin/cli/kadmin.c
src/kadmin/dbutil/ChangeLog
src/kadmin/dbutil/Makefile.in
src/kadmin/dbutil/dump.c
src/kadmin/dbutil/kadm5_create.c
src/kadmin/dbutil/kdb5_create.c
src/kadmin/dbutil/kdb5_destroy.c
src/kadmin/dbutil/kdb5_stash.c
src/kadmin/dbutil/kdb5_util.c
src/kadmin/dbutil/kdb5_util.h
src/kadmin/dbutil/ovload.c
src/kadmin/passwd/ChangeLog
src/kadmin/passwd/kpasswd.c
src/kadmin/server/ChangeLog
src/kadmin/server/Makefile.in
src/kadmin/server/misc.c
src/kadmin/server/ovsec_kadmd.c
src/kadmin/server/server_stubs.c
src/kadmin/testing/util/ChangeLog
src/kadmin/testing/util/Makefile.in
src/kadmin/testing/util/tcl_kadm5.c
src/kadmin/testing/util/tcl_ovsec_kadm.c
src/kdc/ChangeLog
src/kdc/Makefile.in
src/kdc/main.c
src/krb524/ChangeLog
src/krb524/Makefile.in
src/krb524/krb524d.c
src/lib/ChangeLog
src/lib/Makefile.in
src/lib/kadm5/ChangeLog
src/lib/kadm5/Makefile.in
src/lib/kadm5/admin.h
src/lib/kadm5/admin_xdr.h
src/lib/kadm5/clnt/ChangeLog
src/lib/kadm5/clnt/Makefile.in
src/lib/kadm5/clnt/client_init.c
src/lib/kadm5/clnt/client_principal.c
src/lib/kadm5/clnt/clnt_policy.c
src/lib/kadm5/clnt/clnt_privs.c
src/lib/kadm5/clnt/err_handle.c [new file with mode: 0644]
src/lib/kadm5/clnt/err_handle.h [new file with mode: 0644]
src/lib/kadm5/kadm_err.et
src/lib/kadm5/kadm_rpc.h
src/lib/kadm5/kadm_rpc_xdr.c
src/lib/kadm5/ovsec_glue.c
src/lib/kadm5/server_internal.h
src/lib/kadm5/srv/ChangeLog
src/lib/kadm5/srv/Makefile.in
src/lib/kadm5/srv/adb_free.c [deleted file]
src/lib/kadm5/srv/adb_xdr.c
src/lib/kadm5/srv/server_init.c
src/lib/kadm5/srv/server_kdb.c
src/lib/kadm5/srv/server_misc.c
src/lib/kadm5/srv/svr_iters.c
src/lib/kadm5/srv/svr_policy.c
src/lib/kadm5/srv/svr_principal.c
src/lib/kadm5/unit-test/ChangeLog
src/lib/kadm5/unit-test/Makefile.in
src/lib/kadm5/unit-test/destroy-test.c
src/lib/kadm5/unit-test/handle-test.c
src/lib/kadm5/unit-test/init-test.c
src/lib/kadm5/unit-test/iter-test.c
src/lib/kadm5/unit-test/lock-test.c
src/lib/kadm5/unit-test/randkey-test.c
src/lib/kadm5/unit-test/setkey-test.c
src/lib/kdb/ChangeLog
src/lib/kdb/Makefile.in
src/lib/kdb/adb_err.et [moved from src/lib/kadm5/adb_err.et with 100% similarity]
src/lib/kdb/configure.in
src/lib/kdb/decrypt_key.c
src/lib/kdb/encrypt_key.c
src/lib/kdb/err_handle.c [new file with mode: 0644]
src/lib/kdb/err_handle.h [new file with mode: 0644]
src/lib/kdb/fetch_mkey.c [deleted file]
src/lib/kdb/kdb5.c [new file with mode: 0644]
src/lib/kdb/kdb5.h [new file with mode: 0644]
src/lib/kdb/kdb_cpw.c
src/lib/kdb/kdb_db2/ChangeLog [new file with mode: 0644]
src/lib/kdb/kdb_db2/Makefile.in [new file with mode: 0644]
src/lib/kdb/kdb_db2/adb_openclose.c [moved from src/lib/kadm5/srv/adb_openclose.c with 89% similarity]
src/lib/kdb/kdb_db2/adb_policy.c [moved from src/lib/kadm5/srv/adb_policy.c with 82% similarity]
src/lib/kdb/kdb_db2/configure.in [new file with mode: 0644]
src/lib/kdb/kdb_db2/db2_exp.c [new file with mode: 0644]
src/lib/kdb/kdb_db2/kdb_compat.h [moved from src/lib/kdb/kdb_compat.h with 100% similarity]
src/lib/kdb/kdb_db2/kdb_db2.c [moved from src/lib/kdb/kdb_db2.c with 68% similarity]
src/lib/kdb/kdb_db2/kdb_db2.h [moved from src/lib/kdb/kdb_db2.h with 58% similarity]
src/lib/kdb/kdb_db2/kdb_xdr.c [moved from src/lib/kdb/kdb_xdr.c with 99% similarity]
src/lib/kdb/kdb_db2/kdb_xdr.h [new file with mode: 0644]
src/lib/kdb/kdb_db2/libkdb_db2.exports [new file with mode: 0644]
src/lib/kdb/kdb_db2/pol_xdr.c [new file with mode: 0644]
src/lib/kdb/kdb_db2/policy_db.h [new file with mode: 0644]
src/lib/kdb/kdb_default.c [new file with mode: 0644]
src/lib/kdb/keytab.c
src/lib/kdb/libkdb5.exports
src/lib/kdb/setup_mkey.c [deleted file]
src/lib/kdb/store_mkey.c [deleted file]
src/lib/kdb/t_kdb.c [deleted file]
src/lib/kdb/t_krb5.conf [deleted file]
src/lib/kdb/verify_mky.c [deleted file]
src/lib/krb5.saber.source [deleted file]
src/tests/create/ChangeLog
src/tests/create/Makefile.in
src/tests/create/kdb5_mkdums.c
src/tests/verify/ChangeLog
src/tests/verify/Makefile.in
src/tests/verify/kdb5_verify.c

index 77a2e7d79a93b3899ba0853f7fb3b55f36edb526..3731851e3af5d5f26430854e68167301404207f8 100644 (file)
@@ -1,3 +1,7 @@
+2005-06-20  Ken Raeburn  <raeburn@mit.edu>
+
+       * aclocal.m4: Novell merge.
+
 2005-06-14  Ken Raeburn  <raeburn@mit.edu>
 
        * configure.in: Check for endian.h.
index cc31641b8fb8ea995c0c3aa8d00dd05165c0fcb1..f3491d220cb529039aee4f611597f58581003998 100644 (file)
@@ -1229,6 +1229,7 @@ else
        OBJLISTS=OBJS.ST
        LIBINSTLIST=install-static
        DEPLIBEXT=$STLIBEXT
+       CFLAGS="$CFLAGS -D_KDB5_STATIC_LINK"
 fi
 
 # Check whether to build shared libraries.
index 8983c767ad11348f4f42531af67a6bc90b9da523..c53c92bbfe39e044000681c941fd36f70d430aca 100644 (file)
@@ -1,3 +1,11 @@
+2005-06-20  Ken Raeburn  <raeburn@mit.edu>
+
+       Novell merge.
+       * Makefile.in:
+       * adm.h:
+       * adm_proto.h:
+       * kdb.h:
+
 2005-05-13  Ken Raeburn  <raeburn@mit.edu>
 
        * Makefile.in (thisconfigdir, mydir): Updated for configure
index d45d9bfbc2f984516e91dbdd9a12f24a93681c9c..1b8490091fcfbdc89b73e0d60a3ee26d384586ed 100644 (file)
@@ -41,10 +41,13 @@ SYSCONFDIR = @sysconfdir@
 LOCALSTATEDIR = @localstatedir@
 BINDIR = @bindir@
 SBINDIR = @sbindir@
+LIBDIR  = @libdir@
+
 PROCESS_REPLACE = -e "s+@KRB5RCTMPDIR+$(KRB5RCTMPDIR)+" \
                  -e "s+@PREFIX+$(INSTALL_PREFIX)+" \
                  -e "s+@EXEC_PREFIX+$(INSTALL_EXEC_PREFIX)+" \
                  -e "s+@BINDIR+$(BINDIR)+" \
+                 -e "s+@LIBDIR+$(LIBDIR)+" \
                  -e "s+@SBINDIR+$(SBINDIR)+" \
        -e 's+@LOCALSTATEDIR+$(LOCALSTATEDIR)+' \
        -e 's+@SYSCONFDIR+$(SYSCONFDIR)+' 
@@ -66,6 +69,6 @@ clean::
        $(RM) osconf.new $(BUILT_HEADERS)
 
 clean-unix::
-       $(RM) $(ET_HEADERS) autoconf.h autoconf.stamp
+       $(RM) $(ET_HEADERS) autoconf.stamp
 clean-windows::
        $(RM) osconf.h autoconf.h autoconf.stamp
index d7238ace5a6976c197ca0878019223df50950019..86798a8300787815f322f1949ff91886942696dd 100644 (file)
 #define        KRB5_ADM_KT_KEY_KEY     4
 #define        KRB5_ADM_KT_NCOMPS      5
 
-typedef struct __krb5_key_salt_tuple {
-    krb5_enctype       ks_enctype;
-    krb5_int32         ks_salttype;
-} krb5_key_salt_tuple;
-
 /*
  * Data structure returned by krb5_read_realm_params()
  */
index 76e5effaf2418a22a9bf3b20da8e4ab9f9077206..511547903c3aef9691867d7ce716a1139d0935f2 100644 (file)
@@ -44,10 +44,12 @@ typedef struct _krb5_db_entry krb5_db_entry;
 #if !defined(KRB5_ADM_H__) && !defined(__KADM5_ADMIN_H__)
 struct ___krb5_realm_params;
 typedef struct ___krb5_realm_params krb5_realm_params;
+#endif /* KRB5_ADM_H__ */
 
+#ifndef KRB5_KDB5__
 struct ___krb5_key_salt_tuple;
 typedef struct ___krb5_key_salt_tuple krb5_key_salt_tuple;
-#endif /* KRB5_ADM_H__ */
+#endif /* KRB5_KDB5__ */
 
 /*
  * Function prototypes.
index fbe2d21ba63e21f9d947c051fcc8057e47444498..c93ac96c41cf362569768eadd5ec17d9fa998329 100644 (file)
@@ -140,6 +140,25 @@ typedef struct _krb5_db_entry_new {
     krb5_key_data       * key_data;            /* Array */
 } krb5_db_entry;
 
+typedef struct _osa_policy_ent_t {
+    int               version;
+    char      *name;
+    krb5_ui_4       pw_min_life;
+    krb5_ui_4       pw_max_life;
+    krb5_ui_4       pw_min_length;
+    krb5_ui_4       pw_min_classes;
+    krb5_ui_4       pw_history_num;
+    krb5_ui_4       policy_refcnt;
+} osa_policy_ent_rec, *osa_policy_ent_t;
+
+typedef       void    (*osa_adb_iter_policy_func) (void *, osa_policy_ent_t);
+
+typedef struct __krb5_key_salt_tuple {
+    krb5_enctype       ks_enctype;
+    krb5_int32         ks_salttype;
+} krb5_key_salt_tuple;
+
+
 #define        KRB5_KDB_MAGIC_NUMBER           0xdbdbdbdb
 #define KRB5_KDB_V1_BASE_LENGTH                38
   
@@ -150,6 +169,7 @@ typedef struct _krb5_db_entry_new {
 #define KRB5_TL_RB1_CHALLENGE          0x0005
 #ifdef SECURID
 #define KRB5_TL_SECURID_STATE           0x0006
+#define KRB5_TL_DB_ARGS                 0x7fff
 #endif /* SECURID */
     
 /*
@@ -165,6 +185,7 @@ typedef struct _krb5_db_entry_new {
 #define KRB5_KDC_MKEY_1        "Enter KDC database master key"
 #define KRB5_KDC_MKEY_2        "Re-enter KDC database master key to verify"
 
+
 extern char *krb5_mkey_pwd_prompt1;
 extern char *krb5_mkey_pwd_prompt2;
 
@@ -194,140 +215,283 @@ extern char *krb5_mkey_pwd_prompt2;
            (cp)[3] = (unsigned char) (((i32) >> 24) & 0xff);   \
        }
 
+#define KRB5_KDB_OPEN_RW                0
+#define KRB5_KDB_OPEN_RO                1
+
+#define KRB5_KDB_OPT_SET_DB_NAME        0
+#define KRB5_KDB_OPT_SET_LOCK_MODE      1
+
+#define KRB5_DB_LOCKMODE_SHARED       0x0001
+#define KRB5_DB_LOCKMODE_EXCLUSIVE    0x0002
+#define KRB5_DB_LOCKMODE_DONTBLOCK    0x0004
+#define KRB5_DB_LOCKMODE_PERMANENT    0x0008
+
 /* libkdb.spec */
-krb5_error_code krb5_db_set_name (krb5_context, char * );
-krb5_error_code krb5_db_init (krb5_context);
-krb5_error_code krb5_db_fini (krb5_context);
-krb5_error_code krb5_db_get_age (krb5_context, char *, time_t * );
-krb5_error_code krb5_db_create (krb5_context, char *, krb5_int32 );
-krb5_error_code krb5_db_rename (krb5_context, char *, char * );
-krb5_error_code krb5_db_get_principal (krb5_context, krb5_const_principal ,
-                                      krb5_db_entry *, int *,
-                                      krb5_boolean * );
-void krb5_db_free_principal (krb5_context, krb5_db_entry *, int  );
-krb5_error_code krb5_db_put_principal (krb5_context, krb5_db_entry *, int * );
-krb5_error_code krb5_db_delete_principal (krb5_context, krb5_const_principal,
-                                         int * );
-krb5_error_code krb5_db_iterate (krb5_context,
-                                krb5_error_code (* ) (krb5_pointer,
-                                                      krb5_db_entry *),
-                                krb5_pointer);
-krb5_error_code krb5_db_iterate_ext (krb5_context,
-                                    krb5_error_code (* ) (krb5_pointer,
-                                                          krb5_db_entry *),
-                                    krb5_pointer, int, int);
-krb5_error_code krb5_db_verify_master_key (krb5_context, krb5_principal, 
-                                          krb5_keyblock *);
-krb5_error_code krb5_db_store_mkey (krb5_context, char *, krb5_principal,
-                                   krb5_keyblock *);
-
-krb5_error_code krb5_db_setup_mkey_name (krb5_context, const char *, 
-                                        const char *, char **,
-                                        krb5_principal *);
-
-krb5_error_code krb5_db_set_mkey (krb5_context, krb5_keyblock *);
-
-krb5_error_code krb5_db_get_mkey (krb5_context, krb5_keyblock **);
-krb5_error_code krb5_db_destroy (krb5_context, char * );
-krb5_error_code krb5_db_lock (krb5_context, int );
-krb5_error_code krb5_db_unlock (krb5_context);
-krb5_error_code krb5_db_set_nonblocking (krb5_context, krb5_boolean,
-                                        krb5_boolean * );
-krb5_boolean krb5_db_set_lockmode (krb5_context, krb5_boolean);
-krb5_error_code        krb5_db_fetch_mkey (krb5_context, krb5_principal, krb5_enctype,
-                                   krb5_boolean, krb5_boolean, char *,
-                                   krb5_data *, 
-                                   krb5_keyblock * );
-
-krb5_error_code krb5_db_open_database (krb5_context);
-krb5_error_code krb5_db_close_database (krb5_context);
-
-krb5_error_code krb5_dbekd_encrypt_key_data (krb5_context,
-                                            const krb5_keyblock *,
-                                            const krb5_keyblock *,
-                                            const krb5_keysalt *,
-                                            int,
-                                            krb5_key_data *);
-krb5_error_code krb5_dbekd_decrypt_key_data (krb5_context,
-                                            const krb5_keyblock *,
-                                            const krb5_key_data *,
-                                            krb5_keyblock *,
-                                            krb5_keysalt *);
-krb5_error_code krb5_dbe_create_key_data (krb5_context,
-                                         krb5_db_entry *);
-krb5_error_code krb5_dbe_update_tl_data (krb5_context,
-                                        krb5_db_entry *,
-                                        krb5_tl_data *);
-krb5_error_code krb5_dbe_lookup_tl_data (krb5_context,
-                                        krb5_db_entry *,
-                                        krb5_tl_data *);
-krb5_error_code krb5_dbe_update_last_pwd_change (krb5_context,
-                                                krb5_db_entry *,
-                                                krb5_timestamp);
-krb5_error_code krb5_dbe_lookup_last_pwd_change (krb5_context,
-                                                krb5_db_entry *,
-                                                krb5_timestamp *);
-krb5_error_code krb5_dbe_update_mod_princ_data (krb5_context,
-                                               krb5_db_entry *,
-                                               krb5_timestamp,
-                                               krb5_const_principal);
-krb5_error_code krb5_dbe_lookup_mod_princ_data (krb5_context,
-                                               krb5_db_entry *,
-                                               krb5_timestamp *,
-                                               krb5_principal *);
-int krb5_encode_princ_dbkey (krb5_context, krb5_data  *, krb5_const_principal);
-void krb5_free_princ_dbkey (krb5_context, krb5_data *);
-krb5_error_code krb5_encode_princ_contents (krb5_context, krb5_data *,
-                                           krb5_db_entry *);
-void krb5_free_princ_contents (krb5_context, krb5_data  *);
-krb5_error_code krb5_decode_princ_contents (krb5_context, krb5_data  *,
-                                           krb5_db_entry *);
-void krb5_dbe_free_contents (krb5_context, krb5_db_entry *);
-
-krb5_error_code krb5_dbe_find_enctype (krb5_context, krb5_db_entry *,
-                                      krb5_int32,
-                                      krb5_int32,
-                                      krb5_int32,
-                                      krb5_key_data **);
-
-krb5_error_code krb5_dbe_search_enctype (krb5_context,
-                                        krb5_db_entry *,
-                                        krb5_int32 *,
-                                        krb5_int32,
-                                        krb5_int32,
-                                        krb5_int32,
-                                        krb5_key_data **);
-
-struct __krb5_key_salt_tuple;
-
-krb5_error_code krb5_dbe_cpw (krb5_context,
-                             krb5_keyblock  *,
-                             struct __krb5_key_salt_tuple *,
-                             int,
-                             char *,
-                             int,
-                             krb5_boolean,
-                             krb5_db_entry *);
-krb5_error_code krb5_dbe_apw (krb5_context,
-                             krb5_keyblock  *,
-                             struct __krb5_key_salt_tuple *,
-                             int,
-                             char *,
-                             krb5_db_entry *);
-krb5_error_code krb5_dbe_crk (krb5_context,
-                             krb5_keyblock  *,
-                             struct __krb5_key_salt_tuple *,
-                             int,
-                             krb5_boolean,
-                             krb5_db_entry *);
-krb5_error_code krb5_dbe_ark (krb5_context,
-                             krb5_keyblock  *,
-                             struct __krb5_key_salt_tuple *,
-                             int,
-                             krb5_db_entry *);
-
-krb5_error_code krb5_ser_db_context_init (krb5_context);
+krb5_error_code krb5_db_open( krb5_context kcontext, char **db_args, int mode );
+krb5_error_code krb5_db_init  ( krb5_context kcontext );
+krb5_error_code krb5_db_create ( krb5_context kcontext, char **db_args );
+krb5_error_code krb5_db_inited  ( krb5_context kcontext );
+krb5_error_code kdb5_db_create ( krb5_context kcontext, char **db_args );
+krb5_error_code krb5_db_fini ( krb5_context kcontext );
+const char * krb5_db_errcode2string ( krb5_context kcontext, long err_code );
+krb5_error_code krb5_db_destroy ( krb5_context kcontext, char **db_args );
+krb5_error_code krb5_db_get_age ( krb5_context kcontext, char *db_name, time_t *t );
+krb5_error_code krb5_db_set_option ( krb5_context kcontext, int option, void *value );
+krb5_error_code krb5_db_lock ( krb5_context kcontext, int lock_mode );
+krb5_error_code krb5_db_unlock ( krb5_context kcontext );
+krb5_error_code krb5_db_get_principal ( krb5_context kcontext,
+                                       krb5_const_principal search_for,
+                                       krb5_db_entry *entries,
+                                       int *nentries,
+                                       krb5_boolean *more );
+krb5_error_code krb5_db_free_principal ( krb5_context kcontext,
+                                        krb5_db_entry *entry,
+                                        int count );
+krb5_error_code krb5_db_put_principal ( krb5_context kcontext,
+                                       krb5_db_entry *entries,
+                                       int *nentries);
+krb5_error_code krb5_db_delete_principal ( krb5_context kcontext,
+                                          krb5_principal search_for,
+                                          int *nentries );
+krb5_error_code krb5_db_iterate ( krb5_context kcontext,
+                                 char *match_entry,
+                                 int (*func) (krb5_pointer, krb5_db_entry *),
+                                 krb5_pointer func_arg );
+krb5_error_code krb5_supported_realms ( krb5_context kcontext,
+                                       char **realms );
+krb5_error_code krb5_free_supported_realms ( krb5_context kcontext,
+                                            char **realms );
+krb5_error_code krb5_db_set_master_key_ext ( krb5_context kcontext,
+                                            char *pwd,
+                                            krb5_keyblock *key );
+krb5_error_code krb5_db_set_mkey ( krb5_context context, 
+                                  krb5_keyblock *key);
+krb5_error_code krb5_db_get_mkey ( krb5_context kcontext,
+                                  krb5_keyblock **key );
+krb5_error_code krb5_db_free_master_key ( krb5_context kcontext,
+                                         krb5_keyblock *key );
+krb5_error_code krb5_db_store_master_key  ( krb5_context kcontext, 
+                                           char *db_arg, 
+                                           krb5_principal mname,
+                                           krb5_keyblock *key,
+                                           char *master_pwd);
+krb5_error_code krb5_db_fetch_mkey  ( krb5_context   context,
+                                     krb5_principal mname,
+                                     krb5_enctype   etype,
+                                     krb5_boolean   fromkeyboard,
+                                     krb5_boolean   twice,
+                                     char          *db_args,
+                                     krb5_data     *salt,
+                                     krb5_keyblock *key);
+krb5_error_code krb5_db_verify_master_key ( krb5_context kcontext,
+                                           krb5_principal mprinc,
+                                           krb5_keyblock *mkey );
+krb5_error_code
+krb5_dbe_find_enctype( krb5_context    kcontext,
+                      krb5_db_entry    *dbentp,
+                      krb5_int32               ktype,
+                      krb5_int32               stype,
+                      krb5_int32               kvno,
+                      krb5_key_data    **kdatap);
+
+
+krb5_error_code krb5_dbe_search_enctype ( krb5_context kcontext, 
+                                         krb5_db_entry *dbentp, 
+                                         krb5_int32 *start, 
+                                         krb5_int32 ktype, 
+                                         krb5_int32 stype, 
+                                         krb5_int32 kvno, 
+                                         krb5_key_data **kdatap);
+
+krb5_error_code
+krb5_db_setup_mkey_name ( krb5_context context,
+                         const char *keyname,
+                         const char *realm,
+                         char **fullname,
+                         krb5_principal *principal);
+
+krb5_error_code
+krb5_dbekd_decrypt_key_data( krb5_context        context,
+                            const krb5_keyblock        * mkey,
+                            const krb5_key_data        * key_data,
+                            krb5_keyblock      * dbkey,
+                            krb5_keysalt       * keysalt);
+
+krb5_error_code
+krb5_dbekd_encrypt_key_data( krb5_context                context,
+                            const krb5_keyblock        * mkey,
+                            const krb5_keyblock        * dbkey,
+                            const krb5_keysalt         * keysalt,
+                            int                          keyver,
+                            krb5_key_data              * key_data);
+
+krb5_error_code
+krb5_dbe_lookup_mod_princ_data( krb5_context          context,
+                               krb5_db_entry       * entry,
+                               krb5_timestamp      * mod_time,
+                               krb5_principal      * mod_princ);
  
+
+krb5_error_code
+krb5_dbe_update_last_pwd_change( krb5_context          context,
+                                krb5_db_entry       * entry,
+                                krb5_timestamp   stamp);
+
+krb5_error_code
+krb5_dbe_lookup_tl_data( krb5_context          context,
+                        krb5_db_entry       * entry,
+                        krb5_tl_data        * ret_tl_data);
+
+krb5_error_code
+krb5_dbe_create_key_data( krb5_context          context,
+                         krb5_db_entry       * entry);
+
+
+krb5_error_code
+krb5_dbe_update_mod_princ_data( krb5_context          context,
+                               krb5_db_entry       * entry,
+                               krb5_timestamp        mod_date,
+                               krb5_const_principal  mod_princ);
+
+krb5_error_code
+krb5_dbe_update_last_pwd_change( krb5_context          context,
+                                krb5_db_entry       * entry,
+                                krb5_timestamp   stamp);
+
+void *krb5_db_alloc( krb5_context kcontext,
+                    void *ptr,
+                    size_t size );
+
+void krb5_db_free( krb5_context kcontext,
+                  void *ptr);
+
+
+krb5_error_code
+krb5_dbe_lookup_last_pwd_change( krb5_context          context,
+                                krb5_db_entry       * entry,
+                                krb5_timestamp      * stamp);
+
+krb5_error_code
+krb5_dbe_update_tl_data( krb5_context          context,
+                        krb5_db_entry       * entry,
+                        krb5_tl_data        * new_tl_data);
+
+krb5_error_code
+krb5_dbe_cpw( krb5_context       kcontext,
+             krb5_keyblock       * master_key,
+             krb5_key_salt_tuple       * ks_tuple,
+             int                         ks_tuple_count,
+             char              * passwd,
+             int                         new_kvno,
+             krb5_boolean        keepold,
+             krb5_db_entry     * db_entry);
+
+krb5_error_code
+krb5_dbe_ark( krb5_context       context,
+             krb5_keyblock       * master_key,
+             krb5_key_salt_tuple       * ks_tuple,
+             int                         ks_tuple_count,
+             krb5_db_entry     * db_entry);
+
+krb5_error_code
+krb5_dbe_crk( krb5_context       context,
+             krb5_keyblock       * master_key,
+             krb5_key_salt_tuple       * ks_tuple,
+             int                         ks_tuple_count,
+             krb5_boolean        keepold,
+             krb5_db_entry     * db_entry);
+
+krb5_error_code
+krb5_dbe_apw( krb5_context       context,
+             krb5_keyblock       * master_key,
+             krb5_key_salt_tuple       * ks_tuple,
+             int                         ks_tuple_count,
+             char              * passwd,
+             krb5_db_entry     * db_entry);
+
+
+/* default functions. Should not be directly called */
+/*
+ *   Default functions prototype
+ */
+
+krb5_error_code
+krb5_dbe_def_search_enctype( krb5_context kcontext, 
+                            krb5_db_entry *dbentp, 
+                            krb5_int32 *start, 
+                            krb5_int32 ktype, 
+                            krb5_int32 stype, 
+                            krb5_int32 kvno, 
+                            krb5_key_data **kdatap);
+
+krb5_error_code
+krb5_def_store_mkey( krb5_context context,
+                    char *keyfile,
+                    krb5_principal mname,
+                    krb5_keyblock *key,
+                    char *master_pwd);
+
+
+krb5_error_code
+krb5_db_def_fetch_mkey( krb5_context   context,
+                       krb5_principal mname,
+                       krb5_keyblock *key,
+                       int           *kvno,
+                       char          *db_args);
+
+krb5_error_code
+krb5_def_verify_master_key( krb5_context context,
+                           krb5_principal mprinc,
+                           krb5_keyblock *mkey);
+
+krb5_error_code kdb_def_set_mkey ( krb5_context kcontext,
+                                  char *pwd,
+                                  krb5_keyblock *key );
+
+krb5_error_code kdb_def_get_mkey ( krb5_context kcontext,
+                                  krb5_keyblock **key );
+
+krb5_error_code
+krb5_dbe_def_cpw( krb5_context   context,
+                 krb5_keyblock       * master_key,
+                 krb5_key_salt_tuple   * ks_tuple,
+                 int                     ks_tuple_count,
+                 char          * passwd,
+                 int                     new_kvno,
+                 krb5_boolean    keepold,
+                 krb5_db_entry * db_entry);
+
+
+krb5_error_code 
+krb5_db_create_policy( krb5_context kcontext, 
+                      osa_policy_ent_t policy);
+
+krb5_error_code 
+krb5_db_get_policy ( krb5_context kcontext, 
+                    char *name, 
+                    osa_policy_ent_t *policy,
+                    int *nentries);
+
+krb5_error_code 
+krb5_db_put_policy( krb5_context kcontext, 
+                   osa_policy_ent_t policy);
+
+krb5_error_code 
+krb5_db_iter_policy( krb5_context kcontext,
+                    char *match_entry,
+                    osa_adb_iter_policy_func func,
+                    void *data);
+
+krb5_error_code 
+krb5_db_delete_policy( krb5_context kcontext, 
+                      char *policy);
+
+void 
+krb5_db_free_policy( krb5_context kcontext, 
+                    osa_policy_ent_t policy);
+
+void krb5_db_clr_error(void);
+
 #define KRB5_KDB_DEF_FLAGS     0
 
 #endif /* !defined(_WIN32) */
index b4fb69db60315dc008087f598df02d6ca1033891..34c37656dac3155e471986dfcd38ad02c05ea494 100644 (file)
@@ -1,3 +1,8 @@
+2005-06-20  Ken Raeburn  <raeburn@mit.edu>
+
+       Novell merge.
+       * osconf.h:
+
 2004-07-09  Jeffrey Altman <jaltman@mit.edu>
 
     * osconf.h: !!define -> !define
index 6c6c6cd3ad320054d4b1b34ade3a1b839da88ad5..7fff64b96ffbd4f7707e65f0ba1888f0b3d5a585 100644 (file)
@@ -63,6 +63,7 @@
 /* Location of KDC profile */
 #define        DEFAULT_KDC_PROFILE     "@LOCALSTATEDIR/krb5kdc/kdc.conf"
 #define        KDC_PROFILE_ENV         "KRB5_KDC_PROFILE"
+#define DEFAULT_KDB_LIB_PATH        { "/usr/lib/kerbdb", "@LIBDIR/kerbdb", NULL }
 
 #define        DEFAULT_KDC_ENCTYPE     ENCTYPE_DES3_CBC_SHA1
 #define KDCRCACHE              "dfl:krb5kdc_rcache"
index 1e2ef44f03384e54e1e7eb1f4aa6a5ff4e96ada4..d94a5583564f81413cc85566e0db259998992512 100644 (file)
@@ -1,3 +1,9 @@
+2005-06-20  Ken Raeburn  <raeburn@mit.edu>
+
+       Novell merge.
+       * Makefile.in:
+       * kadmin.c:
+
 2005-02-11  Tom Yu  <tlyu@mit.edu>
 
        * kadmin.c (kadmin_startup): New flag "-N" to prevent fallback to
index d1b9b9bf02ebaa2389001316f7382d30a391497d..992f6ef736888b4e9e7f44f0a7d45ad5846dd2ca 100644 (file)
@@ -4,6 +4,7 @@ mydir=cli
 BUILDTOP=$(REL)..$(S)..
 PROG_LIBPATH=-L$(TOPLIBD)
 PROG_RPATH=$(KRB5_LIBDIR)
+KDB_DEP_LIB=-ldl -lpthread
 
 PROG = kadmin
 OBJS = kadmin.o kadmin_ct.o ss_wrapper.o getdate.o keytab.o
@@ -13,7 +14,7 @@ LOCALINCLUDES=-I$(srcdir)
 all:: $(PROG).local $(PROG)
 
 $(PROG).local: $(OBJS) $(SS_DEPLIB) $(KADMSRV_DEPLIBS) $(KRB5_BASE_DEPLIBS)
-       $(CC_LINK) -o $(PROG).local $(OBJS) $(SS_LIB) $(KADMSRV_LIBS) $(KRB5_BASE_LIBS)
+       $(CC_LINK) -o $(PROG).local $(OBJS) $(SS_LIB) $(KADMSRV_LIBS) $(KDB_DEP_LIB) $(KRB5_BASE_LIBS)
 
 $(PROG): $(OBJS) $(SS_DEPLIB) $(KADMCLNT_DEPLIBS) $(KRB5_BASE_DEPLIBS)
        $(CC_LINK) -o $(PROG) $(OBJS) $(SS_LIB) $(KADMCLNT_LIBS) $(KRB5_BASE_LIBS)
index 957659dad77ad65cca5eafddd49e0c639a43f325..b4a0ee7089ec56cbcf21f24263959a984faf41e6 100644 (file)
@@ -26,6 +26,7 @@
  */
 
 #include <krb5.h>
+#include <k5-int.h>
 #include <kadm5/admin.h>
 #include <krb5/adm_proto.h>
 #include <stdio.h>
@@ -96,9 +97,12 @@ int locked = 0;
 static void usage()
 {
     fprintf(stderr,
-        "Usage: %s [-r realm] [-p principal] [-q query] [clnt|local args]\n"
-    "\tclnt args: [-s admin_server[:port]] [[-c ccache]|[-k [-t keytab]]]\n"
-        "\tlocal args: [-d dbname] [-e \"enc:salt ...\"] [-m]\n", whoami);
+           "Usage: %s [-r realm] [-p principal] [-q query] [clnt|local args]\n"
+           "\tclnt args: [-s admin_server[:port]] [[-c ccache]|[-k [-t keytab]]]\n"
+           "\tlocal args: [-x db_args]* [-d dbname] [-e \"enc:salt ...\"] [-m]\n"
+           "where,\n\t[-x db_args]* - any number of database specific arguments.\n"
+           "\t\t\tLook at each database documentation for supported arguments\n",
+           whoami);
     exit(1);
 }
 
@@ -183,6 +187,9 @@ char *kadmin_startup(argc, argv)
     krb5_ccache cc;
     krb5_principal princ;
     kadm5_config_params params;
+    char **db_args = NULL;
+    int db_args_size = 0;
+    char *db_name = NULL;
     char *svcname;
 
     memset((char *) &params, 0, sizeof(params));
@@ -193,8 +200,25 @@ char *kadmin_startup(argc, argv)
         exit(1);
     }
                     
-    while ((optchar = getopt(argc, argv, "r:p:kq:w:d:s:mc:t:e:ON")) != EOF) {
+    while ((optchar = getopt(argc, argv, "x:r:p:kq:w:d:s:mc:t:e:ON")) != EOF) {
        switch (optchar) {
+       case 'x':
+         db_args_size++;
+         {
+           char **temp = realloc( db_args, sizeof(char*) * (db_args_size+1)); /* one for NULL */
+           if( temp == NULL )
+             {
+               fprintf(stderr,"%s: Cannot initialize. Not enough memory\n",
+                       argv[0]);
+               exit(1);
+             }
+
+           db_args = temp;
+         }
+         db_args[db_args_size-1] = optarg;
+         db_args[db_args_size]   = NULL;
+         break;
+         
        case 'r':
            def_realm = optarg;
            break;
@@ -217,8 +241,33 @@ char *kadmin_startup(argc, argv)
            query = optarg;
            break;
         case 'd':
-           params.dbname = optarg;
-           params.mask |= KADM5_CONFIG_DBNAME;
+           /* now db_name is not a seperate argument. It has to be passed as part of the db_args */
+           if( !db_name )
+           {
+               db_name = malloc( strlen(optarg) + sizeof("dbname="));
+           } 
+           else
+           {
+               db_name = realloc( db_name, strlen(optarg) + sizeof("dbname="));
+           }
+
+           strcpy( db_name, "dbname=");
+           strcat( db_name, optarg );
+
+           db_args_size++;
+           {
+               char **temp = realloc( db_args, sizeof(char*) * (db_args_size+1)); /* one for NULL */
+               if( temp == NULL )
+               {
+                   fprintf(stderr,"%s: Cannot initialize. Not enough memory\n",
+                           argv[0]);
+                   exit(1);
+               }
+
+               db_args = temp;
+           }
+           db_args[db_args_size-1] = db_name;
+           db_args[db_args_size]   = NULL;
            break;
         case 's':
            params.admin_server = optarg;
@@ -417,6 +466,7 @@ char *kadmin_startup(argc, argv)
                                        &params,
                                        KADM5_STRUCT_VERSION,
                                        KADM5_API_VERSION_2,
+                                       db_args,
                                        &handle);
     } else if (use_keytab) {
         if (keytab_name)
@@ -430,6 +480,7 @@ char *kadmin_startup(argc, argv)
                                       &params,
                                       KADM5_STRUCT_VERSION,
                                       KADM5_API_VERSION_2,
+                                      db_args,
                                       &handle);
     } else {
         printf("Authenticating as principal %s with password.\n",
@@ -439,6 +490,7 @@ char *kadmin_startup(argc, argv)
                                           &params,
                                           KADM5_STRUCT_VERSION,
                                           KADM5_API_VERSION_2,
+                                          db_args,
                                           &handle);
     }
     if (retval) {
@@ -451,6 +503,12 @@ char *kadmin_startup(argc, argv)
     if (freeprinc)
        free(princstr);
 
+    if( db_name )
+       free(db_name), db_name=NULL;
+
+    if( db_args )
+       free(db_args), db_args=NULL;
+
     if ((retval = krb5_cc_close(context, cc))) {
         com_err(whoami, retval, "while closing ccache %s",
                 ccache_name);
@@ -588,11 +646,36 @@ void kadmin_cpw(argc, argv)
     krb5_boolean keepold = FALSE;
     krb5_key_salt_tuple *ks_tuple = NULL;
     krb5_principal princ;
+    char **db_args = NULL;
+    int db_args_size = 0;
+
     
     if (argc < 2) {
         goto usage;
     }
     for (argv++, argc--; argc > 1; argc--, argv++) {
+       if (!strcmp("-x", *argv)) {
+           argc--;
+           if( argc < 1 ) {
+               fprintf( stderr, "change_password: missing db argument\n");
+               goto usage;
+           }
+           db_args_size++;
+           {
+               char **temp = realloc( db_args, sizeof(char*) * (db_args_size+1)); /* one for NULL */
+               if( temp == NULL )
+               {
+                   fprintf(stderr,"change_password: Not enough memory\n");
+                   free( db_args ), db_args = NULL;
+                   exit(1);
+               }
+
+               db_args = temp;
+           }
+           db_args[db_args_size-1] = *++argv;
+           db_args[db_args_size]   = NULL;
+           continue;
+       }
        if (!strcmp("-pw", *argv)) {
            argc--;
            if (argc < 1) {
@@ -633,6 +716,7 @@ void kadmin_cpw(argc, argv)
        com_err("change_password", retval, "while parsing principal name");
        if (ks_tuple != NULL)
            free(ks_tuple);
+       if( db_args ) free(db_args);
        return;
     }
     retval = krb5_unparse_name(context, princ, &canon);
@@ -641,6 +725,7 @@ void kadmin_cpw(argc, argv)
        krb5_free_principal(context, princ);
        if (ks_tuple != NULL)
            free(ks_tuple);
+       if( db_args ) free(db_args);
        return;
     }
     if (pwarg != NULL) {
@@ -657,10 +742,12 @@ void kadmin_cpw(argc, argv)
            com_err("change_password", retval,
                    "while changing password for \"%s\".", canon);
            free(canon);
+           if( db_args ) free(db_args);
            return;
        }
        printf("Password for \"%s\" changed.\n", canon);
        free(canon);
+       if( db_args ) free(db_args);
        return;
     } else if (randkey) {
        if (keepold || ks_tuple != NULL) {
@@ -677,10 +764,12 @@ void kadmin_cpw(argc, argv)
            com_err("change_password", retval,
                    "while randomizing key for \"%s\".", canon);
            free(canon);
+           if( db_args ) free(db_args);
            return;
        }
        printf("Key for \"%s\" randomized.\n", canon);
        free(canon);
+       if( db_args ) free(db_args);
        return;
     } else if (argc == 1) {
        unsigned int i = sizeof (newpw) - 1;
@@ -699,6 +788,7 @@ void kadmin_cpw(argc, argv)
            if (ks_tuple != NULL)
                free(ks_tuple);
            krb5_free_principal(context, princ);
+           if( db_args ) free(db_args);
            return;
        }
        if (keepold || ks_tuple != NULL) {
@@ -716,15 +806,18 @@ void kadmin_cpw(argc, argv)
            com_err("change_password", retval,
                    "while changing password for \"%s\".", canon);
            free(canon);
+           if( db_args ) free(db_args);
            return;
        }
        printf("Password for \"%s\" changed.\n", canon);
        free(canon);
+       if( db_args ) free(db_args);
        return;
    } else {
        free(canon);
        krb5_free_principal(context, princ);
    usage:
+       if( db_args ) free(db_args);
        if (ks_tuple != NULL)
            free(ks_tuple);
        fprintf(stderr,
@@ -735,6 +828,27 @@ void kadmin_cpw(argc, argv)
    }
 }
 
+static void
+kadmin_free_tl_data( kadm5_principal_ent_t princ )
+{
+    krb5_tl_data *tl_data = princ->tl_data;
+    int n_tl_data         = princ->n_tl_data;
+    int i;
+
+    princ->n_tl_data = 0;
+    princ->tl_data   = NULL;
+
+    for( i = 0; tl_data && (i < n_tl_data); i++ )
+    {
+       krb5_tl_data *next = tl_data->tl_data_next;
+       if( tl_data->tl_data_contents )
+           free( tl_data->tl_data_contents );
+       free( tl_data );
+       tl_data = next;
+    }
+}
+
+#define KRB5_TL_DB_ARGS 0x7fff
 static int 
 kadmin_parse_princ_args(argc, argv, oprinc, mask, pass, randkey,
                        ks_tuple, n_ks_tuple, caller)
@@ -752,6 +866,7 @@ kadmin_parse_princ_args(argc, argv, oprinc, mask, pass, randkey,
     time_t date;
     time_t now;
     krb5_error_code retval;
+    krb5_tl_data *tl_data, *tail = NULL;
     
     *mask = 0;
     *pass = NULL;
@@ -761,6 +876,42 @@ kadmin_parse_princ_args(argc, argv, oprinc, mask, pass, randkey,
     *randkey = 0;
     for (i = 1; i < argc - 1; i++) {
        attrib_set = 0;
+       if (strlen(argv[i]) == 2 &&
+           !strcmp("-x",argv[i])) {
+           if (++i > argc - 2)
+               return -1;
+
+           tl_data = malloc( sizeof(krb5_tl_data) );
+           if( tl_data == NULL )
+           {
+               fprintf(stderr, "Not enough memory\n");
+               return ENOMEM;
+           }
+
+           memset( tl_data, 0, sizeof(krb5_tl_data));
+           tl_data->tl_data_type = KRB5_TL_DB_ARGS;
+           tl_data->tl_data_length  = strlen(argv[i])+1;
+           tl_data->tl_data_contents = strdup(argv[i]);
+
+           if( tail )
+           {
+               tail->tl_data_next = tl_data;
+           }
+           else
+           {
+               oprinc->tl_data = tl_data;
+           }
+           tail = tl_data;
+           oprinc->n_tl_data++;
+           
+           if( tl_data->tl_data_contents == NULL )
+           {
+               fprintf(stderr, "Not enough memory\n");
+               return ENOMEM;
+           }
+           *mask |= KADM5_TL_DATA;
+           continue;
+       }
        if (strlen(argv[i]) == 7 &&
            !strcmp("-expire", argv[i])) {
            if (++i > argc - 2)
@@ -920,12 +1071,14 @@ kadmin_addprinc_usage(func)
 {
      fprintf(stderr, "usage: %s [options] principal\n", func);
      fprintf(stderr, "\toptions are:\n");
-     fprintf(stderr, "\t\t[-expire expdate] [-pwexpire pwexpdate] [-maxlife maxtixlife]\n\t\t[-kvno kvno] [-policy policy] [-randkey] [-pw password]\n\t\t[-maxrenewlife maxrenewlife]\n\t\t[-e keysaltlist]\n\t\t[{+|-}attribute]\n");
+     fprintf(stderr, "\t\t[-x db_princ_args]* [-expire expdate] [-pwexpire pwexpdate] [-maxlife maxtixlife]\n\t\t[-kvno kvno] [-policy policy] [-randkey] [-pw password]\n\t\t[-maxrenewlife maxrenewlife]\n\t\t[-e keysaltlist]\n\t\t[{+|-}attribute]\n");
      fprintf(stderr, "\tattributes are:\n");
      fprintf(stderr, "%s%s%s",
             "\t\tallow_postdated allow_forwardable allow_tgs_req allow_renewable\n",
             "\t\tallow_proxiable allow_dup_skey allow_tix requires_preauth\n",
-            "\t\trequires_hwauth needchange allow_svr password_changing_service\n");
+            "\t\trequires_hwauth needchange allow_svr password_changing_service\n"
+            "\nwhere,\n\t[-x db_princ_args]* - any number of database specific arguments.\n"
+            "\t\t\tLook at each database documentation for supported arguments\n");
 }
 
 static void 
@@ -934,12 +1087,15 @@ kadmin_modprinc_usage(func)
 {
      fprintf(stderr, "usage: %s [options] principal\n", func);
      fprintf(stderr, "\toptions are:\n");
-     fprintf(stderr, "\t\t[-expire expdate] [-pwexpire pwexpdate] [-maxlife maxtixlife]\n\t\t[-kvno kvno] [-policy policy] [-clearpolicy]\n\t\t[-maxrenewlife maxrenewlife] [{+|-}attribute]\n");
+     fprintf(stderr, "\t\t[-x db_princ_args]* [-expire expdate] [-pwexpire pwexpdate] [-maxlife maxtixlife]\n\t\t[-kvno kvno] [-policy policy] [-clearpolicy]\n\t\t[-maxrenewlife maxrenewlife] [{+|-}attribute]\n");
      fprintf(stderr, "\tattributes are:\n");
      fprintf(stderr, "%s%s%s",
             "\t\tallow_postdated allow_forwardable allow_tgs_req allow_renewable\n",
             "\t\tallow_proxiable allow_dup_skey allow_tix requires_preauth\n",
-            "\t\trequires_hwauth needchange allow_svr password_changing_service\n");
+            "\t\trequires_hwauth needchange allow_svr password_changing_service\n"
+            "\nwhere,\n\t[-x db_princ_args]* - any number of database specific arguments.\n"
+            "\t\t\tLook at each database documentation for supported arguments\n"
+            );
 }
 
 void kadmin_addprinc(argc, argv)
@@ -970,7 +1126,8 @@ void kadmin_addprinc(argc, argv)
                                &princ, &mask, &pass, &randkey,
                                &ks_tuple, &n_ks_tuple,
                                "add_principal")) {
-        kadmin_addprinc_usage("add_principal");
+        kadmin_addprinc_usage("add_principal"); 
+        kadmin_free_tl_data( &princ ); /* need to free ks_tuple also??? */
         return;
     }
 
@@ -981,6 +1138,7 @@ void kadmin_addprinc(argc, argv)
        krb5_free_principal(context, princ.principal);
        if (ks_tuple != NULL)
            free(ks_tuple);
+       kadmin_free_tl_data( &princ );
        return;
     }
 
@@ -1025,6 +1183,7 @@ void kadmin_addprinc(argc, argv)
                    "while reading password for \"%s\".", canon);
            free(canon);
            krb5_free_principal(context, princ.principal);
+           kadmin_free_tl_data( &princ );
            return;
        }
        pass = newpw;
@@ -1043,6 +1202,7 @@ void kadmin_addprinc(argc, argv)
        free(canon);
        if (ks_tuple != NULL)
            free(ks_tuple);
+       kadmin_free_tl_data( &princ );
        return;
     }
     if (randkey) {             /* more special stuff for -randkey */
@@ -1062,6 +1222,7 @@ void kadmin_addprinc(argc, argv)
            free(canon);
            if (ks_tuple != NULL)
                free(ks_tuple);
+           kadmin_free_tl_data( &princ );
            return;
        }
        princ.attributes &= ~KRB5_KDB_DISALLOW_ALL_TIX; /* clear notix */
@@ -1074,6 +1235,7 @@ void kadmin_addprinc(argc, argv)
            free(canon);
            if (ks_tuple != NULL)
                free(ks_tuple);
+           kadmin_free_tl_data( &princ );
            return;
        }
     }
@@ -1082,6 +1244,8 @@ void kadmin_addprinc(argc, argv)
     if (ks_tuple != NULL)
        free(ks_tuple);
     free(canon);
+    kadmin_free_tl_data( &princ );
+
 }
 
 void kadmin_modprinc(argc, argv)
@@ -1137,17 +1301,20 @@ void kadmin_modprinc(argc, argv)
        free(ks_tuple);
        kadmin_modprinc_usage("modify_principal");
        free(canon);
+       kadmin_free_tl_data(&princ);
        return;
     }
     if (retval) {
        kadmin_modprinc_usage("modify_principal");
        free(canon);
+       kadmin_free_tl_data(&princ);
        return;
     }
     if (randkey) {
        fprintf(stderr, "modify_principal: -randkey not allowed\n");
        krb5_free_principal(context, princ.principal);
        free(canon);
+       kadmin_free_tl_data(&princ);
        return;
     }
     if (pass) {
@@ -1155,6 +1322,7 @@ void kadmin_modprinc(argc, argv)
                "modify_principal: -pw not allowed; use change_password\n");
        krb5_free_principal(context, princ.principal);
        free(canon);
+       kadmin_free_tl_data(&princ);
        return;
     }
     retval = kadm5_modify_principal(handle, &princ, mask);
@@ -1163,9 +1331,11 @@ void kadmin_modprinc(argc, argv)
        com_err("modify_principal", retval,
                "while modifying \"%s\".", canon);
        free(canon);
+       kadmin_free_tl_data(&princ);
        return;
     }
     printf("Principal \"%s\" modified.\n", canon);
+    kadmin_free_tl_data(&princ);
     free(canon);
 }
 
index 374052d4feebf65669c838784cf1cf2f88b1bffd..dae3be477ccd32ec16200f7a1e84ea0d362b489f 100644 (file)
@@ -1,3 +1,16 @@
+2005-06-20  Ken Raeburn  <raeburn@mit.edu>
+
+       Novell merge.
+       * Makefile.in:
+       * dump.c:
+       * kadm5_create.c:
+       * kdb5_create.c:
+       * kdb5_destroy.c:
+       * kdb5_stash.c:
+       * kdb5_util.c:
+       * kdb5_util.h:
+       * ovload.c:
+
 2004-08-27  Ken Raeburn  <raeburn@mit.edu>
 
        * loadv4.c (enter_in_v5_db): Terminate argument list of
index 34569f23d0185cc37b41fb018073be26ce12c985..6f1fae6278622b0329bb7c6a221082b016eb8d27 100644 (file)
@@ -6,16 +6,20 @@ DEFINES = -DKDB4_DISABLE
 LOCALINCLUDES = -I. @KRB4_INCLUDES@ 
 PROG_LIBPATH=-L$(TOPLIBD) $(KRB4_LIBPATH)
 PROG_RPATH=$(KRB5_LIBDIR)
+KDB_DEP_LIB=-ldl -lpthread
 
 PROG = kdb5_util
-OBJS   = kdb5_util.o dump.o dumpv4.o loadv4.o \
-       kdb5_create.o kadm5_create.o string_table.o kdb5_stash.o \
-       kdb5_destroy.o ovload.o import_err.o strtok.o
+###OBJS        = kdb5_util.o dump.o dumpv4.o loadv4.o \
+###    kdb5_create.o kadm5_create.o string_table.o kdb5_stash.o \
+###    kdb5_destroy.o ovload.o import_err.o strtok.o
+###
+
+OBJS = kdb5_util.o kdb5_create.o kadm5_create.o string_table.o kdb5_destroy.o kdb5_stash.o import_err.o strtok.o dump.o ovload.o
 
 all:: $(PROG)
 
 $(PROG): $(OBJS) $(KADMSRV_DEPLIBS) $(KRB4COMPAT_DEPLIBS)
-       $(CC_LINK) -o $(PROG) $(OBJS) $(KADMSRV_LIBS) $(KRB4COMPAT_LIBS)
+       $(CC_LINK) -o $(PROG) $(OBJS) $(KADMSRV_LIBS) $(KDB_DEP_LIB) $(KRB4COMPAT_LIBS)
 
 import_err.c import_err.h: $(srcdir)/import_err.et
 
index 8dee427c748306586ed31642e1c4e3b0d9b59ecc..74f2cde68b08d5bdb59c46cc9e1a875a06a5276c 100644 (file)
@@ -30,7 +30,8 @@
 #include <stdio.h>
 #include <k5-int.h>
 #include <kadm5/admin.h>
-#include <kadm5/adb.h>
+#include <kadm5/server_internal.h>
+#include <krb5/kdb.h>
 #include <com_err.h>
 #include "kdb5_util.h"
 #if defined(HAVE_REGEX_H) && defined(HAVE_REGCOMP)
@@ -91,15 +92,15 @@ typedef krb5_error_code (*dump_func)(krb5_pointer,
                                     krb5_db_entry *);
 
 static int process_k5beta_record (char *, krb5_context,
-                                 FILE *, int, int *, void *);
+                                 FILE *, int, int *);
 static int process_k5beta6_record (char *, krb5_context,
-                                  FILE *, int, int *, void *);
+                                  FILE *, int, int *);
 static int process_k5beta7_record (char *, krb5_context,
-                                  FILE *, int, int *, void *);
+                                  FILE *, int, int *);
 static int process_ov_record (char *, krb5_context,
-                             FILE *, int, int *, void *);
+                             FILE *, int, int *);
 typedef krb5_error_code (*load_func)(char *, krb5_context,
-                                    FILE *, int, int *, void *);
+                                    FILE *, int, int *);
 
 typedef struct _dump_version {
      char *name;
@@ -145,7 +146,7 @@ dump_version ov_version = {
      1,
      dump_ov_princ,
      dump_k5beta7_policy,
-     process_ov_record,
+     process_ov_record
 };
 
 dump_version r1_3_version = {
@@ -960,7 +961,7 @@ static krb5_error_code dump_ov_princ(krb5_pointer ptr, krb5_db_entry *kdb)
                  tl_data.tl_data_length, XDR_DECODE);
     if (! xdr_osa_princ_ent_rec(&xdrs, &adb)) {
         xdr_destroy(&xdrs);
-        return(OSA_ADB_XDR_FAILURE);
+        return(KADM5_XDR_FAILURE);
     }
     xdr_destroy(&xdrs);
     
@@ -1021,7 +1022,6 @@ dump_db(argc, argv)
     dump_version       *dump;
     int                        aindex;
     krb5_boolean       locked;
-    extern osa_adb_policy_t policy_db;
     char               *new_mkey_file = 0;
        
     /*
@@ -1080,7 +1080,7 @@ dump_db(argc, argv)
      * Make sure the database is open.  The policy database only has
      * to be opened if we try a dump that uses it.
      */
-    if (!dbactive || (dump->dump_policy != NULL && policy_db == NULL)) {
+    if (!dbactive) {
        com_err(argv[0], 0, Err_no_database);
        exit_status++;
        return;
@@ -1174,17 +1174,17 @@ dump_db(argc, argv)
        if (dump->header[strlen(dump->header)-1] != '\n')
             fputc('\n', arglist.ofile);
        
-       if ((kret = krb5_db_iterate_ext(util_context,
-                                       dump->dump_princ,
-                                       (krb5_pointer) &arglist,
-                                       backwards, recursive))) {
+       if ((kret = krb5_db_iterate(util_context,
+                                   NULL,
+                                   dump->dump_princ,
+                                   (krb5_pointer) &arglist))) { /* TBD: backwards and recursive not supported */
             fprintf(stderr, dumprec_err,
                     programname, dump->name, error_message(kret));
             exit_status++;
        }
        if (dump->dump_policy &&
-           (kret = osa_adb_iter_policy(policy_db, dump->dump_policy,
-                                       &arglist))) { 
+           (kret = krb5_db_iter_policy( util_context, "*", dump->dump_policy,
+                                        &arglist))) { 
             fprintf(stderr, dumprec_err, programname, dump->name,
                     error_message(kret));
             exit_status++;
@@ -1363,13 +1363,12 @@ update_tl_data(kcontext, dbentp, mod_name, mod_date, last_pwd_change)
  * Returns -1 for end of file, 0 for success and 1 for failure.
  */
 static int
-process_k5beta_record(fname, kcontext, filep, verbose, linenop, pol_db)
+process_k5beta_record(fname, kcontext, filep, verbose, linenop)
     char               *fname;
     krb5_context       kcontext;
     FILE               *filep;
     int                        verbose;
     int                        *linenop;
-   void *pol_db;
 {
     int                        nmatched;
     int                        retval;
@@ -1664,13 +1663,12 @@ process_k5beta_record(fname, kcontext, filep, verbose, linenop, pol_db)
  * Returns -1 for end of file, 0 for success and 1 for failure.
  */
 static int
-process_k5beta6_record(fname, kcontext, filep, verbose, linenop, pol_db)
+process_k5beta6_record(fname, kcontext, filep, verbose, linenop)
     char               *fname;
     krb5_context       kcontext;
     FILE               *filep;
     int                        verbose;
     int                        *linenop;
-   void *pol_db;
 {
     int                        retval;
     krb5_db_entry      dbentry;
@@ -1948,9 +1946,9 @@ process_k5beta7_policy(fname, kcontext, filep, verbose, linenop, pol_db)
         return 1;
     }
 
-    if ((ret = osa_adb_create_policy(pol_db, &rec))) {
-        if (ret == OSA_ADB_DUP &&
-            ((ret = osa_adb_put_policy(pol_db, &rec)))) {
+    if ((ret = krb5_db_create_policy(kcontext, &rec))) {
+        if (ret &&
+            ((ret = krb5_db_put_policy(kcontext, &rec)))) {
              fprintf(stderr, "cannot create policy on line %d: %s\n",
                      *linenop, error_message(ret));
              return 1;
@@ -1968,13 +1966,12 @@ process_k5beta7_policy(fname, kcontext, filep, verbose, linenop, pol_db)
  * Returns -1 for end of file, 0 for success and 1 for failure.
  */
 static int
-process_k5beta7_record(fname, kcontext, filep, verbose, linenop, pol_db)
+process_k5beta7_record(fname, kcontext, filep, verbose, linenop)
     char               *fname;
     krb5_context       kcontext;
     FILE               *filep;
     int                        verbose;
     int                        *linenop;
-   void *pol_db;
 {
      int nread;
      char rectype[100];
@@ -1986,10 +1983,10 @@ process_k5beta7_record(fname, kcontext, filep, verbose, linenop, pol_db)
          return 1;
      if (strcmp(rectype, "princ") == 0)
          process_k5beta6_record(fname, kcontext, filep, verbose,
-                                linenop, pol_db);
+                                linenop);
      else if (strcmp(rectype, "policy") == 0)
          process_k5beta7_policy(fname, kcontext, filep, verbose,
-                                linenop, pol_db);
+                                linenop);
      else {
          fprintf(stderr, "unknown record type \"%s\" on line %d\n",
                  rectype, *linenop);
@@ -2005,13 +2002,12 @@ process_k5beta7_record(fname, kcontext, filep, verbose, linenop, pol_db)
  * Returns -1 for end of file, 0 for success and 1 for failure.
  */
 static int
-process_ov_record(fname, kcontext, filep, verbose, linenop, pol_db)
+process_ov_record(fname, kcontext, filep, verbose, linenop)
     char               *fname;
     krb5_context       kcontext;
     FILE               *filep;
     int                        verbose;
     int                        *linenop;
-   void *pol_db;
 {
      int nread;
      char rectype[100];
@@ -2023,10 +2019,10 @@ process_ov_record(fname, kcontext, filep, verbose, linenop, pol_db)
          return 1;
      if (strcmp(rectype, "princ") == 0)
          process_ov_principal(fname, kcontext, filep, verbose,
-                              linenop, pol_db);
+                              linenop);
      else if (strcmp(rectype, "policy") == 0)
          process_k5beta7_policy(fname, kcontext, filep, verbose,
-                                linenop, pol_db);
+                                linenop);
      else if (strcmp(rectype, "End") == 0)
          return -1;
      else {
@@ -2042,14 +2038,13 @@ process_ov_record(fname, kcontext, filep, verbose, linenop, pol_db)
  * restore_dump()      - Restore the database from any version dump file.
  */
 static int
-restore_dump(programname, kcontext, dumpfile, f, verbose, dump, pol_db)
+restore_dump(programname, kcontext, dumpfile, f, verbose, dump)
     char               *programname;
     krb5_context       kcontext;
     char               *dumpfile;
     FILE               *f;
     int                        verbose;
     dump_version       *dump;
-    osa_adb_policy_t   pol_db;
 {
     int                error;  
     int                lineno;
@@ -2064,8 +2059,7 @@ restore_dump(programname, kcontext, dumpfile, f, verbose, dump, pol_db)
                                          kcontext, 
                                          f,
                                          verbose,
-                                         &lineno,
-                                         pol_db)))
+                                         &lineno)))
         ;
     if (error != -1)
         fprintf(stderr, err_line_fmt, programname, lineno, dumpfile);
@@ -2085,7 +2079,6 @@ load_db(argc, argv)
     char       **argv;
 {
     kadm5_config_params newparams;
-    osa_adb_policy_t   tmppol_db;
     krb5_error_code    kret;
     krb5_context       kcontext;
     FILE               *f;
@@ -2115,7 +2108,6 @@ load_db(argc, argv)
     crflags = KRB5_KDB_CREATE_BTREE;
     exit_status = 0;
     dbname_tmp = (char *) NULL;
-    tmppol_db = NULL;
     for (aindex = 1; aindex < argc; aindex++) {
        if (!strcmp(argv[aindex], oldoption))
             load = &old_version;
@@ -2130,7 +2122,21 @@ load_db(argc, argv)
        else if (!strcmp(argv[aindex], updateoption))
            update = 1;
        else if (!strcmp(argv[aindex], hashoption))
-           crflags = KRB5_KDB_CREATE_HASH;
+       {
+           db5util_db_args_size++;
+           {
+               char **temp = realloc( db5util_db_args, sizeof(char*) * (db5util_db_args_size+1)); /* one for NULL */
+               if( temp == NULL )
+               {
+                   com_err(progname, ENOMEM, "while parsing command arguments\n");
+                   exit(1);
+               }
+
+               db5util_db_args = temp;
+           }
+           db5util_db_args[db5util_db_args_size-1] = "hash=true";
+           db5util_db_args[db5util_db_args_size]   = NULL;
+       }
        else
            break;
     }
@@ -2159,6 +2165,14 @@ load_db(argc, argv)
        return;
     }
 
+    if( (kret = krb5_set_default_realm(kcontext, util_context->default_realm)) )
+    {
+       fprintf(stderr, "%s: Unable to set the default realm\n", programname);
+       free(dbname_tmp);
+       exit_status++;
+       return;
+    }
+
     /*
      * Open the dumpfile
      */
@@ -2221,7 +2235,7 @@ load_db(argc, argv)
 
     /*
      * Cons up params for the new databases.  If we are not in update
-     * mode use a temp name that we'll rename later.
+     * mode, we dont create tmp file and then move it to final place. As it is dependent on DB type, this is not done
      */
     newparams = global_params;
     if (! update) {
@@ -2238,105 +2252,67 @@ load_db(argc, argv)
     }
     
     /*
-     * If not an update restoration, create the temp database.  Always
-     * create a temp policy db, even if we are not loading a dump file
-     * with policy info, because they may be loading an old dump
-     * intending to use it with the new kadm5 system.
+     * If not an update restoration, create the database. otherwise open
      */
-    if (!update && ((kret = krb5_db_create(kcontext, dbname_tmp, crflags)))) {
-        fprintf(stderr, dbcreaterr_fmt,
-                programname, dbname_tmp, error_message(kret));
-        exit_status++;
-        kadm5_free_config_params(kcontext, &newparams);
-        if (dumpfile) fclose(f);
-        return;
-    }
-    if (!update && (kret = osa_adb_create_policy_db(&newparams))) {
-        fprintf(stderr, "%s: %s while creating policy database\n",
-                programname, error_message(kret));
-        exit_status++;
-        kadm5_free_config_params(kcontext, &newparams);
-        if (dumpfile) fclose(f);
-        return;
+    if (!update) {
+       if((kret = krb5_db_create(kcontext, db5util_db_args))) {
+           fprintf(stderr, dbcreaterr_fmt,
+                   programname, dbname, error_message(kret));
+           exit_status++;
+           kadm5_free_config_params(kcontext, &newparams);
+           if (dumpfile) fclose(f);
+           return;
+       }
     }
-
+    else
     /*
-     * Point ourselves at the new databases.
+     * Initialize the database.
      */
-    if ((kret = krb5_db_set_name(kcontext,
-                               (update) ? dbname : dbname_tmp))) {
-        fprintf(stderr, dbname_err_fmt,
-                programname, 
-                (update) ? dbname : dbname_tmp, error_message(kret));
-        exit_status++;
-        goto error;
-    }
-    if ((kret = osa_adb_open_policy(&tmppol_db, &newparams))) {
-        fprintf(stderr, "%s: %s while opening policy database\n",
-                programname, error_message(kret));
-        exit_status++;
-        goto error;
+    if ((kret = krb5_db_open(kcontext, db5util_db_args, KRB5_KDB_OPEN_RW))) {
+       fprintf(stderr, dbinit_err_fmt,
+               programname, error_message(kret));
+       exit_status++;
+       goto error;
     }
+
+
     /*
      * If an update restoration, make sure the db is left unusable if
      * the update fails.
      */
-    if (update) {
-        if ((kret = osa_adb_get_lock(tmppol_db, OSA_ADB_PERMANENT))) {
-             fprintf(stderr, "%s: %s while permanently locking database\n",
-                     programname, error_message(kret));
-             exit_status++;
-             goto error;
-        }
-    }
-                     
-    /*
-     * Initialize the database.
-     */
-    if ((kret = krb5_db_init(kcontext))) {
-        fprintf(stderr, dbinit_err_fmt,
-                programname, error_message(kret));
-        exit_status++;
-        goto error;
-    }
-    /* 
-     * grab an extra lock, since there are no other users
-     */
-    if (!update) {
-        kret = krb5_db_lock(kcontext, KRB5_LOCKMODE_EXCLUSIVE);
-        if (kret) {
-                fprintf(stderr, dblock_err_fmt,
-                        programname, error_message(kret));
-                exit_status++;
-                goto error;
-        }
+    if ((kret = krb5_db_lock(kcontext, update?KRB5_DB_LOCKMODE_PERMANENT: KRB5_DB_LOCKMODE_EXCLUSIVE))) {
+       fprintf(stderr, "%s: %s while permanently locking database\n",
+               programname, error_message(kret));
+       exit_status++;
+       goto error;
     }
     
     if (restore_dump(programname, kcontext, (dumpfile) ? dumpfile : stdin_name,
-                    f, verbose, load, tmppol_db)) {
+                    f, verbose, load)) {
         fprintf(stderr, restfail_fmt,
                 programname, load->name);
         exit_status++;
     }
 
-    if (!update && (kret = krb5_db_unlock(kcontext))) {
+    if (!update && load->create_kadm5 &&
+       ((kret = kadm5_create_magic_princs(&newparams, kcontext)))) {
+        /* error message printed by create_magic_princs */
+        exit_status++;
+    }
+    
+    if ((kret = krb5_db_unlock(kcontext))) {
         /* change this error? */
         fprintf(stderr, dbunlockerr_fmt,
-                programname, dbname_tmp, error_message(kret));
+                programname, dbname, error_message(kret));
         exit_status++;
     }
+
     if ((kret = krb5_db_fini(kcontext))) {
         fprintf(stderr, close_err_fmt,
                 programname, error_message(kret));
         exit_status++;
     }
 
-    if (!update && load->create_kadm5 &&
-       ((kret = kadm5_create_magic_princs(&newparams, kcontext)))) {
-        /* error message printed by create_magic_princs */
-        exit_status++;
-    }
-    
     /* close policy db below */
 
 error:
@@ -2348,54 +2324,11 @@ error:
      */
     if (!update) {
         if (exit_status) {
-             if ((kret = krb5_db_destroy(kcontext, dbname_tmp))) {
+             if ((kret = krb5_db_destroy(kcontext, db5util_db_args))) {
                   fprintf(stderr, dbdelerr_fmt,
-                          programname, dbname_tmp, error_message(kret));
-                  exit_status++;
-             }
-             if ((kret = osa_adb_destroy_policy_db(&newparams))) {
-                  fprintf(stderr, "%s: %s while destroying policy database\n",
-                          programname, error_message(kret));
-                  exit_status++;
-             }
-        }
-        else {
-             if ((kret = krb5_db_rename(kcontext,
-                                        dbname_tmp,
-                                        dbname))) {
-                  fprintf(stderr, dbrenerr_fmt,
-                          programname, dbname_tmp, dbname,
-                          error_message(kret));
-                  exit_status++;
-             } 
-
-             if ((kret = osa_adb_close_policy(tmppol_db))) {
-                  fprintf(stderr, close_err_fmt,
-                          programname, error_message(kret));
+                          programname, dbname, error_message(kret));
                   exit_status++;
              }
-
-             if ((kret = osa_adb_rename_policy_db(&newparams,
-                                                  &global_params))) {
-                  fprintf(stderr,
-                          "%s: %s while renaming policy db %s to %s\n",
-                          programname, error_message(kret),
-                          newparams.admin_dbname,
-                          global_params.admin_dbname);
-                  exit_status++;
-             }
-        }
-    } else /* update */ {
-        if (! exit_status && ((kret = osa_adb_release_lock(tmppol_db)))) {
-             fprintf(stderr, "%s: %s while releasing permanent lock\n",
-                     programname, error_message(kret));
-             exit_status++;
-        }
-
-        if (tmppol_db && ((kret = osa_adb_close_policy(tmppol_db)))) {
-             fprintf(stderr, close_err_fmt,
-                     programname, error_message(kret));
-             exit_status++;
         }
     }
 
index 9ed6459e0413554725fbd03f5e56e59199e45d2a..a9a9df0cdb87bbdf3feb3b39cdb051813b376ef9 100644 (file)
@@ -35,7 +35,8 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
-#include <kadm5/adb.h>
+#include <k5-int.h>
+#include <krb5/kdb.h>
 #include <kadm5/admin.h>
 #include <krb5/adm_proto.h>
 
@@ -85,11 +86,6 @@ int kadm5_create(kadm5_config_params *params)
          return 1;
      }
 
-     if ((retval = osa_adb_create_policy_db(&lparams))) {
-         com_err(progname, retval, str_CREATING_POLICY_DB);
-         return 1;
-     }
-
      retval = kadm5_create_magic_princs(&lparams, context);
 
      kadm5_free_config_params(context, &lparams);
@@ -110,6 +106,7 @@ int kadm5_create_magic_princs(kadm5_config_params *params,
      if ((retval = kadm5_init(progname, NULL, NULL, params,
                              KADM5_STRUCT_VERSION,
                              KADM5_API_VERSION_2,
+                             db5util_db_args,
                              &handle))) {
          com_err(progname, retval, "while initializing the Kerberos admin interface");
          return retval;
index 2c05c2744e65366e076f36789fc59f245d41998b..5bd337e47e415178f35f7104f272af77d3c2ebb6 100644 (file)
@@ -55,8 +55,9 @@
 
 #include <stdio.h>
 #include <k5-int.h>
+#include <krb5/kdb.h>
+#include <kadm5/server_internal.h>
 #include <kadm5/admin.h>
-#include <kadm5/adb.h>
 #include <krb5/adm_proto.h>
 #include "kdb5_util.h"
 
@@ -145,7 +146,6 @@ extern char *mkey_password;
 
 extern char *progname;
 extern int exit_status;
-extern osa_adb_policy_t policy_db;
 extern kadm5_config_params global_params;
 extern krb5_context util_context;
 
@@ -160,7 +160,6 @@ void kdb5_create(argc, argv)
     char *pw_str = 0;
     unsigned int pw_size = 0;
     int do_stash = 0;
-    krb5_int32 crflags = KRB5_KDB_CREATE_BTREE;
     krb5_data pwd, seed;
           
     if (strrchr(argv[0], '/'))
@@ -172,7 +171,19 @@ void kdb5_create(argc, argv)
            do_stash++;
            break;
        case 'h':
-           crflags = KRB5_KDB_CREATE_HASH;
+           db5util_db_args_size++;
+           {
+               char **temp = realloc( db5util_db_args, sizeof(char*) * (db5util_db_args_size+1)); /* one for NULL */
+               if( temp == NULL )
+               {
+                   com_err(progname, ENOMEM, "while parsing command arguments\n");
+                   exit(1);
+               }
+
+               db5util_db_args = temp;
+           }
+           db5util_db_args[db5util_db_args_size-1] = "hash=true";
+           db5util_db_args[db5util_db_args_size]   = NULL;
        case '?':
        default:
            usage();
@@ -187,16 +198,6 @@ void kdb5_create(argc, argv)
     rblock.nkslist = global_params.num_keysalts;
     rblock.kslist = global_params.keysalts;
 
-    retval = krb5_db_set_name(util_context, global_params.dbname);
-    if (!retval) retval = EEXIST;
-
-    if (retval == EEXIST || retval == EACCES || retval == EPERM) {
-       /* it exists ! */
-       com_err(argv[0], 0, "The database '%s' appears to already exist",
-               global_params.dbname);
-       exit_status++; return;
-    }
-
     printf ("Loading random data\n");
     retval = krb5_c_random_os_entropy (util_context, 1, NULL);
     if (retval) {
@@ -267,26 +268,20 @@ master key name '%s'\n",
        exit_status++; return;
     }
     if ((retval = krb5_db_create(util_context,
-                                global_params.dbname, crflags))) {
+                                db5util_db_args))) {
        com_err(argv[0], retval, "while creating database '%s'",
                global_params.dbname);
        exit_status++; return;
     }
-    if ((retval = krb5_db_fini(util_context))) {
-        com_err(argv[0], retval, "while closing current database");
-        exit_status++; return;
-    }
-    if ((retval = krb5_db_set_name(util_context, global_params.dbname))) {
-        com_err(argv[0], retval, "while setting active database to '%s'",
-                global_params.dbname);
-        exit_status++; return;
-    }
-    if ((retval = krb5_db_init(util_context))) {
-       com_err(argv[0], retval, "while initializing the database '%s'",
-               global_params.dbname);
-       exit_status++; return;
-    }
-
+/*     if ((retval = krb5_db_fini(util_context))) { */
+/*         com_err(argv[0], retval, "while closing current database"); */
+/*         exit_status++; return; */
+/*     } */
+/*     if ((retval = krb5_db_open(util_context, db5util_db_args, KRB5_KDB_OPEN_RW))) { */
+/*     com_err(argv[0], retval, "while initializing the database '%s'", */
+/*             global_params.dbname); */
+/*     exit_status++; return; */
+/*     } */
     if ((retval = add_principal(util_context, master_princ, MASTER_KEY, &rblock)) ||
        (retval = add_principal(util_context, &tgt_princ, TGT_KEY, &rblock))) {
        (void) krb5_db_fini(util_context);
@@ -298,10 +293,11 @@ master key name '%s'\n",
      * it; delete the file below if it was not requested.  DO NOT EXIT
      * BEFORE DELETING THE KEYFILE if do_stash is not set.
      */
-    retval = krb5_db_store_mkey(util_context,
-                           global_params.stash_file,
-                           master_princ,
-                           &master_keyblock);
+    retval = krb5_db_store_master_key(util_context,
+                                     global_params.stash_file,
+                                     master_princ,
+                                     &master_keyblock,
+                                     mkey_password);
     if (retval) {
        com_err(argv[0], errno, "while storing key");
        printf("Warning: couldn't stash master key.\n");
@@ -440,6 +436,6 @@ add_principal(context, princ, op, pblock)
     retval = krb5_db_put_principal(context, &entry, &nentries);
 
 error_out:;
-    krb5_dbe_free_contents(context, &entry);
+    krb5_db_free_principal(context, &entry, 1);
     return retval;
 }
index 2545bdb5d1dfa0f89baa62bb2f5c19bf82c86b51..ea1011b407bebd6644f2f00b620c983ade540783 100644 (file)
@@ -33,7 +33,7 @@
 #include <stdio.h>
 #include "com_err.h"
 #include <kadm5/admin.h>
-#include <kadm5/adb.h>
+#include <krb5/kdb.h>
 #include "kdb5_util.h"
 
 extern int exit_status;
@@ -53,12 +53,23 @@ kdb5_destroy(argc, argv)
     int optchar;
     char *dbname;
     char buf[5];
-    krb5_error_code retval, retval1, retval2;
+    krb5_error_code retval1;
     krb5_context context;
     int force = 0;
 
-    krb5_init_context(&context);
+    retval1 = krb5_init_context(&context);
+    if( retval1 )
+    {
+       com_err(argv[0], retval1, "while initializing krb5_context");
+       exit(1);
+    }
 
+    if ((retval1 = krb5_set_default_realm(context,
+                                         util_context->default_realm))) {
+       com_err(argv[0], retval1, "while setting default realm name");
+       exit(1);
+    }
+    
     if (strrchr(argv[0], '/'))
        argv[0] = strrchr(argv[0], '/')+1;
 
@@ -89,21 +100,11 @@ kdb5_destroy(argc, argv)
        printf("OK, deleting database '%s'...\n", dbname);
     }
 
-    retval = krb5_db_set_name(context, dbname);
-    if (retval) {
-       com_err(argv[0], retval, "'%s'",dbname);
-       exit_status++; return;
-    }
-    retval1 = krb5_db_destroy(context, dbname);
-    retval2 = osa_adb_destroy_policy_db(&global_params);
+    retval1 = krb5_db_destroy(context, db5util_db_args);
     if (retval1) {
        com_err(argv[0], retval1, "deleting database '%s'",dbname);
        exit_status++; return;
     }
-    if (retval2) {
-        com_err(argv[0], retval2, "destroying policy database");
-        exit_status++; return;
-    }
 
     dbactive = FALSE;
     printf("** Database '%s' destroyed.\n", dbname);
index 6d7251541bdcff53e6eb770f1cd1dd2d24710f07..09bea215181ee0ea28569b6476e2021e7479fefd 100644 (file)
@@ -85,10 +85,18 @@ kdb5_stash(argc, argv)
     if (strrchr(argv[0], '/'))
        argv[0] = strrchr(argv[0], '/')+1;
 
-    /* Tell upwards to close the policy db cause we don't */
-    close_policy_db = 1; 
+    retval = krb5_init_context(&context);
+    if( retval )
+    {
+       com_err(argv[0], retval, "while initializing krb5_context");
+       exit(1);
+    }
 
-    krb5_init_context(&context);
+    if ((retval = krb5_set_default_realm(context,
+                                         util_context->default_realm))) {
+       com_err(argv[0], retval, "while setting default realm name");
+       exit(1);
+    }
 
     dbname = global_params.dbname;
     realm = global_params.realm;
@@ -118,13 +126,6 @@ kdb5_stash(argc, argv)
        exit_status++; return; 
     }
 
-    retval = krb5_db_set_name(context, dbname);
-    if (retval) {
-       com_err(argv[0], retval, "while setting active database to '%s'",
-               dbname);
-       exit_status++; return; 
-    }
-
     /* assemble & parse the master key name */
     retval = krb5_db_setup_mkey_name(context, mkey_name, realm, 
                                     &mkey_fullname, &master_princ);
@@ -133,7 +134,7 @@ kdb5_stash(argc, argv)
        exit_status++; return; 
     }
 
-    retval = krb5_db_init(context);
+    retval = krb5_db_open(context, db5util_db_args, KRB5_KDB_OPEN_RW);
     if (retval) {
        com_err(argv[0], retval, "while initializing the database '%s'",
                dbname);
@@ -159,8 +160,8 @@ kdb5_stash(argc, argv)
        exit_status++; return; 
     }  
 
-    retval = krb5_db_store_mkey(context, keyfile, master_princ, 
-                               &master_keyblock);
+    retval = krb5_db_store_master_key(context, keyfile, master_princ, 
+                                     &master_keyblock, NULL);
     if (retval) {
        com_err(argv[0], errno, "while storing key");
        memset((char *)master_keyblock.contents, 0, master_keyblock.length);
index 52497686756e03fb28ee1363479e5e74ea941e47..a95dff702d5aaafb8eeb124a7fd814398ef8ed24 100644 (file)
@@ -57,7 +57,6 @@
 #include <k5-int.h>
 #include <kadm5/admin.h>
 #include <krb5/adm_proto.h>
-#include <kadm5/adb.h>
 #include <time.h>
 #include "kdb5_util.h"
 
@@ -76,13 +75,12 @@ char *mkey_password = 0;
 
 int exit_status = 0;
 krb5_context util_context;
-osa_adb_policy_t policy_db;
 kadm5_config_params global_params;
 
 void usage()
 {
      fprintf(stderr, "Usage: "
-          "kdb5_util [-r realm] [-d dbname] [-k mkeytype] [-M mkeyname]\n"
+          "kdb5_util [-x db_args]* [-r realm] [-d dbname] [-k mkeytype] [-M mkeyname]\n"
             "\t        [-sf stashfilename] [-m] cmd [cmd_options]\n"
             "\tcreate  [-s]\n"
             "\tdestroy [-f]\n"
@@ -91,9 +89,9 @@ void usage()
             "\t        [-mkey_convert] [-new_mkey_file mkey_file]\n"
             "\t        [-rev] [-recurse] [filename [princs...]]\n"
             "\tload    [-old] [-ov] [-b6] [-verbose] [-update] filename\n"
-            "\tdump_v4 [-S] [filename]\n"
-            "\tload_v4 [-S] [-t] [-n] [-v] [-K] [-s stashfile] inputfile\n"
-            "\tark     [-e etype_list] principal\n");
+            "\tark     [-e etype_list] principal\n"
+            "\nwhere,\n\t[-x db_args]* - any number of database specific arguments.\n"
+            "\t\t\tLook at each database documentation for supported arguments\n");
      exit(1);
 }
 
@@ -101,7 +99,6 @@ extern krb5_keyblock master_keyblock;
 extern krb5_principal master_princ;
 krb5_db_entry master_entry;
 int    valid_master_key = 0;
-int     close_policy_db = 0;
 
 char *progname;
 krb5_boolean manual_mkey = FALSE;
@@ -123,8 +120,8 @@ struct _cmd_table {
      {"stash", kdb5_stash, 1},
      {"dump", dump_db, 1},
      {"load", load_db, 0},
-     {"dump_v4", dump_v4db, 1},
-     {"load_v4", load_v4db, 0},
+/*      {"dump_v4", dump_v4db, 1}, */
+/*      {"load_v4", load_v4db, 0}, */
      {"ark", add_random_key, 1},
      {NULL, NULL, 0},
 };
@@ -144,6 +141,9 @@ static struct _cmd_table *cmd_lookup(name)
 }
 
 #define ARG_VAL (--argc > 0 ? (koptarg = *(++argv)) : (char *)(usage(), NULL))
+
+char **db5util_db_args = NULL;
+int    db5util_db_args_size = 0;
      
 int main(argc, argv)
     int argc;
@@ -151,6 +151,7 @@ int main(argc, argv)
 {
     struct _cmd_table *cmd = NULL;
     char *koptarg, **cmd_argv; 
+    char *db_name_tmp = NULL;
     int cmd_argc;
     krb5_error_code retval;
 
@@ -159,7 +160,8 @@ int main(argc, argv)
            com_err (progname, retval, "while initializing Kerberos code");
            exit(1);
     }
-    initialize_adb_error_table();
+
+/*     initialize_adb_error_table(); */
 
     progname = (strrchr(argv[0], '/') ? strrchr(argv[0], '/')+1 : argv[0]);
 
@@ -179,6 +181,47 @@ int main(argc, argv)
        } else if (strcmp(*argv, "-d") == 0 && ARG_VAL) {
            global_params.dbname = koptarg;
            global_params.mask |= KADM5_CONFIG_DBNAME;
+
+           db_name_tmp = malloc( strlen(global_params.dbname) + sizeof("dbname="));
+           if( db_name_tmp == NULL )
+           {
+               com_err(progname, ENOMEM, "while parsing command arguments");
+               exit(1);
+           }
+
+           strcpy( db_name_tmp, "dbname=");
+           strcat( db_name_tmp, global_params.dbname );
+
+           db5util_db_args_size++;
+           {
+               char **temp = realloc( db5util_db_args, sizeof(char*) * (db5util_db_args_size+1)); /* one for NULL */
+               if( temp == NULL )
+               {
+                   com_err(progname, ENOMEM, "while parsing command arguments\n");
+                   exit(1);
+               }
+
+               db5util_db_args = temp;
+           }
+           db5util_db_args[db5util_db_args_size-1] = db_name_tmp;
+           db5util_db_args[db5util_db_args_size]   = NULL;
+
+       } else if (strcmp(*argv, "-x") == 0 && ARG_VAL) {
+          db5util_db_args_size++;
+          {
+              char **temp = realloc( db5util_db_args, sizeof(char*) * (db5util_db_args_size+1)); /* one for NULL */
+              if( temp == NULL )
+              {
+                  fprintf(stderr,"%s: Cannot initialize. Not enough memory\n",
+                          argv[0]);
+                  exit(1);
+              }
+
+              db5util_db_args = temp;
+          }
+          db5util_db_args[db5util_db_args_size-1] = koptarg;
+          db5util_db_args[db5util_db_args_size]   = NULL;
+
        } else if (strcmp(*argv, "-r") == 0 && ARG_VAL) {
            global_params.realm = koptarg;
            global_params.mask |= KADM5_CONFIG_REALM;
@@ -217,6 +260,18 @@ int main(argc, argv)
     if (cmd_argv[0] == NULL)
         usage();
     
+    if( !util_context->default_realm )
+    {
+       char *temp = NULL;
+       retval = krb5_get_default_realm(util_context, &temp);
+       if( retval )
+       {
+           com_err (progname, retval, "while getting default realm");
+           exit(1);
+       }
+       util_context->default_realm = temp;
+    }
+
     retval = kadm5_get_config_params(util_context, NULL, NULL,
                                     &global_params, &global_params);
     if (retval) {
@@ -243,9 +298,12 @@ int main(argc, argv)
 
     (*cmd->func)(cmd_argc, cmd_argv);
 
-    if(close_policy_db) {
-         (void) osa_adb_close_policy(policy_db);
-    }      
+    if( db_name_tmp )
+       free( db_name_tmp );
+
+    if( db5util_db_args )
+       free(db5util_db_args);
+
     kadm5_free_config_params(util_context, &global_params);
     krb5_free_context(util_context);
     return exit_status;
@@ -307,22 +365,11 @@ static int open_db_and_mkey()
     dbactive = FALSE;
     valid_master_key = 0;
 
-    if ((retval = krb5_db_set_name(util_context, global_params.dbname))) {
-       com_err(progname, retval, "while setting active database to '%s'",
-               global_params.dbname);
-       exit_status++;
-       return(1);
-    } 
-    if ((retval = krb5_db_init(util_context))) {
+    if ((retval = krb5_db_open(util_context, db5util_db_args, KRB5_KDB_OPEN_RW))) {
        com_err(progname, retval, "while initializing database");
        exit_status++;
        return(1);
     }
-    if ((retval = osa_adb_open_policy(&policy_db, &global_params))) {
-       com_err(progname, retval, "opening policy database");
-       exit_status++;
-       return (1);
-    }
 
    /* assemble & parse the master key name */
 
@@ -497,7 +544,7 @@ add_random_key(argc, argv)
     }
     if (more) {
        fprintf(stderr, "principal %s not unique\n", pr_str);
-       krb5_dbe_free_contents(util_context, &dbent);
+       krb5_db_free_principal(util_context, &dbent, 1);
        exit_status++;
        return;
     }
@@ -523,7 +570,7 @@ add_random_key(argc, argv)
        free(keysalts);
     if (ret) {
        com_err(me, ret, "while randomizing principal %s", pr_str);
-       krb5_dbe_free_contents(util_context, &dbent);
+       krb5_db_free_principal(util_context, &dbent, 1);
        exit_status++;
        return;
     }
@@ -531,19 +578,19 @@ add_random_key(argc, argv)
     ret = krb5_timeofday(util_context, &now);
     if (ret) {
        com_err(me, ret, "while getting time");
-       krb5_dbe_free_contents(util_context, &dbent);
+       krb5_db_free_principal(util_context, &dbent, 1);
        exit_status++;
        return;
     }
     ret = krb5_dbe_update_last_pwd_change(util_context, &dbent, now);
     if (ret) {
        com_err(me, ret, "while setting changetime");
-       krb5_dbe_free_contents(util_context, &dbent);
+       krb5_db_free_principal(util_context, &dbent, 1);
        exit_status++;
        return;
     }
     ret = krb5_db_put_principal(util_context, &dbent, &n);
-    krb5_dbe_free_contents(util_context, &dbent);
+    krb5_db_free_principal(util_context, &dbent, 1);
     if (ret) {
        com_err(me, ret, "while saving principal %s", pr_str);
        exit_status++;
index c63ca0371f921c023a017bdce35816e6f14db4c5..bb6b0ac64ae9ef97720b3be90be58d4a336615c6 100644 (file)
@@ -40,6 +40,8 @@ extern krb5_context util_context;
 extern kadm5_config_params global_params;
 extern int valid_master_key;
 extern krb5_db_entry master_db;
+extern char **db5util_db_args;
+extern int    db5util_db_args_size;
 
 extern void usage(void);
 
@@ -67,8 +69,7 @@ extern int kadm5_create_magic_princs (kadm5_config_params *params,
 
 extern int process_ov_principal (char *fname, krb5_context kcontext, 
                                           FILE *filep, int verbose, 
-                                          int *linenop,
-                                          void *pol_db);
+                                          int *linenop);
 
 extern void load_db (int argc, char **argv);
 extern void dump_db (int argc, char **argv);
index 15978f8a37fead1e994fc8ba11b077bc0933bc94..f4338bc906287eaa1d16aff5df3c7b84dd1feb69 100644 (file)
@@ -5,7 +5,10 @@
 #include    <memory.h>
 #endif
 
-#include    <kadm5/adb.h>
+#include    <k5-int.h>
+#include <kadm5/admin.h>
+#include <kadm5/server_internal.h>
+#include    <krb5/kdb.h>
 #include    "import_err.h"
 #include    "kdb5_util.h"
 #include    "nstrtok.h"
@@ -92,17 +95,16 @@ done:
  *     [modifies]
  * 
  */
-int process_ov_principal(fname, kcontext, filep, verbose, linenop, pol_db)
+int process_ov_principal(fname, kcontext, filep, verbose, linenop)
     char               *fname;
     krb5_context       kcontext;
     FILE               *filep;
     int                        verbose;
     int                        *linenop;
-    void *pol_db;
 {
     XDR                            xdrs;
     osa_princ_ent_t        rec;
-    osa_adb_ret_t          ret;
+    krb5_error_code        ret;
     krb5_tl_data           tl_data;
     krb5_principal         princ;
     krb5_db_entry          kdb;
@@ -177,7 +179,7 @@ int process_ov_principal(fname, kcontext, filep, verbose, linenop, pol_db)
     xdralloc_create(&xdrs, XDR_ENCODE);
     if (! xdr_osa_princ_ent_rec(&xdrs, rec)) {
         xdr_destroy(&xdrs);
-        ret = OSA_ADB_XDR_FAILURE;
+        ret = KADM5_XDR_FAILURE;
         goto done;
     }
 
index 2d64279945aa52ef012bc458a1cb75cf0e83afe1..dec816422e9ab0e8ed7d25c61d1520bd5dfc7dd4 100644 (file)
@@ -1,3 +1,8 @@
+2005-06-20  Ken Raeburn  <raeburn@mit.edu>
+
+       Novell merge.
+       * kpasswd.c:
+
 2003-01-07  Ken Raeburn  <raeburn@mit.edu>
 
        * Makefile.ov: Deleted.
index 912990d2db888bd102acbc2b2133a0c6c03b904e..ca47fca5b6f9c67ecfff55be881ee73fb22f329b 100644 (file)
@@ -183,6 +183,7 @@ kpasswd(context, argc, argv)
                                     /* someday */,
                         OVSEC_KADM_STRUCT_VERSION,
                         OVSEC_KADM_API_VERSION_1,
+                        NULL,
                         &server_handle);
   if (code != 0) {
     if (code == OVSEC_KADM_BAD_PASSWORD)
index 24694c31c1db5f4a975cc2b346d2aeb52725f46b..12c9bce4ce3e53e4cb6772f8d46bad3e26d491c6 100644 (file)
@@ -1,3 +1,11 @@
+2005-06-20  Ken Raeburn  <raeburn@mit.edu>
+
+       Novell merge.
+       * Makefile.in:
+       * misc.c:
+       * ovsec_kadmd.c:
+       * server_stubs.c:
+
 2005-04-13  Ken Raeburn  <raeburn@mit.edu>
 
        * schpw.c (NEED_SOCKETS): Don't define.
index 17406e77a2fe6663362786352df3f39ed080be60..74a8e1bb38fc4645036324ce21d30d04606ae317 100644 (file)
@@ -2,6 +2,7 @@ thisconfigdir=./..
 myfulldir=kadmin/server
 mydir=server
 BUILDTOP=$(REL)..$(S)..
+KDB_DEP_LIB=-ldl -lpthread
 
 LOCALINCLUDES = -I$(SRCTOP)/lib/gssapi/generic -I$(SRCTOP)/lib/gssapi/krb5 \
        -I$(BUILDTOP)/lib/gssapi/generic -I$(BUILDTOP)/lib/gssapi/krb5
@@ -15,7 +16,7 @@ OBJS = kadm_rpc_svc.o server_stubs.o ovsec_kadmd.o schpw.o misc.o server_glue_v1
 all:: $(PROG)
 
 $(PROG): $(OBJS) $(KADMSRV_DEPLIBS) $(KRB5_BASE_DEPLIBS) $(APPUTILS_DEPLIB)
-       $(CC_LINK) -o $(PROG) $(OBJS) $(KADMSRV_LIBS) $(KRB5_BASE_LIBS) $(APPUTILS_LIB)
+       $(CC_LINK) -o $(PROG) $(OBJS) $(KADMSRV_LIBS) $(KDB_DEP_LIB) $(KRB5_BASE_LIBS) $(APPUTILS_LIB)
 
 install::
        $(INSTALL_PROGRAM) $(PROG) ${DESTDIR}$(SERVER_BINDIR)/$(PROG)
index f2afd23af44d01440f0b1a03d9d68b3248a75846..fb9c3a54183baee2ed274fa6e99dd50c484da29f 100644 (file)
@@ -3,9 +3,9 @@
  *
  */
 
-#include    <kadm5/adb.h>
-#include    <kadm5/server_internal.h>
+#include    <k5-int.h>
 #include    <krb5/kdb.h>
+#include    <kadm5/server_internal.h>
 #include    "misc.h"
 
 /*
@@ -125,7 +125,7 @@ check_min_life(void *server_handle, krb5_principal principal)
 
     ret = kadm5_get_principal(handle->lhandle, principal, 
                              &princ, KADM5_PRINCIPAL_NORMAL_MASK);
-    if(ret != OSA_ADB_OK
+    if(ret) 
         return ret;
     if(princ.aux_attributes & KADM5_POLICY) {
        if((ret=kadm5_get_policy(handle->lhandle,
index 8709198d62120e7b967e6b3c7546e1d056ea297d..31cc252231f3393c9ed2ee6ee7d5e23ab2b1f761 100644 (file)
@@ -41,6 +41,7 @@
 #include    <unistd.h>
 #include    <netinet/in.h>
 #include    <arpa/inet.h>  /* inet_ntoa */
+#include    <netdb.h>
 #include    <gssrpc/rpc.h>
 #include    <gssapi/gssapi.h>
 #include    "gssapiP_krb5.h" /* for kg_get_context */
@@ -130,11 +131,14 @@ void kadm5_set_use_password_server (void);
 
 static void usage()
 {
-     fprintf(stderr, "Usage: kadmind [-r realm] [-m] [-nofork] "
+     fprintf(stderr, "Usage: kadmind [-x db_args]* [-r realm] [-m] [-nofork] "
 #ifdef USE_PASSWORD_SERVER
              "[-passwordserver] "
 #endif
-            "[-port port-number]\n");
+            "[-port port-number]\n"
+            "\nwhere,\n\t[-x db_args]* - any number of database specific arguments.\n"
+            "\t\t\tLook at each database documentation for supported arguments\n"
+            );
      exit(1);
 }
 
@@ -210,6 +214,8 @@ int main(int argc, char *argv[])
      gss_buffer_desc gssbuf;
      gss_OID nt_krb5_name_oid;
      kadm5_config_params params;
+     char **db_args      = NULL;
+     int    db_args_size = 0;
 
      setvbuf(stderr, NULL, _IONBF, 0);
 
@@ -238,7 +244,24 @@ int main(int argc, char *argv[])
      
      argc--; argv++;
      while (argc) {
-         if (strcmp(*argv, "-r") == 0) {
+          if (strcmp(*argv, "-x") == 0) {
+              argc--; argv++;
+              if (!argc)
+                   usage();
+              db_args_size++;
+              {
+                  char **temp = realloc( db_args, sizeof(char*) * (db_args_size+1)); /* one for NULL */
+                  if( temp == NULL )
+                  {
+                      fprintf(stderr,"%s: cannot initialize. Not enough memory\n",
+                              whoami);
+                      exit(1);
+                  }
+                  db_args = temp;
+              }
+              db_args[db_args_size-1] = *argv;
+              db_args[db_args_size]   = NULL;
+         }else if (strcmp(*argv, "-r") == 0) {
               argc--; argv++;
               if (!argc)
                    usage();
@@ -290,22 +313,30 @@ int main(int argc, char *argv[])
                          NULL, &params,
                          KADM5_STRUCT_VERSION,
                          KADM5_API_VERSION_2,
+                         db_args,
                          &global_server_handle)) != 
        KADM5_OK) {
+        const char *e_txt = error_message(ret);
          krb5_klog_syslog(LOG_ERR, "%s while initializing, aborting",
-                error_message(ret));
+                e_txt);
          fprintf(stderr, "%s: %s while initializing, aborting\n",
-                 whoami, error_message(ret));
+                 whoami, e_txt);
          krb5_klog_close(context);
          exit(1);
      }
+
+     if( db_args )
+     {
+        free(db_args), db_args=NULL;
+     }
      
      if ((ret = kadm5_get_config_params(context, NULL, NULL, &params,
                                        &params))) {
+        const char *e_txt = error_message(ret);
          krb5_klog_syslog(LOG_ERR, "%s: %s while initializing, aborting",
-                          whoami, error_message(ret));
+                          whoami, e_txt);
          fprintf(stderr, "%s: %s while initializing, aborting\n",
-                 whoami, error_message(ret));
+                 whoami, e_txt);
          kadm5_destroy(global_server_handle);
          krb5_klog_close(context);
          exit(1);
@@ -331,21 +362,23 @@ int main(int argc, char *argv[])
      addr.sin_port = htons(params.kadmind_port);
 
      if ((s = socket(AF_INET, SOCK_STREAM, 0)) < 0) {
+        const char *e_txt = error_message(errno);
          krb5_klog_syslog(LOG_ERR, "Cannot create TCP socket: %s",
-                          error_message(errno));
+                          e_txt);
          fprintf(stderr, "Cannot create TCP socket: %s",
-                 error_message(errno));
+                 e_txt);
          kadm5_destroy(global_server_handle);
          krb5_klog_close(context);       
          exit(1);
      }
 
      if ((schpw = socket(AF_INET, SOCK_DGRAM, 0)) < 0) {
+        const char *e_txt = error_message(errno);
         krb5_klog_syslog(LOG_ERR,
                           "cannot create simple chpw socket: %s",
-                          error_message(errno));
+                          e_txt);
         fprintf(stderr, "Cannot create simple chpw socket: %s",
-                error_message(errno));
+                e_txt);
         kadm5_destroy(global_server_handle);
         krb5_klog_close(context);
         exit(1);
@@ -369,22 +402,24 @@ int main(int argc, char *argv[])
                        SO_REUSEADDR,
                        (char *) &allowed,
                        sizeof(allowed)) < 0) {
+            const char *e_txt = error_message(errno);
             krb5_klog_syslog(LOG_ERR, "Cannot set SO_REUSEADDR: %s",
-                             error_message(errno));
+                             e_txt);
             fprintf(stderr, "Cannot set SO_REUSEADDR: %s",
-                    error_message(errno));
+                    e_txt);
             kadm5_destroy(global_server_handle);
             krb5_klog_close(context);    
             exit(1);
         }
         if (setsockopt(schpw, SOL_SOCKET, SO_REUSEADDR,
                        (char *) &allowed, sizeof(allowed)) < 0) {
+            const char *e_txt = error_message(errno);
             krb5_klog_syslog(LOG_ERR, "main",
                              "cannot set SO_REUSEADDR on simple chpw socket: %s", 
-                             error_message(errno));
+                             e_txt);
             fprintf(stderr,
                     "Cannot set SO_REUSEADDR on simple chpw socket: %s",
-                    error_message(errno));
+                    e_txt);
             kadm5_destroy(global_server_handle);
             krb5_klog_close(context);
         }
@@ -398,11 +433,12 @@ int main(int argc, char *argv[])
 
      if (bind(s, (struct sockaddr *)&addr, sizeof(addr)) < 0) {
          int oerrno = errno;
+         const char *e_txt = error_message(errno);
          fprintf(stderr, "%s: Cannot bind socket.\n", whoami);
-         fprintf(stderr, "bind: %s\n", error_message(oerrno));
+         fprintf(stderr, "bind: %s\n", e_txt);
          errno = oerrno;
          krb5_klog_syslog(LOG_ERR, "Cannot bind socket: %s",
-                          error_message(errno));
+                          e_txt);
          if(oerrno == EADDRINUSE) {
               char *w = strrchr(whoami, '/');
               if (w) {
@@ -438,12 +474,13 @@ int main(int argc, char *argv[])
      if (bind(schpw, (struct sockaddr *)&addr, sizeof(addr)) < 0) {
          char portbuf[32];
          int oerrno = errno;
+         const char *e_txt = error_message(errno);
          fprintf(stderr, "%s: Cannot bind socket.\n", whoami);
-         fprintf(stderr, "bind: %s\n", error_message(oerrno));
+         fprintf(stderr, "bind: %s\n", e_txt);
          errno = oerrno;
          sprintf(portbuf, "%d", ntohs(addr.sin_port));
          krb5_klog_syslog(LOG_ERR, "cannot bind simple chpw socket: %s",
-                          error_message(oerrno));
+                          e_txt);
          if(oerrno == EADDRINUSE) {
               char *w = strrchr(whoami, '/');
               if (w) {
index 579498fc179df40feecfae7d79c429c4ae70e887..0162887735ce11ded924cfccd2866bb7a59c2118 100644 (file)
@@ -250,22 +250,22 @@ create_principal_1_svc(cprinc_arg *arg, struct svc_req *rqstp)
     xdr_free(xdr_generic_ret, &ret);
 
     if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle)))
-        return &ret;
+       goto exit_func;
 
     if ((ret.code = check_handle((void *)handle))) {
         free_server_handle(handle);
-        return &ret;
+        goto exit_func;
     }
 
     ret.api_version = handle->api_version;
 
     if (setup_gss_names(rqstp, &client_name, &service_name) < 0) {
         ret.code = KADM5_FAILURE;
-        return &ret;
+        goto exit_func;
     }
     if (krb5_unparse_name(handle->context, arg->rec.principal, &prime_arg)) {
         ret.code = KADM5_BAD_PRINCIPAL;
-        return &ret;
+        goto exit_func;
     }
 
     if (CHANGEPW_SERVICE(rqstp)
@@ -281,16 +281,37 @@ create_principal_1_svc(cprinc_arg *arg, struct svc_req *rqstp)
         ret.code = kadm5_create_principal((void *)handle,
                                                &arg->rec, arg->mask,
                                                arg->passwd);
+        if( ret.code == 0 )
+            ret.err_str = "success";
+        else
+            ret.err_str = error_message(ret.code);
+
         krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_create_principal",
-               prime_arg,((ret.code == 0) ? "success" :
-                          error_message(ret.code)), 
+               prime_arg, ret.err_str,
                client_name.value, service_name.value,
                inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
+
+        /* xdr free frees this string. so make a copy */
+        ret.err_str = strdup( ret.err_str ); 
+        /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */
     }
     free_server_handle(handle);
     free(prime_arg);
     gss_release_buffer(&minor_stat, &client_name);
     gss_release_buffer(&minor_stat, &service_name);
+
+ exit_func:
+    if( ret.err_str == NULL )
+    {
+        if( ret.code == 0 )
+            ret.err_str = "success";
+        else
+            ret.err_str = error_message(ret.code);
+
+        /* xdr free frees this string. so make a copy */
+        ret.err_str = strdup( ret.err_str ); 
+        /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */
+    }
     return &ret;
 }
 
@@ -307,22 +328,22 @@ create_principal3_1_svc(cprinc3_arg *arg, struct svc_req *rqstp)
     xdr_free(xdr_generic_ret, &ret);
 
     if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle)))
-        return &ret;
+        goto exit_func;
 
     if ((ret.code = check_handle((void *)handle))) {
         free_server_handle(handle);
-        return &ret;
+        goto exit_func;
     }
 
     ret.api_version = handle->api_version;
 
     if (setup_gss_names(rqstp, &client_name, &service_name) < 0) {
         ret.code = KADM5_FAILURE;
-        return &ret;
+        goto exit_func;
     }
     if (krb5_unparse_name(handle->context, arg->rec.principal, &prime_arg)) {
         ret.code = KADM5_BAD_PRINCIPAL;
-        return &ret;
+        goto exit_func;
     }
 
     if (CHANGEPW_SERVICE(rqstp)
@@ -340,16 +361,36 @@ create_principal3_1_svc(cprinc3_arg *arg, struct svc_req *rqstp)
                                             arg->n_ks_tuple,
                                             arg->ks_tuple,
                                             arg->passwd);
+        if( ret.code == 0 )
+            ret.err_str = "success";
+        else
+            ret.err_str = error_message(ret.code);
+
         krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_create_principal",
-               prime_arg,((ret.code == 0) ? "success" :
-                          error_message(ret.code)), 
+               prime_arg, ret.err_str, 
                client_name.value, service_name.value,
                inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
+
+        /* xdr free frees this string. so make a copy */
+        ret.err_str = strdup( ret.err_str ); 
+        /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */
     }
     free_server_handle(handle);
     free(prime_arg);
     gss_release_buffer(&minor_stat, &client_name);
     gss_release_buffer(&minor_stat, &service_name);
+exit_func:
+    if( ret.err_str == NULL )
+    {
+        if( ret.code == 0 )
+            ret.err_str = "success";
+        else
+            ret.err_str = error_message(ret.code);
+
+        /* xdr free frees this string. so make a copy */
+        ret.err_str = strdup( ret.err_str ); 
+        /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */
+    }
     return &ret;
 }
 
@@ -366,22 +407,22 @@ delete_principal_1_svc(dprinc_arg *arg, struct svc_req *rqstp)
     xdr_free(xdr_generic_ret, &ret);
 
     if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle)))
-        return &ret;
+        goto exit_func;
 
     if ((ret.code = check_handle((void *)handle))) {
         free_server_handle(handle);
-        return &ret;
+        goto exit_func;
     }
 
     ret.api_version = handle->api_version;
 
     if (setup_gss_names(rqstp, &client_name, &service_name) < 0) {
         ret.code = KADM5_FAILURE;
-        return &ret;
+        goto exit_func;
     }
     if (krb5_unparse_name(handle->context, arg->princ, &prime_arg)) {
         ret.code = KADM5_BAD_PRINCIPAL;
-        return &ret;
+        goto exit_func;
     }
     
     if (CHANGEPW_SERVICE(rqstp)
@@ -393,15 +434,37 @@ delete_principal_1_svc(dprinc_arg *arg, struct svc_req *rqstp)
                inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
     } else {
         ret.code = kadm5_delete_principal((void *)handle, arg->princ);
+        if( ret.code == 0 )
+            ret.err_str = "success";
+        else
+            ret.err_str = error_message(ret.code);
+
         krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_delete_principal", prime_arg, 
-               ((ret.code == 0) ? "success" : error_message(ret.code)), 
+                ret.err_str,
                client_name.value, service_name.value,
                inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
+
+        /* xdr free frees this string. so make a copy */
+        ret.err_str = strdup( ret.err_str ); 
+        /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */
     }
     free(prime_arg);
     free_server_handle(handle);
     gss_release_buffer(&minor_stat, &client_name);
     gss_release_buffer(&minor_stat, &service_name);
+ exit_func:
+    if( ret.err_str == NULL )
+    {
+        if( ret.code == 0 )
+            ret.err_str = "success";
+        else
+            ret.err_str = error_message(ret.code);
+
+        /* xdr free frees this string. so make a copy */
+        ret.err_str = strdup( ret.err_str ); 
+        /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */
+    }
+
     return &ret;
 }
 
@@ -419,20 +482,20 @@ modify_principal_1_svc(mprinc_arg *arg, struct svc_req *rqstp)
     xdr_free(xdr_generic_ret, &ret);
 
     if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle)))
-        return &ret;
+        goto exit_func;
 
     if ((ret.code = check_handle((void *)handle))) {
         free_server_handle(handle);
-        return &ret;
+        goto exit_func;
     }
 
     if (setup_gss_names(rqstp, &client_name, &service_name) < 0) {
         ret.code = KADM5_FAILURE;
-        return &ret;
+        goto exit_func;
     }
     if (krb5_unparse_name(handle->context, arg->rec.principal, &prime_arg)) {
         ret.code = KADM5_BAD_PRINCIPAL;
-        return &ret;
+        goto exit_func;
     }
 
     if (CHANGEPW_SERVICE(rqstp)
@@ -447,16 +510,36 @@ modify_principal_1_svc(mprinc_arg *arg, struct svc_req *rqstp)
     } else {
         ret.code = kadm5_modify_principal((void *)handle, &arg->rec,
                                                arg->mask);
+        if( ret.code == 0 )
+            ret.err_str = "success";
+        else
+            ret.err_str = error_message(ret.code);
+
         krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_modify_principal",
-               prime_arg, ((ret.code == 0) ? "success" :
-                           error_message(ret.code)), 
+               prime_arg, ret.err_str,
                client_name.value, service_name.value,
                inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
+
+        /* xdr free frees this string. so make a copy */
+        ret.err_str = strdup( ret.err_str ); 
+        /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */
     }
     free_server_handle(handle);
     free(prime_arg);
     gss_release_buffer(&minor_stat, &client_name);
     gss_release_buffer(&minor_stat, &service_name);
+exit_func:
+    if( ret.err_str == NULL )
+    {
+        if( ret.code == 0 )
+            ret.err_str = "success";
+        else
+            ret.err_str = error_message(ret.code);
+
+        /* xdr free frees this string. so make a copy */
+        ret.err_str = strdup( ret.err_str ); 
+        /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */
+    }
     return &ret;
 }
 
@@ -476,21 +559,21 @@ rename_principal_1_svc(rprinc_arg *arg, struct svc_req *rqstp)
     xdr_free(xdr_generic_ret, &ret);
 
     if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle)))
-        return &ret;
+        goto exit_func;
 
     if ((ret.code = check_handle((void *)handle))) {
         free_server_handle(handle);
-        return &ret;
+        goto exit_func;
     }
 
     if (setup_gss_names(rqstp, &client_name, &service_name) < 0) {
         ret.code = KADM5_FAILURE;
-        return &ret;
+        goto exit_func;
     }
     if (krb5_unparse_name(handle->context, arg->src, &prime_arg1) ||
         krb5_unparse_name(handle->context, arg->dest, &prime_arg2)) {
         ret.code = KADM5_BAD_PRINCIPAL;
-        return &ret;
+        goto exit_func;
     }
     sprintf(prime_arg, "%s to %s", prime_arg1, prime_arg2);
 
@@ -516,17 +599,37 @@ rename_principal_1_svc(rprinc_arg *arg, struct svc_req *rqstp)
     } else {
         ret.code = kadm5_rename_principal((void *)handle, arg->src,
                                                arg->dest);
+        if( ret.code == 0 )
+            ret.err_str = "success";
+        else
+            ret.err_str = error_message(ret.code);
+
         krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_rename_principal",
-               prime_arg, ((ret.code == 0) ? "success" :
-                           error_message(ret.code)), 
+               prime_arg, ret.err_str,
                client_name.value, service_name.value,
                inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
+
+        /* xdr free frees this string. so make a copy */
+        ret.err_str = strdup( ret.err_str ); 
+        /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */
     }
     free_server_handle(handle);
     free(prime_arg1);
     free(prime_arg2);    
     gss_release_buffer(&minor_stat, &client_name);
     gss_release_buffer(&minor_stat, &service_name);
+exit_func:
+    if( ret.err_str == NULL )
+    {
+        if( ret.code == 0 )
+            ret.err_str = "success";
+        else
+            ret.err_str = error_message(ret.code);
+
+        /* xdr free frees this string. so make a copy */
+        ret.err_str = strdup( ret.err_str ); 
+        /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */
+    }
     return &ret;
 }
 
@@ -544,11 +647,11 @@ get_principal_1_svc(gprinc_arg *arg, struct svc_req *rqstp)
     xdr_free(xdr_gprinc_ret, &ret);
 
     if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle)))
-        return &ret;
+        goto exit_func;
 
     if ((ret.code = check_handle((void *)handle))) {
         free_server_handle(handle);
-        return &ret;
+        goto exit_func;
     }
 
     ret.api_version = handle->api_version;
@@ -558,11 +661,11 @@ get_principal_1_svc(gprinc_arg *arg, struct svc_req *rqstp)
 
     if (setup_gss_names(rqstp, &client_name, &service_name) < 0) {
         ret.code = KADM5_FAILURE;
-        return &ret;
+        goto exit_func;
     }
     if (krb5_unparse_name(handle->context, arg->princ, &prime_arg)) {
         ret.code = KADM5_BAD_PRINCIPAL;
-        return &ret;
+        goto exit_func;
     }
 
     if (! cmp_gss_krb5_name(handle, rqst2name(rqstp), arg->princ) &&
@@ -589,16 +692,37 @@ get_principal_1_svc(gprinc_arg *arg, struct svc_req *rqstp)
                                              arg->mask);
         }
         
+        if( ret.code == 0 )
+            ret.err_str = "success";
+        else
+            ret.err_str = error_message(ret.code);
+
         krb5_klog_syslog(LOG_NOTICE, LOG_DONE, funcname,
                prime_arg,  
-               ((ret.code == 0) ? "success" : error_message(ret.code)), 
+               ret.err_str,
                client_name.value, service_name.value,
                inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
+
+        /* xdr free frees this string. so make a copy */
+        ret.err_str = strdup( ret.err_str ); 
+        /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */
     }
     free_server_handle(handle);
     free(prime_arg);
     gss_release_buffer(&minor_stat, &client_name);
     gss_release_buffer(&minor_stat, &service_name);
+exit_func:
+    if( ret.err_str == NULL )
+    {
+        if( ret.code == 0 )
+            ret.err_str = "success";
+        else
+            ret.err_str = error_message(ret.code);
+
+        /* xdr free frees this string. so make a copy */
+        ret.err_str = strdup( ret.err_str ); 
+        /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */
+    }
     return &ret;
 }
 
@@ -615,18 +739,18 @@ get_princs_1_svc(gprincs_arg *arg, struct svc_req *rqstp)
     xdr_free(xdr_gprincs_ret, &ret);
 
     if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle)))
-        return &ret;
+        goto exit_func;
 
     if ((ret.code = check_handle((void *)handle))) {
         free_server_handle(handle);
-        return &ret;
+        goto exit_func;
     }
 
     ret.api_version = handle->api_version;
 
     if (setup_gss_names(rqstp, &client_name, &service_name) < 0) {
         ret.code = KADM5_FAILURE;
-        return &ret;
+        goto exit_func;
     }
     prime_arg = arg->exp;
     if (prime_arg == NULL)
@@ -645,15 +769,36 @@ get_princs_1_svc(gprincs_arg *arg, struct svc_req *rqstp)
         ret.code  = kadm5_get_principals((void *)handle,
                                               arg->exp, &ret.princs,
                                               &ret.count);
+        if( ret.code == 0 )
+            ret.err_str = "success";
+        else
+            ret.err_str = error_message(ret.code);
+
         krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_get_principals",
                prime_arg,  
-               ((ret.code == 0) ? "success" : error_message(ret.code)), 
+               ret.err_str,
                client_name.value, service_name.value,
                inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
+
+        /* xdr free frees this string. so make a copy */
+        ret.err_str = strdup( ret.err_str ); 
+        /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */
     }
     free_server_handle(handle);
     gss_release_buffer(&minor_stat, &client_name);
     gss_release_buffer(&minor_stat, &service_name);
+exit_func:
+    if( ret.err_str == NULL )
+    {
+        if( ret.code == 0 )
+            ret.err_str = "success";
+        else
+            ret.err_str = error_message(ret.code);
+
+        /* xdr free frees this string. so make a copy */
+        ret.err_str = strdup( ret.err_str ); 
+        /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */
+    }
     return &ret;
 }
 
@@ -670,22 +815,22 @@ chpass_principal_1_svc(chpass_arg *arg, struct svc_req *rqstp)
     xdr_free(xdr_generic_ret, &ret);
 
     if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle)))
-        return &ret;
+        goto exit_func;
 
     if ((ret.code = check_handle((void *)handle))) {
         free_server_handle(handle);
-        return &ret;
+        goto exit_func;
     }
 
     ret.api_version = handle->api_version;
 
     if (setup_gss_names(rqstp, &client_name, &service_name) < 0) {
         ret.code = KADM5_FAILURE;
-        return &ret;
+        goto exit_func;
     }
     if (krb5_unparse_name(handle->context, arg->princ, &prime_arg)) {
         ret.code = KADM5_BAD_PRINCIPAL;
-        return &ret;
+        goto exit_func;
     }
 
     if (cmp_gss_krb5_name(handle, rqst2name(rqstp), arg->princ)) {
@@ -704,17 +849,37 @@ chpass_principal_1_svc(chpass_arg *arg, struct svc_req *rqstp)
     }
 
     if(ret.code != KADM5_AUTH_CHANGEPW) {
+        if( ret.code == 0 )
+            ret.err_str = "success";
+        else
+            ret.err_str = error_message(ret.code);
+
        krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_chpass_principal", 
-              prime_arg, ((ret.code == 0) ? "success" :
-                          error_message(ret.code)), 
+              prime_arg, ret.err_str,
               client_name.value, service_name.value,
               inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
+
+        /* xdr free frees this string. so make a copy */
+        ret.err_str = strdup( ret.err_str ); 
+        /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */
     }
 
     free_server_handle(handle);
     free(prime_arg);
     gss_release_buffer(&minor_stat, &client_name);
     gss_release_buffer(&minor_stat, &service_name);
+exit_func:
+    if( ret.err_str == NULL )
+    {
+        if( ret.code == 0 )
+            ret.err_str = "success";
+        else
+            ret.err_str = error_message(ret.code);
+
+        /* xdr free frees this string. so make a copy */
+        ret.err_str = strdup( ret.err_str ); 
+        /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */
+    }
     return &ret;
 }
 
@@ -731,22 +896,22 @@ chpass_principal3_1_svc(chpass3_arg *arg, struct svc_req *rqstp)
     xdr_free(xdr_generic_ret, &ret);
 
     if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle)))
-        return &ret;
+        goto exit_func;
 
     if ((ret.code = check_handle((void *)handle))) {
         free_server_handle(handle);
-        return &ret;
+        goto exit_func;
     }
 
     ret.api_version = handle->api_version;
 
     if (setup_gss_names(rqstp, &client_name, &service_name) < 0) {
         ret.code = KADM5_FAILURE;
-        return &ret;
+        goto exit_func;
     }
     if (krb5_unparse_name(handle->context, arg->princ, &prime_arg)) {
         ret.code = KADM5_BAD_PRINCIPAL;
-        return &ret;
+        goto exit_func;
     }
 
     if (cmp_gss_krb5_name(handle, rqst2name(rqstp), arg->princ)) {
@@ -771,17 +936,37 @@ chpass_principal3_1_svc(chpass3_arg *arg, struct svc_req *rqstp)
     }
 
     if(ret.code != KADM5_AUTH_CHANGEPW) {
+       if( ret.code == 0 )
+           ret.err_str = "success";
+       else
+           ret.err_str = error_message(ret.code);
+
        krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_chpass_principal", 
-              prime_arg, ((ret.code == 0) ? "success" :
-                          error_message(ret.code)), 
+              prime_arg, ret.err_str, 
               client_name.value, service_name.value,
               inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
+
+       /* xdr free frees this string. so make a copy */
+       ret.err_str = strdup( ret.err_str ); 
+       /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */
     }
 
     free_server_handle(handle);
     free(prime_arg);
     gss_release_buffer(&minor_stat, &client_name);
     gss_release_buffer(&minor_stat, &service_name);
+exit_func:
+    if( ret.err_str == NULL )
+    {
+        if( ret.code == 0 )
+            ret.err_str = "success";
+        else
+            ret.err_str = error_message(ret.code);
+
+        /* xdr free frees this string. so make a copy */
+        ret.err_str = strdup( ret.err_str ); 
+        /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */
+    }
     return &ret;
 }
 
@@ -798,22 +983,22 @@ setv4key_principal_1_svc(setv4key_arg *arg, struct svc_req *rqstp)
     xdr_free(xdr_generic_ret, &ret);
 
     if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle)))
-        return &ret;
+        goto exit_func;
 
     if ((ret.code = check_handle((void *)handle))) {
         free_server_handle(handle);
-        return &ret;
+        goto exit_func;
     }
 
     ret.api_version = handle->api_version;
 
     if (setup_gss_names(rqstp, &client_name, &service_name) < 0) {
         ret.code = KADM5_FAILURE;
-        return &ret;
+        goto exit_func;
     }
     if (krb5_unparse_name(handle->context, arg->princ, &prime_arg)) {
         ret.code = KADM5_BAD_PRINCIPAL;
-        return &ret;
+        goto exit_func;
     }
 
     if (!(CHANGEPW_SERVICE(rqstp)) &&
@@ -829,17 +1014,37 @@ setv4key_principal_1_svc(setv4key_arg *arg, struct svc_req *rqstp)
     }
 
     if(ret.code != KADM5_AUTH_SETKEY) {
+       if( ret.code == 0 )
+           ret.err_str = "success";
+       else
+           ret.err_str = error_message(ret.code);
+
        krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_setv4key_principal", 
-              prime_arg, ((ret.code == 0) ? "success" :
-                          error_message(ret.code)), 
+              prime_arg, ret.err_str, 
               client_name.value, service_name.value,
               inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
+
+       /* xdr free frees this string. so make a copy */
+       ret.err_str = strdup( ret.err_str ); 
+       /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */
     }
 
     free_server_handle(handle);
     free(prime_arg);
     gss_release_buffer(&minor_stat, &client_name);
     gss_release_buffer(&minor_stat, &service_name);
+exit_func:
+    if( ret.err_str == NULL )
+    {
+        if( ret.code == 0 )
+            ret.err_str = "success";
+        else
+            ret.err_str = error_message(ret.code);
+
+        /* xdr free frees this string. so make a copy */
+        ret.err_str = strdup( ret.err_str ); 
+        /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */
+    }
     return &ret;
 }
 
@@ -856,22 +1061,22 @@ setkey_principal_1_svc(setkey_arg *arg, struct svc_req *rqstp)
     xdr_free(xdr_generic_ret, &ret);
 
     if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle)))
-        return &ret;
+        goto exit_func;
 
     if ((ret.code = check_handle((void *)handle))) {
         free_server_handle(handle);
-        return &ret;
+        goto exit_func;
     }
 
     ret.api_version = handle->api_version;
 
     if (setup_gss_names(rqstp, &client_name, &service_name) < 0) {
         ret.code = KADM5_FAILURE;
-        return &ret;
+        goto exit_func;
     }
     if (krb5_unparse_name(handle->context, arg->princ, &prime_arg)) {
         ret.code = KADM5_BAD_PRINCIPAL;
-        return &ret;
+        goto exit_func;
     }
 
     if (!(CHANGEPW_SERVICE(rqstp)) &&
@@ -887,17 +1092,37 @@ setkey_principal_1_svc(setkey_arg *arg, struct svc_req *rqstp)
     }
 
     if(ret.code != KADM5_AUTH_SETKEY) {
+       if( ret.code == 0 )
+           ret.err_str = "success";
+       else
+           ret.err_str = error_message(ret.code);
+
        krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_setkey_principal", 
-              prime_arg, ((ret.code == 0) ? "success" :
-                          error_message(ret.code)), 
+              prime_arg, ret.err_str, 
               client_name.value, service_name.value,
               inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
+
+       /* xdr free frees this string. so make a copy */
+       ret.err_str = strdup( ret.err_str ); 
+       /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */
     }
 
     free_server_handle(handle);
     free(prime_arg);
     gss_release_buffer(&minor_stat, &client_name);
     gss_release_buffer(&minor_stat, &service_name);
+exit_func:
+    if( ret.err_str == NULL )
+    {
+        if( ret.code == 0 )
+            ret.err_str = "success";
+        else
+            ret.err_str = error_message(ret.code);
+
+        /* xdr free frees this string. so make a copy */
+        ret.err_str = strdup( ret.err_str ); 
+        /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */
+    }
     return &ret;
 }
 
@@ -914,22 +1139,22 @@ setkey_principal3_1_svc(setkey3_arg *arg, struct svc_req *rqstp)
     xdr_free(xdr_generic_ret, &ret);
 
     if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle)))
-        return &ret;
+        goto exit_func;
 
     if ((ret.code = check_handle((void *)handle))) {
         free_server_handle(handle);
-        return &ret;
+        goto exit_func;
     }
 
     ret.api_version = handle->api_version;
 
     if (setup_gss_names(rqstp, &client_name, &service_name) < 0) {
         ret.code = KADM5_FAILURE;
-        return &ret;
+        goto exit_func;
     }
     if (krb5_unparse_name(handle->context, arg->princ, &prime_arg)) {
         ret.code = KADM5_BAD_PRINCIPAL;
-        return &ret;
+        goto exit_func;
     }
 
     if (!(CHANGEPW_SERVICE(rqstp)) &&
@@ -948,17 +1173,37 @@ setkey_principal3_1_svc(setkey3_arg *arg, struct svc_req *rqstp)
     }
 
     if(ret.code != KADM5_AUTH_SETKEY) {
+       if( ret.code == 0 )
+           ret.err_str = "success";
+       else
+           ret.err_str = error_message(ret.code);
+
        krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_setkey_principal", 
-              prime_arg, ((ret.code == 0) ? "success" :
-                          error_message(ret.code)), 
+              prime_arg, ret.err_str, 
               client_name.value, service_name.value,
               inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
+
+       /* xdr free frees this string. so make a copy */
+       ret.err_str = strdup( ret.err_str ); 
+       /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */
     }
 
     free_server_handle(handle);
     free(prime_arg);
     gss_release_buffer(&minor_stat, &client_name);
     gss_release_buffer(&minor_stat, &service_name);
+exit_func:
+    if( ret.err_str == NULL )
+    {
+        if( ret.code == 0 )
+            ret.err_str = "success";
+        else
+            ret.err_str = error_message(ret.code);
+
+        /* xdr free frees this string. so make a copy */
+        ret.err_str = strdup( ret.err_str ); 
+        /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */
+    }
     return &ret;
 }
 
@@ -977,11 +1222,12 @@ chrand_principal_1_svc(chrand_arg *arg, struct svc_req *rqstp)
     xdr_free(xdr_chrand_ret, &ret);
 
     if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle)))
-        return &ret;
+        goto exit_func;
+
 
     if ((ret.code = check_handle((void *)handle))) {
         free_server_handle(handle);
-        return &ret;
+        goto exit_func;
     }
 
     ret.api_version = handle->api_version;
@@ -992,11 +1238,11 @@ chrand_principal_1_svc(chrand_arg *arg, struct svc_req *rqstp)
     if (setup_gss_names(rqstp, &client_name, &service_name) < 0) {
         ret.code = KADM5_FAILURE;
         free_server_handle(handle);
-        return &ret;
+        goto exit_func;
     }
     if (krb5_unparse_name(handle->context, arg->princ, &prime_arg)) {
         ret.code = KADM5_BAD_PRINCIPAL;
-        return &ret;
+        goto exit_func;
     }
 
     if (cmp_gss_krb5_name(handle, rqst2name(rqstp), arg->princ)) {
@@ -1025,16 +1271,36 @@ chrand_principal_1_svc(chrand_arg *arg, struct svc_req *rqstp)
     }
 
     if(ret.code != KADM5_AUTH_CHANGEPW) {
+       if( ret.code == 0 )
+           ret.err_str = "success";
+       else
+           ret.err_str = error_message(ret.code);
+
        krb5_klog_syslog(LOG_NOTICE, LOG_DONE, funcname,
-              prime_arg, ((ret.code == 0) ? "success" :
-                          error_message(ret.code)), 
+              prime_arg, ret.err_str, 
               client_name.value, service_name.value,
               inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
+
+       /* xdr free frees this string. so make a copy */
+       ret.err_str = strdup( ret.err_str ); 
+       /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */
     }
     free_server_handle(handle);
     free(prime_arg);
     gss_release_buffer(&minor_stat, &client_name);
     gss_release_buffer(&minor_stat, &service_name);
+exit_func:
+    if( ret.err_str == NULL )
+    {
+        if( ret.code == 0 )
+            ret.err_str = "success";
+        else
+            ret.err_str = error_message(ret.code);
+
+        /* xdr free frees this string. so make a copy */
+        ret.err_str = strdup( ret.err_str ); 
+        /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */
+    }
     return &ret;
 }
 
@@ -1053,11 +1319,11 @@ chrand_principal3_1_svc(chrand3_arg *arg, struct svc_req *rqstp)
     xdr_free(xdr_chrand_ret, &ret);
 
     if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle)))
-        return &ret;
+        goto exit_func;
 
     if ((ret.code = check_handle((void *)handle))) {
         free_server_handle(handle);
-        return &ret;
+        goto exit_func;
     }
 
     ret.api_version = handle->api_version;
@@ -1068,11 +1334,11 @@ chrand_principal3_1_svc(chrand3_arg *arg, struct svc_req *rqstp)
     if (setup_gss_names(rqstp, &client_name, &service_name) < 0) {
         ret.code = KADM5_FAILURE;
         free_server_handle(handle);
-        return &ret;
+        goto exit_func;
     }
     if (krb5_unparse_name(handle->context, arg->princ, &prime_arg)) {
         ret.code = KADM5_BAD_PRINCIPAL;
-        return &ret;
+        goto exit_func;
     }
 
     if (cmp_gss_krb5_name(handle, rqst2name(rqstp), arg->princ)) {
@@ -1107,16 +1373,36 @@ chrand_principal3_1_svc(chrand3_arg *arg, struct svc_req *rqstp)
     }
 
     if(ret.code != KADM5_AUTH_CHANGEPW) {
+       if( ret.code == 0 )
+           ret.err_str = "success";
+       else
+           ret.err_str = error_message(ret.code);
+
        krb5_klog_syslog(LOG_NOTICE, LOG_DONE, funcname,
-              prime_arg, ((ret.code == 0) ? "success" :
-                          error_message(ret.code)), 
+              prime_arg, ret.err_str, 
               client_name.value, service_name.value,
               inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
+
+        /* xdr free frees this string. so make a copy */
+        ret.err_str = strdup( ret.err_str ); 
+        /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */
     }
     free_server_handle(handle);
     free(prime_arg);
     gss_release_buffer(&minor_stat, &client_name);
     gss_release_buffer(&minor_stat, &service_name);
+exit_func:
+    if( ret.err_str == NULL )
+    {
+        if( ret.code == 0 )
+            ret.err_str = "success";
+        else
+            ret.err_str = error_message(ret.code);
+
+        /* xdr free frees this string. so make a copy */
+        ret.err_str = strdup( ret.err_str ); 
+        /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */
+    }
     return &ret;
 }
 
@@ -1133,18 +1419,18 @@ create_policy_1_svc(cpol_arg *arg, struct svc_req *rqstp)
     xdr_free(xdr_generic_ret, &ret);
 
     if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle)))
-        return &ret;
+        goto exit_func;
 
     if ((ret.code = check_handle((void *)handle))) {
         free_server_handle(handle);
-        return &ret;
+        goto exit_func;
     }
 
     ret.api_version = handle->api_version;
 
     if (setup_gss_names(rqstp, &client_name, &service_name) < 0) {
         ret.code = KADM5_FAILURE;
-        return &ret;
+        goto exit_func;
     }
     prime_arg = arg->rec.policy;
 
@@ -1159,15 +1445,36 @@ create_policy_1_svc(cpol_arg *arg, struct svc_req *rqstp)
     } else {
         ret.code = kadm5_create_policy((void *)handle, &arg->rec,
                                             arg->mask);
+        if( ret.code == 0 )
+            ret.err_str = "success";
+        else
+            ret.err_str = error_message(ret.code);
+
         krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_create_policy",
                ((prime_arg == NULL) ? "(null)" : prime_arg),
-               ((ret.code == 0) ? "success" : error_message(ret.code))
+               ret.err_str
                client_name.value, service_name.value,
                inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));   
+
+        /* xdr free frees this string. so make a copy */
+        ret.err_str = strdup( ret.err_str ); 
+        /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */
     }
     free_server_handle(handle);
     gss_release_buffer(&minor_stat, &client_name);
     gss_release_buffer(&minor_stat, &service_name);
+exit_func:
+    if( ret.err_str == NULL )
+    {
+        if( ret.code == 0 )
+            ret.err_str = "success";
+        else
+            ret.err_str = error_message(ret.code);
+
+        /* xdr free frees this string. so make a copy */
+        ret.err_str = strdup( ret.err_str ); 
+        /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */
+    }
     return &ret;
 }
 
@@ -1184,18 +1491,18 @@ delete_policy_1_svc(dpol_arg *arg, struct svc_req *rqstp)
     xdr_free(xdr_generic_ret, &ret);
 
     if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle)))
-        return &ret;
+        goto exit_func;
 
     if ((ret.code = check_handle((void *)handle))) {
         free_server_handle(handle);
-        return &ret;
+        goto exit_func;
     }
 
     ret.api_version = handle->api_version;
 
     if (setup_gss_names(rqstp, &client_name, &service_name) < 0) {
         ret.code = KADM5_FAILURE;
-        return &ret;
+        goto exit_func;
     }
     prime_arg = arg->name;
     
@@ -1208,15 +1515,36 @@ delete_policy_1_svc(dpol_arg *arg, struct svc_req *rqstp)
         ret.code = KADM5_AUTH_DELETE;
     } else {
         ret.code = kadm5_delete_policy((void *)handle, arg->name);
+        if( ret.code == 0 )
+            ret.err_str = "success";
+        else
+            ret.err_str = error_message(ret.code);
+
         krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_delete_policy",
                ((prime_arg == NULL) ? "(null)" : prime_arg),
-               ((ret.code == 0) ? "success" : error_message(ret.code))
+               ret.err_str
                client_name.value, service_name.value,
                inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));   
+
+        /* xdr free frees this string. so make a copy */
+        ret.err_str = strdup( ret.err_str ); 
+        /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */
     }
     free_server_handle(handle);
     gss_release_buffer(&minor_stat, &client_name);
     gss_release_buffer(&minor_stat, &service_name);
+exit_func:
+    if( ret.err_str == NULL )
+    {
+        if( ret.code == 0 )
+            ret.err_str = "success";
+        else
+            ret.err_str = error_message(ret.code);
+
+        /* xdr free frees this string. so make a copy */
+        ret.err_str = strdup( ret.err_str ); 
+        /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */
+    }
     return &ret;
 }
 
@@ -1233,18 +1561,18 @@ modify_policy_1_svc(mpol_arg *arg, struct svc_req *rqstp)
     xdr_free(xdr_generic_ret, &ret);
 
     if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle)))
-        return &ret;
+        goto exit_func;
 
     if ((ret.code = check_handle((void *)handle))) {
         free_server_handle(handle);
-        return &ret;
+        goto exit_func;
     }
 
     ret.api_version = handle->api_version;
 
     if (setup_gss_names(rqstp, &client_name, &service_name) < 0) {
         ret.code = KADM5_FAILURE;
-        return &ret;
+        goto exit_func;
     }
     prime_arg = arg->rec.policy;
 
@@ -1258,15 +1586,36 @@ modify_policy_1_svc(mpol_arg *arg, struct svc_req *rqstp)
     } else {
         ret.code = kadm5_modify_policy((void *)handle, &arg->rec,
                                             arg->mask);
+        if( ret.code == 0 )
+            ret.err_str = "success";
+        else
+            ret.err_str = error_message(ret.code);
+
         krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_modify_policy",
                ((prime_arg == NULL) ? "(null)" : prime_arg),       
-               ((ret.code == 0) ? "success" : error_message(ret.code))
+               ret.err_str
                client_name.value, service_name.value,
                inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));  
+
+        /* xdr free frees this string. so make a copy */
+        ret.err_str = strdup( ret.err_str ); 
+        /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */
     }
     free_server_handle(handle);
     gss_release_buffer(&minor_stat, &client_name);
     gss_release_buffer(&minor_stat, &service_name);
+exit_func:
+    if( ret.err_str == NULL )
+    {
+        if( ret.code == 0 )
+            ret.err_str = "success";
+        else
+            ret.err_str = error_message(ret.code);
+
+        /* xdr free frees this string. so make a copy */
+        ret.err_str = strdup( ret.err_str ); 
+        /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */
+    }
     return &ret;
 }
 
@@ -1286,11 +1635,11 @@ get_policy_1_svc(gpol_arg *arg, struct svc_req *rqstp)
     xdr_free(xdr_gpol_ret,  &ret);
 
     if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle)))
-        return &ret;
+        goto exit_func;
 
     if ((ret.code = check_handle((void *)handle))) {
         free_server_handle(handle);
-        return &ret;
+        goto exit_func;
     }
 
     ret.api_version = handle->api_version;
@@ -1300,7 +1649,7 @@ get_policy_1_svc(gpol_arg *arg, struct svc_req *rqstp)
 
     if (setup_gss_names(rqstp, &client_name, &service_name) < 0) {
         ret.code = KADM5_FAILURE;
-        return &ret;
+        goto exit_func;
     }
     prime_arg = arg->name;
 
@@ -1337,11 +1686,20 @@ get_policy_1_svc(gpol_arg *arg, struct svc_req *rqstp)
                                          &ret.rec);
         }
         
+        if( ret.code == 0 )
+            ret.err_str = "success";
+        else
+            ret.err_str = error_message(ret.code);
+
         krb5_klog_syslog(LOG_NOTICE, LOG_DONE, funcname,
                ((prime_arg == NULL) ? "(null)" : prime_arg),
-               ((ret.code == 0) ? "success" : error_message(ret.code))
+               ret.err_str
                client_name.value, service_name.value,
                inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));   
+
+        /* xdr free frees this string. so make a copy */
+        ret.err_str = strdup( ret.err_str ); 
+        /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */
     } else {
         krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, funcname,
                prime_arg, client_name.value, service_name.value,
@@ -1350,6 +1708,18 @@ get_policy_1_svc(gpol_arg *arg, struct svc_req *rqstp)
     free_server_handle(handle);
     gss_release_buffer(&minor_stat, &client_name);
     gss_release_buffer(&minor_stat, &service_name);
+exit_func:
+    if( ret.err_str == NULL )
+    {
+        if( ret.code == 0 )
+            ret.err_str = "success";
+        else
+            ret.err_str = error_message(ret.code);
+
+        /* xdr free frees this string. so make a copy */
+        ret.err_str = strdup( ret.err_str ); 
+        /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */
+    }
     return &ret;
 
 }
@@ -1367,18 +1737,18 @@ get_pols_1_svc(gpols_arg *arg, struct svc_req *rqstp)
     xdr_free(xdr_gpols_ret, &ret);
 
     if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle)))
-        return &ret;
+        goto exit_func;
 
     if ((ret.code = check_handle((void *)handle))) {
         free_server_handle(handle);
-        return &ret;
+        goto exit_func;
     }
 
     ret.api_version = handle->api_version;
 
     if (setup_gss_names(rqstp, &client_name, &service_name) < 0) {
         ret.code = KADM5_FAILURE;
-        return &ret;
+        goto exit_func;
     }
     prime_arg = arg->exp;
     if (prime_arg == NULL)
@@ -1395,15 +1765,36 @@ get_pols_1_svc(gpols_arg *arg, struct svc_req *rqstp)
         ret.code  = kadm5_get_policies((void *)handle,
                                               arg->exp, &ret.pols,
                                               &ret.count);
+        if( ret.code == 0 )
+            ret.err_str = "success";
+        else
+            ret.err_str = error_message(ret.code);
+
         krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_get_policies",
                prime_arg,  
-               ((ret.code == 0) ? "success" : error_message(ret.code))
+               ret.err_str
                client_name.value, service_name.value,
                inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
+
+        /* xdr free frees this string. so make a copy */
+        ret.err_str = strdup( ret.err_str ); 
+        /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */
     }
     free_server_handle(handle);
     gss_release_buffer(&minor_stat, &client_name);
     gss_release_buffer(&minor_stat, &service_name);
+exit_func:
+    if( ret.err_str == NULL )
+    {
+        if( ret.code == 0 )
+            ret.err_str = "success";
+        else
+            ret.err_str = error_message(ret.code);
+
+        /* xdr free frees this string. so make a copy */
+        ret.err_str = strdup( ret.err_str ); 
+        /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */
+    }
     return &ret;
 }
 
@@ -1417,29 +1808,51 @@ getprivs_ret * get_privs_1_svc(krb5_ui_4 *arg, struct svc_req *rqstp)
      xdr_free(xdr_getprivs_ret, &ret);
 
      if ((ret.code = new_server_handle(*arg, rqstp, &handle)))
-         return &ret;
+         goto exit_func;
 
      if ((ret.code = check_handle((void *)handle))) {
          free_server_handle(handle);
-         return &ret;
+         goto exit_func;
      }
 
      ret.api_version = handle->api_version;
 
      if (setup_gss_names(rqstp, &client_name, &service_name) < 0) {
          ret.code = KADM5_FAILURE;
-         return &ret;
+         goto exit_func;
      }
 
      ret.code = kadm5_get_privs((void *)handle, &ret.privs);
+     if( ret.code == 0 )
+        ret.err_str = "success";
+     else
+        ret.err_str = error_message(ret.code);
+
      krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_get_privs",
            client_name.value, 
-           ((ret.code == 0) ? "success" : error_message(ret.code))
+           ret.err_str
            client_name.value, service_name.value,
            inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr));
+
+     /* xdr free frees this string. so make a copy */
+     ret.err_str = strdup( ret.err_str ); 
+     /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */
+
      free_server_handle(handle);
      gss_release_buffer(&minor_stat, &client_name);
      gss_release_buffer(&minor_stat, &service_name);
+exit_func:
+    if( ret.err_str == NULL )
+    {
+        if( ret.code == 0 )
+            ret.err_str = "success";
+        else
+            ret.err_str = error_message(ret.code);
+
+        /* xdr free frees this string. so make a copy */
+        ret.err_str = strdup( ret.err_str ); 
+        /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */
+    }
      return &ret;
 }
 
@@ -1454,7 +1867,7 @@ generic_ret *init_1_svc(krb5_ui_4 *arg, struct svc_req *rqstp)
      xdr_free(xdr_generic_ret, &ret);
 
      if ((ret.code = new_server_handle(*arg, rqstp, &handle)))
-         return &ret;
+         goto exit_func;
      if (! (ret.code = check_handle((void *)handle))) {
         ret.api_version = handle->api_version;
      }
@@ -1463,7 +1876,7 @@ generic_ret *init_1_svc(krb5_ui_4 *arg, struct svc_req *rqstp)
 
      if (setup_gss_names(rqstp, &client_name, &service_name) < 0) {
          ret.code = KADM5_FAILURE;
-         return &ret;
+         goto exit_func;
      }
 
      krb5_klog_syslog(LOG_NOTICE, LOG_DONE ", flavor=%d",
@@ -1477,6 +1890,18 @@ generic_ret *init_1_svc(krb5_ui_4 *arg, struct svc_req *rqstp)
      gss_release_buffer(&minor_stat, &client_name);
      gss_release_buffer(&minor_stat, &service_name);
            
+exit_func:
+     if( ret.err_str == NULL )
+     {
+        if( ret.code == 0 )
+            ret.err_str = "success";
+        else
+            ret.err_str = error_message(ret.code);
+
+        /* xdr free frees this string. so make a copy */
+        ret.err_str = strdup( ret.err_str ); 
+        /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */
+     }
      return(&ret);
 }
 
index f34d8f83c30d0d3faf81ad6da915e07962f3a247..a81e3491f8627b6d96c017a84e5442c1092f53c0 100644 (file)
@@ -1,3 +1,10 @@
+2005-06-20  Ken Raeburn  <raeburn@mit.edu>
+
+       Novell merge.
+       * Makefile.in:
+       * tcl_kadm5.c:
+       * tcl_ovsec_kadm.c:
+
 2005-02-10  Tom Yu  <tlyu@mit.edu>
 
        * tcl_kadm5.c (unparse_err): Add entries for KRB5_CC_NOTFOUND and
index bc3e730be5eec895c3360d2441db554de66a6d7f..f53861e2113ff5e65b56928bbdb586b52a6201ed 100644 (file)
@@ -2,10 +2,11 @@ thisconfigdir=./../..
 myfulldir=kadmin/testing/util
 mydir=testing/util
 BUILDTOP=$(REL)..$(S)..$(S)..
-LOCALINCLUDES = $(TCL_INCLUDES)
+LOCALINCLUDES = $(TCL_INCLUDES) -I$(BUILDTOP)/lib/kdb/
 # Force Tcl headers to use stdarg.h, because krb5 does too, and if
 # Tcl uses varargs.h it'll just mess things up.
 DEFINES= -DHAS_STDARG
+KRB5_PTHREAD_LIB=-lpthread 
 
 PROG_LIBPATH=-L$(TOPLIBD) $(TCL_LIBPATH)
 PROG_RPATH=$(KRB5_LIBDIR)$(TCL_RPATH)
@@ -29,11 +30,11 @@ all-tcl:: $(CLNTPROG) $(SRVPROG)
 
 $(SRVPROG): $(OBJS) $(KADMSRV_DEPLIBS) $(KRB5_BASE_DEPLIBS)
        $(CC_LINK) -o $(SRVPROG) $(OBJS) $(TCL_MAYBE_RPATH) \
-               $(KADMSRV_LIBS) $(KRB5_BASE_LIBS) $(TCL_LIBS)
+               $(KADMSRV_LIBS) $(KRB5_PTHREAD_LIB) $(KRB5_BASE_LIBS) $(TCL_LIBS)
 
 $(CLNTPROG): $(OBJS) $(KADMCLNT_DEPLIBS) $(KRB5_BASE_DEPLIBS)
        $(CC_LINK) -o $(CLNTPROG) $(OBJS) $(TCL_MAYBE_RPATH) \
-               $(KADMCLNT_LIBS) $(KRB5_BASE_LIBS) $(TCL_LIBS)
+               $(KRB5_PTHREAD_LIB) $(KADMCLNT_LIBS) $(KRB5_BASE_LIBS) $(TCL_LIBS)
 
 bsddb_dump: bsddb_dump.o
        $(CC_LINK) -o bsddb_dump bsddb_dump.o $(KADMSRV_LIBS)
@@ -59,8 +60,8 @@ $(OUTPRE)tcl_ovsec_kadm.$(OBJEXT): tcl_ovsec_kadm.c \
   $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/socket-utils.h \
   $(SRCTOP)/include/krb5/kdb.h $(BUILDTOP)/include/kadm5/kadm_err.h \
-  $(BUILDTOP)/include/kadm5/adb_err.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \
-  tcl_kadm5.h
+  $(BUILDTOP)/include/kadm5/chpass_util_strings.h tcl_kadm5.h \
+  $(BUILDTOP)/lib/kdb/adb_err.h
 $(OUTPRE)tcl_kadm5.$(OBJEXT): tcl_kadm5.c $(BUILDTOP)/include/kadm5/admin.h \
   $(BUILDTOP)/include/gssrpc/rpc.h $(BUILDTOP)/include/gssrpc/types.h \
   $(BUILDTOP)/include/gssrpc/rename.h $(BUILDTOP)/include/gssrpc/xdr.h \
@@ -74,6 +75,6 @@ $(OUTPRE)tcl_kadm5.$(OBJEXT): tcl_kadm5.c $(BUILDTOP)/include/kadm5/admin.h \
   $(SRCTOP)/include/k5-thread.h $(BUILDTOP)/include/profile.h \
   $(SRCTOP)/include/port-sockets.h $(BUILDTOP)/include/krb5/autoconf.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/adb_err.h \
-  $(BUILDTOP)/include/kadm5/chpass_util_strings.h tcl_kadm5.h
+  $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \
+  $(BUILDTOP)/lib/kdb/adb_err.h tcl_kadm5.h
 $(OUTPRE)test.$(OBJEXT): test.c tcl_kadm5.h
index a6b945277c72b9905c880f0d845550bf2396cbf9..828f207a677b09e6e561e136420dacb9ac6bf2c2 100644 (file)
@@ -11,6 +11,7 @@
 #include <k5-int.h>
 #include <errno.h>
 #include <stdlib.h>
+#include <adb_err.h>
 #include "tcl_kadm5.h"
 
 struct flagval {
@@ -1622,12 +1623,12 @@ static int _tcl_kadm5_init_any(enum init_type init_type, ClientData clientData,
 
          ret = kadm5_init_with_creds(client_name, cc, service_name,
                                      &params, struct_version,
-                                     api_version, &server_handle); 
+                                     api_version, NULL, &server_handle); 
          
          (void) krb5_cc_close(context, cc);
      } else
          ret = kadm5_init(client_name, pass, service_name, &params,
-                          struct_version, api_version, &server_handle);
+                          struct_version, api_version, NULL, &server_handle);
 
      if (ret != KADM5_OK) {
          stash_error(interp, ret);
index e67b84d5c3a806b31afe5a825d71c60f1ceb974c..9aaa850237ec607e0eb29fb5ea6e964949e5095f 100644 (file)
@@ -12,6 +12,7 @@
 #include <errno.h>
 #include <stdlib.h>
 #include "tcl_kadm5.h"
+#include <adb_err.h>
 
 struct flagval {
      char *name;
@@ -1044,7 +1045,7 @@ static int tcl_ovsec_kadm_init(ClientData clientData, Tcl_Interp *interp,
      }
      
      ret = ovsec_kadm_init(client_name, pass, service_name, realm,
-                          struct_version, api_version, &server_handle);
+                          struct_version, api_version, NULL, &server_handle);
 
      if (ret != OVSEC_KADM_OK) {
          stash_error(interp, ret);
index bb886c1203526da53c80e8b62b46e27f6a8eda44..47a6d23ac0d1e0784bf6a630be3f21b949ae9ff3 100644 (file)
@@ -1,3 +1,9 @@
+2005-06-20  Ken Raeburn  <raeburn@mit.edu>
+
+       Novell merge.
+       * Makefile.in:
+       * main.c:
+
 2005-05-13  Ken Raeburn  <raeburn@mit.edu>
 
        * kerberos_v4.c: Include autoconf.h before testing
index d26144dab60399a2594bcae1140307ae2450ce43..9b18c4e912b3c77310448f65f1c45caa5c5a8566 100644 (file)
@@ -10,6 +10,7 @@ BUILDTOP=$(REL)..
 DEFINES = # -DNOCACHE
 RUN_SETUP = @KRB5_RUN_ENV@
 PROG_LIBPATH=-L$(TOPLIBD) $(KRB4_LIBPATH)
+KDB5_LIB_DEPS=-ldl -lpthread
 PROG_RPATH=$(KRB5_LIBDIR)
 FAKEKA=@FAKEKA@
 
@@ -68,10 +69,10 @@ kdc5_err.h: kdc5_err.et
 kdc5_err.o: kdc5_err.h
 
 krb5kdc: $(OBJS) $(KADMSRV_DEPLIBS) $(KRB4COMPAT_DEPLIBS) $(APPUTILS_DEPLIB)
-       $(CC_LINK) -o krb5kdc $(OBJS) $(KADMSRV_LIBS) $(KRB4COMPAT_LIBS) $(APPUTILS_LIB)
+       $(CC_LINK) -o krb5kdc $(OBJS) $(KADMSRV_LIBS) $(KDB5_LIB_DEPS) $(KRB4COMPAT_LIBS) $(APPUTILS_LIB)
 
 rtest: $(RT_OBJS) $(KDB5_DEPLIBS) $(KADM_COMM_DEPLIBS) $(KRB5_BASE_DEPLIBS)
-       $(CC_LINK) -o rtest $(RT_OBJS) $(KDB5_LIBS) $(KADM_COMM_LIBS) $(KRB5_BASE_LIBS)
+       $(CC_LINK) -o rtest $(RT_OBJS) $(KDB5_LIBS) $(KDB5_LIB_DEPS) $(KADM_COMM_LIBS) $(KRB5_BASE_LIBS)
 
 fakeka: fakeka.o $(KADMSRV_DEPLIBS) $(KRB4COMPAT_DEPLIBS) $(APPUTILS_DEPLIB)
        $(CC_LINK) -o fakeka fakeka.o $(KADMSRV_LIBS) $(KRB4COMPAT_LIBS) $(APPUTILS_LIB)
index 961f3bbee4816f3ffeef0e4572053a82cc81f8af..c5ecdec7aa33a3fbd2d305f770087bf9312f7a64 100644 (file)
@@ -147,9 +147,9 @@ finish_realm(kdc_realm_t *rdp)
  * realm data and we should be all set to begin operation for that realm.
  */
 static krb5_error_code
-init_realm(char *progname, kdc_realm_t *rdp, char *realm, char *def_dbname,
+init_realm(char *progname, kdc_realm_t *rdp, char *realm, 
           char *def_mpname, krb5_enctype def_enctype, char *def_udp_ports,
-          char *def_tcp_ports, krb5_boolean def_manual)
+          char *def_tcp_ports, krb5_boolean def_manual, char **db_args)
 {
     krb5_error_code    kret;
     krb5_boolean       manual;
@@ -180,13 +180,6 @@ init_realm(char *progname, kdc_realm_t *rdp, char *realm, char *def_dbname,
     if (rparams && rparams->realm_profile)
        rdp->realm_profile = strdup(rparams->realm_profile);
 
-    /* Handle database name */
-    if (rparams && rparams->realm_dbname)
-       rdp->realm_dbname = strdup(rparams->realm_dbname);
-    else
-       rdp->realm_dbname = (def_dbname) ? strdup(def_dbname) :
-           strdup(DEFAULT_KDB_FILE);
-
     /* Handle master key name */
     if (rparams && rparams->realm_mkey_name)
        rdp->realm_mpname = strdup(rparams->realm_mkey_name);
@@ -245,6 +238,17 @@ init_realm(char *progname, kdc_realm_t *rdp, char *realm, char *def_dbname,
        goto whoops;
     }
 
+    /* first open the database  before doing anything */
+#ifdef KRBCONF_KDC_MODIFIES_KDB    
+    if ((kret = krb5_db_open(rdp->realm_context, db_args, KRB5_KDB_OPEN_RW))) {
+#else
+    if ((kret = krb5_db_open(rdp->realm_context, db_args, KRB5_KDB_OPEN_RO))) {
+#endif
+       com_err(progname, kret,
+               "while initializing database for realm %s", realm);
+       goto whoops;
+    }
+
     /* Assemble and parse the master key name */
     if ((kret = krb5_db_setup_mkey_name(rdp->realm_context, rdp->realm_mpname,
                                        rdp->realm_name, (char **) NULL,
@@ -268,20 +272,6 @@ init_realm(char *progname, kdc_realm_t *rdp, char *realm, char *def_dbname,
        goto whoops;
     }
 
-    /* Set and open the database. */
-    if (rdp->realm_dbname &&
-       (kret = krb5_db_set_name(rdp->realm_context, rdp->realm_dbname))) {
-       com_err(progname, kret,
-               "while setting database name to %s for realm %s",
-               rdp->realm_dbname, realm);
-       goto whoops;
-    }
-    if ((kret = krb5_db_init(rdp->realm_context))) {
-       com_err(progname, kret,
-               "while initializing database for realm %s", realm);
-       goto whoops;
-    }
-
     /* Verify the master key */
     if ((kret = krb5_db_verify_master_key(rdp->realm_context,
                                          rdp->realm_mprinc,
@@ -408,7 +398,10 @@ setup_sam(void)
 void
 usage(char *name)
 {
-    fprintf(stderr, "usage: %s [-d dbpathname] [-r dbrealmname] [-R replaycachename ]\n\t[-m] [-k masterenctype] [-M masterkeyname] [-p port] [-4 v4mode] [-X] [-n]\n", name);
+    fprintf(stderr, "usage: %s [-x db_args]* [-d dbpathname] [-r dbrealmname] [-R replaycachename ]\n\t[-m] [-k masterenctype] [-M masterkeyname] [-p port] [-4 v4mode] [-X] [-n]\n"
+           "\nwhere,\n\t[-x db_args]* - any number of database specific arguments.\n"
+           "\t\t\tLook at each database documentation for supported arguments\n",
+           name);
     return;
 }
 
@@ -428,6 +421,9 @@ initialize_realms(krb5_context kcontext, int argc, char **argv)
     char               *default_tcp_ports = 0;
     krb5_pointer       aprof;
     const char         *hierarchy[3];
+    char               **db_args      = NULL;
+    int                  db_args_size = 0;
+
 #ifdef KRB5_KRB4_COMPAT
     char                *v4mode = 0;
 #endif
@@ -459,26 +455,77 @@ initialize_realms(krb5_context kcontext, int argc, char **argv)
      * Loop through the option list.  Each time we encounter a realm name,
      * use the previously scanned options to fill in for defaults.
      */
-    while ((c = getopt(argc, argv, "r:d:mM:k:R:e:p:s:n4:X3")) != -1) {
+    while ((c = getopt(argc, argv, "x:r:d:mM:k:R:e:p:s:n4:X3")) != -1) {
        switch(c) {
+       case 'x':
+           db_args_size++;
+           {
+               char **temp = realloc( db_args, sizeof(char*) * (db_args_size+1)); /* one for NULL */
+               if( temp == NULL )
+               {
+                   fprintf(stderr,"%s: KDC cannot initialize. Not enough memory\n",
+                           argv[0]);
+                   exit(1);
+               }
+
+               db_args = temp;
+           }
+           db_args[db_args_size-1] = optarg;
+           db_args[db_args_size]   = NULL;
+         break;
+
        case 'r':                       /* realm name for db */
            if (!find_realm_data(optarg, (krb5_ui_4) strlen(optarg))) {
                if ((rdatap = (kdc_realm_t *) malloc(sizeof(kdc_realm_t)))) {
-                   if ((retval = init_realm(argv[0], rdatap, optarg, db_name,
+                   if ((retval = init_realm(argv[0], rdatap, optarg, 
                                             mkey_name, menctype,
                                             default_udp_ports,
-                                            default_tcp_ports, manual))) {
+                                            default_tcp_ports, manual, db_args))) {
                        fprintf(stderr,"%s: cannot initialize realm %s - see log file for details\n",
                                argv[0], optarg);
                        exit(1);
                    }
                    kdc_realmlist[kdc_numrealms] = rdatap;
                    kdc_numrealms++;
+                   free(db_args), db_args=NULL, db_args_size = 0;
+               }
+               else
+               {
+                       fprintf(stderr,"%s: cannot initialize realm %s. Not enough memory\n",
+                               argv[0], optarg);
+                       exit(1);
                }
            }
            break;
        case 'd':                       /* pathname for db */
-           db_name = optarg;
+           /* now db_name is not a seperate argument. It has to be passed as part of the db_args */
+           if( db_name == NULL )
+           {
+               db_name = malloc(1025);
+               if( db_name == NULL )
+               {
+                       fprintf(stderr,"%s: KDC cannot initialize. Not enough memory\n",
+                               argv[0] );
+                       exit(1);
+               }
+
+               sprintf( db_name, "dbname=%s", optarg);
+           }
+
+           db_args_size++;
+           {
+               char **temp = realloc( db_args, sizeof(char*) * (db_args_size+1)); /* one for NULL */
+               if( temp == NULL )
+               {
+                   fprintf(stderr,"%s: KDC cannot initialize. Not enough memory\n",
+                           argv[0]);
+                   exit(1);
+               }
+
+               db_args = temp;
+           }
+           db_args[db_args_size-1] = db_name;
+           db_args[db_args_size]   = NULL;
            break;
        case 'm':                       /* manual type-in of master key */
            manual = TRUE;
@@ -547,9 +594,9 @@ initialize_realms(krb5_context kcontext, int argc, char **argv)
            exit(1);
        }
        if ((rdatap = (kdc_realm_t *) malloc(sizeof(kdc_realm_t)))) {
-           if ((retval = init_realm(argv[0], rdatap, lrealm, db_name,
+           if ((retval = init_realm(argv[0], rdatap, lrealm, 
                                     mkey_name, menctype, default_udp_ports,
-                                    default_tcp_ports, manual))) {
+                                    default_tcp_ports, manual, db_args))) {
                fprintf(stderr,"%s: cannot initialize realm %s - see log file for details\n",
                        argv[0], lrealm);
                exit(1);
@@ -576,6 +623,10 @@ initialize_realms(krb5_context kcontext, int argc, char **argv)
        free(default_udp_ports);
     if (default_tcp_ports)
        free(default_tcp_ports);
+    if (db_args)
+       free(db_args);
+    if (db_name)
+       free(db_name);
 
     return;
 }
index 0dea38dd6c90641f005b337b81e8f548d36950ac..7e404b482cfd83a1f927b777c6f704e7100a9c05 100644 (file)
@@ -1,3 +1,9 @@
+2005-06-20  Ken Raeburn  <raeburn@mit.edu>
+
+       Novell merge.
+       * Makefile.in:
+       * krb524d.c:
+
 2004-09-08  Tom Yu  <tlyu@mit.edu>
 
        * Makefile.in (install-unix): Install krb524d manpage.
index 31c95f1dfd61bda3654c1ade974d72ff9e680208..acbfb0da5054f63da754c6426c61d00a7f4c96e7 100644 (file)
@@ -2,6 +2,8 @@ thisconfigdir=..
 myfulldir=krb524
 mydir=krb524
 BUILDTOP=$(REL)..
+KDB_DEP_LIB=-ldl -lpthread
+
 # Copyright 1994 by OpenVision Technologies, Inc.
 # 
 # Permission to use, copy, modify, distribute, and sell this software
@@ -78,7 +80,7 @@ SERVER_OBJS= krb524d.o cnv_tkt_skey.o conv_princ.o
 CLIENT_OBJS= $(OUTPRE)k524init.$(OBJEXT)
 
 krb524d: $(SERVER_OBJS) $(KADMSRV_DEPLIBS) $(KRB5_DEPLIB) $(KRB4COMPAT_DEPLIBS) $(APPUTILS_DEPLIB)
-       $(CC_LINK) -o krb524d $(SERVER_OBJS) $(KADMSRV_LIBS) $(KRB5_LIB) $(KRB4COMPAT_LIBS) $(APPUTILS_LIB)
+       $(CC_LINK) -o krb524d $(SERVER_OBJS) $(KADMSRV_LIBS) $(KDB_DEP_LIB) $(KRB5_LIB) $(KRB4COMPAT_LIBS) $(APPUTILS_LIB)
 
 k524init: $(CLIENT_OBJS) $(KRB5_DEPLIB) $(KRB4COMPAT_DEPLIBS)
        $(CC_LINK) -o k524init $(CLIENT_OBJS) $(KRB5_LIB) $(KRB4COMPAT_LIBS)
@@ -146,8 +148,8 @@ $(OUTPRE)krb524d.$(OBJEXT): krb524d.c $(BUILDTOP)/include/krb5.h \
   $(SRCTOP)/include/k5-thread.h $(BUILDTOP)/include/profile.h \
   $(SRCTOP)/include/port-sockets.h $(BUILDTOP)/include/krb5/autoconf.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/adb_err.h \
-  $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(SRCTOP)/include/krb5/adm_proto.h \
-  $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h \
-  $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h krb524d.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/kerberosIV/krb.h
+  $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \
+  $(SRCTOP)/include/krb5/adm_proto.h $(SRCTOP)/include/kerberosIV/krb.h \
+  $(SRCTOP)/include/kerberosIV/des.h $(KRB_ERR_H_DEP) \
+  $(BUILDTOP)/include/profile.h krb524d.h $(SRCTOP)/include/port-sockets.h \
+  $(SRCTOP)/include/kerberosIV/krb.h
index 5b3641bcc278f01bc4f86aaa52e2b9c67a85bb14..f126641b4a93bbbca0b8924c472d03ac1413692a 100644 (file)
@@ -313,7 +313,7 @@ void init_master(context, params)
 
      use_master = 0;
      if ((ret = kadm5_init(whoami, NULL, KADM5_ADMIN_SERVICE, params,
-                          KADM5_STRUCT_VERSION, KADM5_API_VERSION_2,
+                          KADM5_STRUCT_VERSION, KADM5_API_VERSION_2, NULL,
                           &handle))) {
          com_err(whoami, ret, "initializing kadm5 library");
          cleanup_and_exit(1, context);
index 4ef1d3109dde5885a4fa87a89510f4f81978a85a..dec6650ae7ebed83ee8e644aecfcdf33c5a1de29 100644 (file)
@@ -1,3 +1,10 @@
+2005-06-20  Ken Raeburn  <raeburn@mit.edu>
+
+       Novell merge.
+       * Makefile.in:
+       (LOCAL_SUBDIRS): Build kdb after rpc.
+       * krb5.saber.source: Deleted.
+
 2005-04-22  Jeffrey Altman <jaltman@mit.edu>
 
         * win_glue.c:  Remove calls to WSAStartup/WSACleanup because
index 67867c777688bb339e7e633a132612739169946b..3e34ef0ef5e68990cc22680d3a9f3e2e011eee3a 100644 (file)
@@ -1,7 +1,7 @@
 thisconfigdir=./..
 myfulldir=lib
 mydir=lib
-LOCAL_SUBDIRS=crypto krb5 des425 @KRB4@ kdb gssapi rpc kadm5 apputils
+LOCAL_SUBDIRS=crypto krb5 des425 @KRB4@ gssapi rpc kdb kadm5 apputils
 BUILDTOP=$(REL)..
 
 all-unix::
index 96b6dbc96a0481fac6229ce18de025164b1ace78..cb3f14b6599417aa3149e15f2fe18b4570043c73 100644 (file)
@@ -1,3 +1,16 @@
+2005-06-20  Ken Raeburn  <raeburn@mit.edu>
+
+       Novell merge.
+       * Makefile.in:
+       * adb_err.et:
+       * admin.h:
+       * admin_xdr.h:
+       * kadm_err.et:
+       * kadm_rpc.h:
+       * kadm_rpc_xdr.c:
+       * ovsec_glue.c:
+       * server_internal.h:
+
 2005-04-19  Ken Raeburn  <raeburn@mit.edu>
 
        * configure.in: Don't invoke AC_CANONICAL_HOST explicitly,
index 79847e982eea90034070ad87d716301ded9cf6f9..fe8384c9928d33203be80f1b10ed7bd0dde42532 100644 (file)
@@ -7,20 +7,16 @@ LOCAL_SUBDIRS = clnt srv unit-test
 ##DOSBUILDTOP = ..\..
 
 kadm_err.$(OBJEXT): kadm_err.c
-adb_err.$(OBJEXT): adb_err.c
 chpass_util_strings.$(OBJEXT): chpass_util_strings.c
 
 kadm_err.c kadm_err.h: $(srcdir)/kadm_err.et
-adb_err.c adb_err.h: $(srcdir)/adb_err.et
 chpass_util_strings.c chpass_util_strings.h: $(srcdir)/chpass_util_strings.et
 
 clean::
        $(RM) kadm_err.c kadm_err.h kadm_err.o
-       $(RM) adb_err.c adb_err.h adb_err.o
        $(RM) chpass_util_strings.c chpass_util_strings.h chpass_util_strings.o
 
 SRCS = kadm_err.c \
-       adb_err.c \
        chpass_util_strings.c \
        $(srcdir)/ovsec_glue.c \
        $(srcdir)/misc_free.c \
@@ -31,7 +27,6 @@ SRCS =        kadm_err.c \
        $(srcdir)/logger.c
 
 OBJS = kadm_err.$(OBJEXT) \
-       adb_err.$(OBJEXT) \
        chpass_util_strings.$(OBJEXT) \
        ovsec_glue.$(OBJEXT) \
        misc_free.$(OBJEXT) \
@@ -43,7 +38,6 @@ OBJS =        kadm_err.$(OBJEXT) \
 
 STLIBOBJS = \
        kadm_err.o \
-       adb_err.o \
        chpass_util_strings.o \
        ovsec_glue.o \
        misc_free.o \
@@ -54,18 +48,16 @@ STLIBOBJS = \
        logger.o
 
 HDRDIR=$(BUILDTOP)/include/kadm5
-HDRS = $(HDRDIR)/adb.h \
-       $(HDRDIR)/admin.h \
+HDRS = $(HDRDIR)/admin.h \
        $(HDRDIR)/admin_internal.h \
        $(HDRDIR)/admin_xdr.h \
        $(HDRDIR)/kadm_rpc.h \
        $(HDRDIR)/server_internal.h \
-       $(HDRDIR)/adb_err.h \
        $(HDRDIR)/chpass_util_strings.h \
        $(HDRDIR)/kadm_err.h
 
-BUILD_HDRS = adb_err.h chpass_util_strings.h kadm_err.h
-SRC_HDRS = adb.h admin.h admin_internal.h admin_xdr.h kadm_rpc.h \
+BUILD_HDRS = chpass_util_strings.h kadm_err.h
+SRC_HDRS = admin.h admin_internal.h admin_xdr.h kadm_rpc.h \
                server_internal.h 
 
 $(HDRS): includes
@@ -112,8 +104,6 @@ clean-windows::
 #
 kadm_err.so kadm_err.po $(OUTPRE)kadm_err.$(OBJEXT): \
   kadm_err.c $(COM_ERR_DEPS)
-adb_err.so adb_err.po $(OUTPRE)adb_err.$(OBJEXT): adb_err.c \
-  $(COM_ERR_DEPS)
 chpass_util_strings.so chpass_util_strings.po $(OUTPRE)chpass_util_strings.$(OBJEXT): \
   chpass_util_strings.c $(COM_ERR_DEPS)
 ovsec_glue.so ovsec_glue.po $(OUTPRE)ovsec_glue.$(OBJEXT): \
@@ -130,7 +120,7 @@ ovsec_glue.so ovsec_glue.po $(OUTPRE)ovsec_glue.$(OBJEXT): \
   $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/socket-utils.h \
   $(SRCTOP)/include/krb5/kdb.h $(BUILDTOP)/include/kadm5/kadm_err.h \
-  $(BUILDTOP)/include/kadm5/adb_err.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h
+  $(BUILDTOP)/include/kadm5/chpass_util_strings.h
 misc_free.so misc_free.po $(OUTPRE)misc_free.$(OBJEXT): \
   misc_free.c $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/gssrpc/rpc.h \
   $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/gssrpc/rename.h \
@@ -145,9 +135,8 @@ misc_free.so misc_free.po $(OUTPRE)misc_free.$(OBJEXT): \
   $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/socket-utils.h \
   $(SRCTOP)/include/krb5/kdb.h $(BUILDTOP)/include/kadm5/kadm_err.h \
-  $(BUILDTOP)/include/kadm5/adb_err.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \
-  server_internal.h $(SRCTOP)/include/krb5/kdb.h admin_internal.h \
-  adb.h $(DB_DEPS)
+  $(BUILDTOP)/include/kadm5/chpass_util_strings.h server_internal.h \
+  $(SRCTOP)/include/krb5/kdb.h admin_internal.h
 kadm_rpc_xdr.so kadm_rpc_xdr.po $(OUTPRE)kadm_rpc_xdr.$(OBJEXT): \
   kadm_rpc_xdr.c $(BUILDTOP)/include/gssrpc/rpc.h $(BUILDTOP)/include/gssrpc/types.h \
   $(BUILDTOP)/include/gssrpc/rename.h $(BUILDTOP)/include/gssrpc/xdr.h \
@@ -162,9 +151,10 @@ kadm_rpc_xdr.so kadm_rpc_xdr.po $(OUTPRE)kadm_rpc_xdr.$(OBJEXT): \
   $(SRCTOP)/include/port-sockets.h $(BUILDTOP)/include/krb5/autoconf.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
   $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/kadm_err.h \
-  $(BUILDTOP)/include/kadm5/adb_err.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \
-  $(BUILDTOP)/include/kadm5/kadm_rpc.h $(BUILDTOP)/include/kadm5/admin_xdr.h \
-  $(BUILDTOP)/include/kadm5/kadm_rpc.h
+  $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_rpc.h \
+  $(BUILDTOP)/include/kadm5/admin_xdr.h $(BUILDTOP)/include/kadm5/kadm_rpc.h \
+  $(BUILDTOP)/include/kadm5/server_internal.h $(SRCTOP)/include/krb5/kdb.h \
+  $(BUILDTOP)/include/kadm5/admin_internal.h
 chpass_util.so chpass_util.po $(OUTPRE)chpass_util.$(OBJEXT): \
   chpass_util.c $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/gssrpc/rpc.h \
   $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/gssrpc/rename.h \
@@ -179,8 +169,7 @@ chpass_util.so chpass_util.po $(OUTPRE)chpass_util.$(OBJEXT): \
   $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/socket-utils.h \
   $(SRCTOP)/include/krb5/kdb.h $(BUILDTOP)/include/kadm5/kadm_err.h \
-  $(BUILDTOP)/include/kadm5/adb_err.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \
-  admin_internal.h
+  $(BUILDTOP)/include/kadm5/chpass_util_strings.h admin_internal.h
 alt_prof.so alt_prof.po $(OUTPRE)alt_prof.$(OBJEXT): \
   alt_prof.c $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/krb5/osconf.h \
   $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/k5-platform.h \
@@ -196,8 +185,7 @@ alt_prof.so alt_prof.po $(OUTPRE)alt_prof.$(OBJEXT): \
   $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/svc_auth.h \
   $(BUILDTOP)/include/gssrpc/svc.h $(BUILDTOP)/include/krb5.h \
   $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/kadm5/kadm_err.h \
-  $(BUILDTOP)/include/kadm5/adb_err.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \
-  $(SRCTOP)/include/krb5/adm_proto.h
+  $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(SRCTOP)/include/krb5/adm_proto.h
 str_conv.so str_conv.po $(OUTPRE)str_conv.$(OBJEXT): \
   str_conv.c $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/krb5/osconf.h \
   $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/k5-platform.h \
@@ -213,8 +201,8 @@ str_conv.so str_conv.po $(OUTPRE)str_conv.$(OBJEXT): \
   $(BUILDTOP)/include/gssrpc/auth_gss.h $(BUILDTOP)/include/gssapi/gssapi.h \
   $(BUILDTOP)/include/gssrpc/svc_auth.h $(BUILDTOP)/include/gssrpc/svc.h \
   $(BUILDTOP)/include/krb5.h $(SRCTOP)/include/k5-int.h \
-  $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/adb_err.h \
-  $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(SRCTOP)/include/krb5/adm_proto.h
+  $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \
+  $(SRCTOP)/include/krb5/adm_proto.h
 logger.so logger.po $(OUTPRE)logger.$(OBJEXT): logger.c \
   $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/krb5/osconf.h \
   $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/k5-platform.h \
index 4051601ecaa7ff0c7de6c77c304462a79958036c..a70e90b4eb050dc79bf75cdf24f939abde316e47 100644 (file)
@@ -43,7 +43,6 @@
 #include       <k5-int.h>
 #include       <com_err.h>
 #include       <kadm5/kadm_err.h>
-#include       <kadm5/adb_err.h>
 #include       <kadm5/chpass_util_strings.h>
 
 #define KADM5_ADMIN_SERVICE    "kadmin/admin"
@@ -204,11 +203,6 @@ typedef struct _kadm5_policy_ent_t {
        long            policy_refcnt;
 } kadm5_policy_ent_rec, *kadm5_policy_ent_t;
 
-typedef struct __krb5_key_salt_tuple {
-     krb5_enctype      ks_enctype;
-     krb5_int32                ks_salttype;
-} krb5_key_salt_tuple;
-
 /*
  * Data structure returned by kadm5_get_config_params()
  */
@@ -304,6 +298,7 @@ kadm5_ret_t    kadm5_init(char *client_name, char *pass,
 #endif
                          krb5_ui_4 struct_version,
                          krb5_ui_4 api_version,
+                         char **db_args,
                          void **server_handle);
 kadm5_ret_t    kadm5_init_with_password(char *client_name,
                                        char *pass, 
@@ -315,6 +310,7 @@ kadm5_ret_t    kadm5_init_with_password(char *client_name,
 #endif
                                        krb5_ui_4 struct_version,
                                        krb5_ui_4 api_version,
+                                       char **db_args,
                                        void **server_handle);
 kadm5_ret_t    kadm5_init_with_skey(char *client_name,
                                    char *keytab,
@@ -326,6 +322,7 @@ kadm5_ret_t    kadm5_init_with_skey(char *client_name,
 #endif
                                    krb5_ui_4 struct_version,
                                    krb5_ui_4 api_version,
+                                   char **db_args,
                                    void **server_handle);
 #if USE_KADM5_API_VERSION > 1
 kadm5_ret_t    kadm5_init_with_creds(char *client_name,
@@ -334,6 +331,7 @@ kadm5_ret_t    kadm5_init_with_creds(char *client_name,
                                     kadm5_config_params *params,
                                     krb5_ui_4 struct_version,
                                     krb5_ui_4 api_version,
+                                    char **db_args,
                                     void **server_handle);
 #endif
 kadm5_ret_t    kadm5_lock(void *server_handle);
@@ -594,6 +592,7 @@ ovsec_kadm_ret_t    ovsec_kadm_init(char *client_name, char *pass,
                                    char *service_name, char *realm,
                                    krb5_ui_4 struct_version,
                                    krb5_ui_4 api_version,
+                                   char **db_args,
                                    void **server_handle);
 ovsec_kadm_ret_t    ovsec_kadm_init_with_password(char *client_name,
                                                  char *pass, 
@@ -601,6 +600,7 @@ ovsec_kadm_ret_t    ovsec_kadm_init_with_password(char *client_name,
                                                  char *realm, 
                                                  krb5_ui_4 struct_version,
                                                  krb5_ui_4 api_version,
+                                                 char ** db_args,
                                                  void **server_handle);
 ovsec_kadm_ret_t    ovsec_kadm_init_with_skey(char *client_name,
                                              char *keytab,
@@ -608,6 +608,7 @@ ovsec_kadm_ret_t    ovsec_kadm_init_with_skey(char *client_name,
                                              char *realm,
                                              krb5_ui_4 struct_version,
                                              krb5_ui_4 api_version,
+                                             char **db_args,
                                              void **server_handle);
 ovsec_kadm_ret_t    ovsec_kadm_flush(void *server_handle);
 ovsec_kadm_ret_t    ovsec_kadm_destroy(void *server_handle);
index 305502541d407498005b591ce28644fd1682145c..05d1a7ea611ef31e0ad72199c3cf1daaf0de4d7a 100644 (file)
@@ -7,6 +7,7 @@
 
 #include    <kadm5/admin.h>
 #include    "kadm_rpc.h"
+#include    "server_internal.h"
 
 bool_t      xdr_ui_4(XDR *xdrs, krb5_ui_4 *objp);
 bool_t     xdr_nullstring(XDR *xdrs, char **objp);
@@ -59,3 +60,5 @@ bool_t            xdr_krb5_int32(XDR *xdrs, krb5_int32 *objp);
 bool_t     xdr_krb5_enctype(XDR *xdrs, krb5_enctype *objp);
 bool_t      xdr_krb5_salttype(XDR *xdrs, krb5_int32 *objp);
 bool_t     xdr_krb5_keyblock(XDR *xdrs, krb5_keyblock *objp);
+bool_t      xdr_krb5_key_data(XDR *xdrs, krb5_key_data *objp);
+bool_t      xdr_osa_pw_hist_ent(XDR *xdrs, osa_pw_hist_ent *objp);
index fc2dfca2e3ed87c1d64a93abfe87184343aa18fe..a296c1e7d38ec32ea79e62f79fd046a3c5a35eda 100644 (file)
@@ -1,3 +1,14 @@
+2005-06-20  Ken Raeburn  <raeburn@mit.edu>
+
+       Novell merge.
+       * Makefile.in:
+       * client_init.c:
+       * client_principal.c:
+       * clnt_policy.c:
+       * clnt_privs.c:
+       * err_handle.c:
+       * err_handle.h:
+
 2005-02-11  Tom Yu  <tlyu@mit.edu>
 
        * client_init.c (kadm5_get_init_creds, kadm5_gic_iter) 
index f4ed9db748861743b9380347291699e1e36f54aa..449d75378241b5567d23ec956d8e8c98272ed4f0 100644 (file)
@@ -27,6 +27,7 @@ SRCS =        $(srcdir)/clnt_policy.c \
        $(srcdir)/client_principal.c \
        $(srcdir)/client_init.c \
        $(srcdir)/clnt_privs.c \
+       $(srcdir)/err_handle.c \
        $(srcdir)/clnt_chpass_util.c
 
 OBJS = \
@@ -35,6 +36,7 @@ OBJS =        \
        client_principal.$(OBJEXT) \
        client_init.$(OBJEXT) \
        clnt_privs.$(OBJEXT) \
+       err_handle.$(OBJEXT) \
        clnt_chpass_util.$(OBJEXT)
 
 STLIBOBJS = \
@@ -43,8 +45,11 @@ STLIBOBJS = \
        client_principal.o \
        client_init.o \
        clnt_privs.o \
+       err_handle.o \
        clnt_chpass_util.o
 
+err_handle.o : err_handle.h err_handle.c
+
 all-unix:: includes
 all-unix:: all-liblinks
 all-windows:: $(OBJS)
@@ -91,9 +96,9 @@ clnt_policy.so clnt_policy.po $(OUTPRE)clnt_policy.$(OBJEXT): \
   $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/socket-utils.h \
   $(SRCTOP)/include/krb5/kdb.h $(BUILDTOP)/include/kadm5/kadm_err.h \
-  $(BUILDTOP)/include/kadm5/adb_err.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \
-  $(BUILDTOP)/include/kadm5/kadm_rpc.h client_internal.h \
-  $(BUILDTOP)/include/kadm5/admin_internal.h
+  $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_rpc.h \
+  client_internal.h $(BUILDTOP)/include/kadm5/admin_internal.h \
+  err_handle.h
 client_rpc.so client_rpc.po $(OUTPRE)client_rpc.$(OBJEXT): \
   client_rpc.c $(BUILDTOP)/include/gssrpc/rpc.h $(BUILDTOP)/include/gssrpc/types.h \
   $(BUILDTOP)/include/gssrpc/rename.h $(BUILDTOP)/include/gssrpc/xdr.h \
@@ -108,8 +113,7 @@ client_rpc.so client_rpc.po $(OUTPRE)client_rpc.$(OBJEXT): \
   $(SRCTOP)/include/k5-thread.h $(BUILDTOP)/include/profile.h \
   $(SRCTOP)/include/port-sockets.h $(BUILDTOP)/include/krb5/autoconf.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/adb_err.h \
-  $(BUILDTOP)/include/kadm5/chpass_util_strings.h
+  $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h
 client_principal.so client_principal.po $(OUTPRE)client_principal.$(OBJEXT): \
   client_principal.c $(BUILDTOP)/include/gssrpc/rpc.h \
   $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/gssrpc/rename.h \
@@ -124,9 +128,9 @@ client_principal.so client_principal.po $(OUTPRE)client_principal.$(OBJEXT): \
   $(SRCTOP)/include/k5-thread.h $(BUILDTOP)/include/profile.h \
   $(SRCTOP)/include/port-sockets.h $(BUILDTOP)/include/krb5/autoconf.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/adb_err.h \
-  $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_rpc.h \
-  client_internal.h $(BUILDTOP)/include/kadm5/admin_internal.h
+  $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \
+  $(BUILDTOP)/include/kadm5/kadm_rpc.h client_internal.h \
+  $(BUILDTOP)/include/kadm5/admin_internal.h err_handle.h
 client_init.so client_init.po $(OUTPRE)client_init.$(OBJEXT): \
   client_init.c $(COM_ERR_DEPS) $(BUILDTOP)/include/krb5.h \
   $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/krb5/osconf.h \
@@ -141,10 +145,10 @@ client_init.so client_init.po $(OUTPRE)client_init.$(OBJEXT): \
   $(BUILDTOP)/include/gssrpc/rpc_msg.h $(BUILDTOP)/include/gssrpc/auth_unix.h \
   $(BUILDTOP)/include/gssrpc/auth_gss.h $(BUILDTOP)/include/gssapi/gssapi.h \
   $(BUILDTOP)/include/gssrpc/svc_auth.h $(BUILDTOP)/include/gssrpc/svc.h \
-  $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/adb_err.h \
-  $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_rpc.h \
-  client_internal.h $(BUILDTOP)/include/kadm5/admin_internal.h \
-  $(BUILDTOP)/include/gssapi/gssapi_krb5.h $(BUILDTOP)/include/gssrpc/auth_gssapi.h
+  $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \
+  $(BUILDTOP)/include/kadm5/kadm_rpc.h client_internal.h \
+  $(BUILDTOP)/include/kadm5/admin_internal.h $(BUILDTOP)/include/gssapi/gssapi_krb5.h \
+  $(BUILDTOP)/include/gssrpc/auth_gssapi.h
 clnt_privs.so clnt_privs.po $(OUTPRE)clnt_privs.$(OBJEXT): \
   clnt_privs.c $(BUILDTOP)/include/gssrpc/rpc.h $(BUILDTOP)/include/gssrpc/types.h \
   $(BUILDTOP)/include/gssrpc/rename.h $(BUILDTOP)/include/gssrpc/xdr.h \
@@ -159,9 +163,17 @@ clnt_privs.so clnt_privs.po $(OUTPRE)clnt_privs.$(OBJEXT): \
   $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/socket-utils.h \
   $(SRCTOP)/include/krb5/kdb.h $(BUILDTOP)/include/kadm5/kadm_err.h \
-  $(BUILDTOP)/include/kadm5/adb_err.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \
-  $(BUILDTOP)/include/kadm5/kadm_rpc.h client_internal.h \
-  $(BUILDTOP)/include/kadm5/admin_internal.h
+  $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_rpc.h \
+  client_internal.h $(BUILDTOP)/include/kadm5/admin_internal.h \
+  err_handle.h
+err_handle.so err_handle.po $(OUTPRE)err_handle.$(OBJEXT): \
+  err_handle.c err_handle.h $(SRCTOP)/include/k5-int.h \
+  $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5/autoconf.h \
+  $(SRCTOP)/include/k5-thread.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+  $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/socket-utils.h \
+  $(SRCTOP)/include/krb5/kdb.h
 clnt_chpass_util.so clnt_chpass_util.po $(OUTPRE)clnt_chpass_util.$(OBJEXT): \
   clnt_chpass_util.c $(BUILDTOP)/include/kadm5/admin.h \
   $(BUILDTOP)/include/gssrpc/rpc.h $(BUILDTOP)/include/gssrpc/types.h \
@@ -176,6 +188,5 @@ clnt_chpass_util.so clnt_chpass_util.po $(OUTPRE)clnt_chpass_util.$(OBJEXT): \
   $(SRCTOP)/include/k5-thread.h $(BUILDTOP)/include/profile.h \
   $(SRCTOP)/include/port-sockets.h $(BUILDTOP)/include/krb5/autoconf.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/adb_err.h \
-  $(BUILDTOP)/include/kadm5/chpass_util_strings.h client_internal.h \
-  $(BUILDTOP)/include/kadm5/admin_internal.h
+  $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \
+  client_internal.h $(BUILDTOP)/include/kadm5/admin_internal.h
index f1031548f14604b3ac76c4654675ce192efa766d..cf5638e467e07d531a59a28ec8b0cadd73bffbc1 100644 (file)
@@ -65,6 +65,7 @@ static kadm5_ret_t _kadm5_init_any(char *client_name,
                                   kadm5_config_params *params,
                                   krb5_ui_4 struct_version,
                                   krb5_ui_4 api_version,
+                                  char **db_args,
                                   void **server_handle);
 
 static kadm5_ret_t
@@ -99,11 +100,12 @@ kadm5_ret_t kadm5_init_with_creds(char *client_name,
                                  kadm5_config_params *params,
                                  krb5_ui_4 struct_version,
                                  krb5_ui_4 api_version,
+                                 char **db_args,
                                  void **server_handle)
 {
      return _kadm5_init_any(client_name, INIT_CREDS, NULL, ccache,
                            service_name, params,
-                           struct_version, api_version,
+                           struct_version, api_version, db_args,
                            server_handle);
 }
 
@@ -113,11 +115,12 @@ kadm5_ret_t kadm5_init_with_password(char *client_name, char *pass,
                                     kadm5_config_params *params,
                                     krb5_ui_4 struct_version,
                                     krb5_ui_4 api_version,
+                                    char **db_args,
                                     void **server_handle)
 {
      return _kadm5_init_any(client_name, INIT_PASS, pass, NULL,
                            service_name, params, struct_version,
-                           api_version, server_handle);
+                           api_version, db_args, server_handle);
 }
 
 kadm5_ret_t kadm5_init(char *client_name, char *pass,
@@ -125,11 +128,12 @@ kadm5_ret_t kadm5_init(char *client_name, char *pass,
                       kadm5_config_params *params,
                       krb5_ui_4 struct_version,
                       krb5_ui_4 api_version,
+                      char **db_args,
                       void **server_handle)
 {
      return _kadm5_init_any(client_name, INIT_PASS, pass, NULL,
                            service_name, params, struct_version,
-                           api_version, server_handle);
+                           api_version, db_args, server_handle);
 }
 
 kadm5_ret_t kadm5_init_with_skey(char *client_name, char *keytab,
@@ -137,11 +141,12 @@ kadm5_ret_t kadm5_init_with_skey(char *client_name, char *keytab,
                                 kadm5_config_params *params,
                                 krb5_ui_4 struct_version,
                                 krb5_ui_4 api_version,
+                                char **db_args,
                                 void **server_handle)
 {
      return _kadm5_init_any(client_name, INIT_SKEY, keytab, NULL,
                            service_name, params, struct_version,
-                           api_version, server_handle);
+                           api_version, db_args, server_handle);
 }
 
 static kadm5_ret_t _kadm5_init_any(char *client_name,
@@ -152,6 +157,7 @@ static kadm5_ret_t _kadm5_init_any(char *client_name,
                                   kadm5_config_params *params_in,
                                   krb5_ui_4 struct_version,
                                   krb5_ui_4 api_version,
+                                  char **db_args,
                                   void **server_handle)
 {
      struct sockaddr_in addr;
@@ -168,7 +174,7 @@ static kadm5_ret_t _kadm5_init_any(char *client_name,
      generic_ret *r;
 
      initialize_ovk_error_table();
-     initialize_adb_error_table();
+/*      initialize_adb_error_table(); */
      initialize_ovku_error_table();
      
      if (! server_handle) {
index 972a7b3219e411a828ad7be5618a901146997d58..eb224832529e4ec33903a7756dfc6dbd418b1c0c 100644 (file)
@@ -15,6 +15,7 @@ static char *rcsid = "$Header$";
 #include    <memory.h>
 #endif
 #include    "client_internal.h"
+#include    "err_handle.h"
 
 #ifdef DEBUG
 #define eret() do { clnt_perror(handle->clnt, "null ret"); return KADM5_RPC_ERROR; } while (0)
@@ -254,6 +255,11 @@ kadm5_get_principal(void *server_handle,
              memcpy(ent, &r->rec, sizeof(r->rec));
     }
     
+
+    if(r->code)
+    {
+       krb5_set_err( handle->context, krb5_err_have_str, r->code, r->err_str );
+    }
     return r->code;
 }
 
@@ -282,6 +288,10 @@ kadm5_get_principals(void *server_handle,
         *princs = NULL;
     }
     
+    if(r->code)
+    {
+       krb5_set_err( handle->context, krb5_err_have_str, r->code, r->err_str );
+    }
     return r->code;
 }
 
@@ -483,6 +493,11 @@ kadm5_randkey_principal_3(void *server_handle,
          }
     }
 
+    if(r->code)
+    {
+       krb5_set_err( handle->context, krb5_err_have_str, r->code, r->err_str );
+    }
+
     return r->code;
 }
 
@@ -531,6 +546,11 @@ kadm5_randkey_principal(void *server_handle,
          }
     }
 
+    if(r->code)
+    {
+       krb5_set_err( handle->context, krb5_err_have_str, r->code, r->err_str );
+    }
+
     return r->code;
 }
 
index 182b2d9e721dea339003640e05d44a01f7f559c5..55bef4af76ece9ca9caa15349390c198acc78a6a 100644 (file)
@@ -14,6 +14,7 @@ static char *rcsid = "$Header$";
 #include    "client_internal.h"
 #include       <stdlib.h>
 #include       <string.h>
+#include    "err_handle.h"
 
 kadm5_ret_t
 kadm5_create_policy(void *server_handle,
@@ -34,6 +35,11 @@ kadm5_create_policy(void *server_handle,
     r = create_policy_1(&arg, handle->clnt);
     if(r == NULL)
        return KADM5_RPC_ERROR;    
+
+    if(r->code)
+    {
+       krb5_set_err( handle->context, krb5_err_have_str, r->code, r->err_str );
+    }
     return r->code;
 }
 
@@ -55,6 +61,11 @@ kadm5_delete_policy(void *server_handle, char *name)
     r = delete_policy_1(&arg, handle->clnt);
     if(r == NULL)
        return KADM5_RPC_ERROR;    
+
+    if(r->code)
+    {
+       krb5_set_err( handle->context, krb5_err_have_str, r->code, r->err_str );
+    }
     return r->code;
 }
 
@@ -78,6 +89,11 @@ kadm5_modify_policy(void *server_handle,
     r = modify_policy_1(&arg, handle->clnt);
     if(r == NULL)
        return KADM5_RPC_ERROR;    
+
+    if(r->code)
+    {
+       krb5_set_err( handle->context, krb5_err_have_str, r->code, r->err_str );
+    }
     return r->code;
 }
 
@@ -116,6 +132,10 @@ kadm5_get_policy(void *server_handle, char *name, kadm5_policy_ent_t ent)
              memcpy(ent, &r->rec, sizeof(r->rec));
     }
         
+    if(r->code)
+    {
+       krb5_set_err( handle->context, krb5_err_have_str, r->code, r->err_str );
+    }
     return r->code;
 }
 
@@ -144,5 +164,9 @@ kadm5_get_policies(void *server_handle,
         *pols = NULL;
     }
     
+    if(r->code)
+    {
+       krb5_set_err( handle->context, krb5_err_have_str, r->code, r->err_str );
+    }
     return r->code;
 }
index 0452f72e023ff3b1b35c421a9f7426b670ba0be9..497feea5d48b899826f4f8723c3f33db12bd29e9 100644 (file)
@@ -5,6 +5,15 @@
  * $Source$
  * 
  * $Log$
+ * Revision 1.3  2005/06/21 01:35:56  raeburn
+ * Novell Database Abstraction Layer merge.
+ * Will probably break things.
+ *
+ * Revision 1.2.26.1  2005/06/17 21:11:24  raeburn
+ * Initial checkin of Novell Database Abstraction Layer changes.
+ * Patches applied to 1.4.1 release code, updated to trunk, makefile dependencies
+ * deleted when they caused cvs merge conflicts.
+ *
  * Revision 1.2  1998/02/14 02:32:58  tlyu
  *     * client_init.c:
  *     * client_principal.c:
@@ -65,6 +74,7 @@ static char *rcsid = "$Header$";
 #include    <kadm5/admin.h>
 #include    <kadm5/kadm_rpc.h>
 #include    "client_internal.h"
+#include    "err_handle.h"
 
 kadm5_ret_t kadm5_get_privs(void *server_handle, long *privs)
 {
@@ -76,5 +86,10 @@ kadm5_ret_t kadm5_get_privs(void *server_handle, long *privs)
          return KADM5_RPC_ERROR;
      else if (r->code == KADM5_OK)
          *privs = r->privs;
+
+     if(r->code)
+     {
+        krb5_set_err( handle->context, krb5_err_have_str, r->code, r->err_str );
+     }
      return r->code;
 }
diff --git a/src/lib/kadm5/clnt/err_handle.c b/src/lib/kadm5/clnt/err_handle.c
new file mode 100644 (file)
index 0000000..997544d
--- /dev/null
@@ -0,0 +1,185 @@
+/**********************************************************************
+*
+*      C %name:                err_handle.c %
+*      Instance:               idc_sec_1
+*      Description:    
+*      %created_by:    spradeep %
+*      %date_created:  Thu Apr  7 15:36:27 2005 %
+*
+**********************************************************************/
+#ifndef lint
+static char *_csrc = "@(#) %filespec: err_handle.c~1 %  (%full_filespec: err_handle.c~1:csrc:idc_sec#2 %)";
+#endif
+
+/* this file should be ideally be in util/et. But, for now thread safety requirement stops me from putting there. 
+ if I do, then all the applications have to link to pthread */
+
+#ifdef HAVE_PTHREAD_H
+#include <pthread.h>
+#endif
+#include "err_handle.h"
+#include <assert.h>
+
+#ifdef NOVELL
+krb5_errcode_2_string_func old_error_2_string = NULL;
+#endif
+
+typedef struct {
+    char krb5_err_str[KRB5_MAX_ERR_STR + 1];
+    long err_code;
+    krb5_err_subsystem subsystem;
+    krb5_context kcontext;
+} krb5_err_struct_t;
+
+#ifdef HAVE_PTHREAD_H
+static void tsd_key_destructor(void *data)
+{
+    free(data);
+}
+
+static pthread_key_t krb5_err_key;
+
+static void init_err_handling( void )
+{
+    assert(!pthread_key_create(&krb5_err_key, tsd_key_destructor));
+#ifdef NOVELL
+    old_error_2_string = error_message;
+    error_message = krb5_get_err_string;
+#endif
+}
+
+static pthread_once_t krb5_key_create = PTHREAD_ONCE_INIT;
+
+krb5_error_code krb5_set_err( krb5_context kcontext, krb5_err_subsystem subsystem, long err_code, char *str )
+{
+    int ret;
+    krb5_err_struct_t *err_struct;
+    pthread_once(&krb5_key_create, init_err_handling);
+    
+    err_struct = (krb5_err_struct_t*) pthread_getspecific(krb5_err_key);
+    if( err_struct == NULL )
+    {
+       err_struct = calloc(sizeof(krb5_err_struct_t), 1);
+       if( err_struct == NULL )
+           return ENOMEM;
+
+       if((ret = pthread_setspecific(krb5_err_key, err_struct)))
+       {
+           free( err_struct );
+           return ret;
+       }
+    }
+
+    err_struct->subsystem = subsystem;
+    err_struct->err_code  = err_code;
+    err_struct->kcontext  = kcontext;
+    if( err_struct->subsystem == krb5_err_have_str )
+    {
+       strncpy( err_struct->krb5_err_str, str, sizeof(err_struct->krb5_err_str) );
+       err_struct->krb5_err_str[KRB5_MAX_ERR_STR] = '\0';
+    }
+
+    return 0;
+}
+
+const char * KRB5_CALLCONV krb5_get_err_string(long err_code)
+{
+    krb5_err_struct_t *err_struct;
+    pthread_once(&krb5_key_create, init_err_handling);
+    
+    err_struct = (krb5_err_struct_t*) pthread_getspecific(krb5_err_key);
+    if( err_struct && (err_struct->subsystem == krb5_err_have_str) && (err_code == err_struct->err_code) )
+    {
+       /* checking error code is for safety. 
+          In case, the caller ignores a database error and calls other calls before doing com_err. 
+          Though not perfect, caller should call krb5_clr_error before this*/
+       err_struct->subsystem = krb5_err_unknown;
+       return err_struct->krb5_err_str;
+    }
+
+    /* Error strings are not generated here. the remaining two cases are handled by the default error string convertor */
+#ifdef NOVELL
+    return old_error_2_string(err_code);
+#else
+    return error_message(err_code);
+#endif
+}
+
+void krb5_clr_error()
+{
+    krb5_err_struct_t *err_struct;
+    pthread_once(&krb5_key_create, init_err_handling);
+    
+    err_struct = (krb5_err_struct_t*) pthread_getspecific(krb5_err_key);
+    if( err_struct )
+       err_struct->subsystem = krb5_err_unknown;
+}
+
+#else
+krb5_err_struct_t krb5_err = {{0}, 0, 0, 0};
+krb5_boolean krb5_init_once = TRUE;
+
+static void init_err_handling( void )
+{
+    if( krb5_init_once )
+    {
+#ifdef NOVELL
+       old_error_2_string = error_message;
+       error_message = krb5_get_err_string;
+#endif
+       krb5_init_once = FALSE;
+    }
+}
+
+krb5_error_code krb5_set_err( krb5_context kcontext, krb5_err_subsystem subsystem, long err_code, char *str )
+{
+    krb5_err_struct_t *err_struct = &krb5_err;
+
+    init_err_handling(); /* takes care for multiple inits */
+
+    err_struct->subsystem = subsystem;
+    err_struct->err_code  = err_code;
+    err_struct->kcontext  = kcontext;
+    if( err_struct->subsystem == krb5_err_have_str )
+    {
+       strncpy( err_struct->krb5_err_str, str, sizeof(err_struct->krb5_err_str) );
+       err_struct->krb5_err_str[KRB5_MAX_ERR_STR] = '\0';
+    }
+
+    return 0;
+}
+
+const char * KRB5_CALLCONV krb5_get_err_string(long err_code)
+{
+    krb5_err_struct_t *err_struct = &krb5_err;
+
+    init_err_handling(); /* takes care for multiple inits */
+
+    if( (err_struct->subsystem == krb5_err_have_str) && (err_code == err_struct->err_code) )
+    {
+       /* checking error code is for safety. 
+          In case, the caller ignores a database error and calls other calls before doing com_err. 
+          Though not perfect, caller should call krb5_clr_error before this*/
+       err_struct->subsystem = krb5_err_unknown;
+       return err_struct->krb5_err_str;
+    }
+
+    /* it is not generated here. the remaining two cases are handled by the default error string convertor */
+#ifdef NOVELL
+    return old_error_2_string(err_code);
+#else
+    return error_message(err_code);
+#endif
+}
+
+void krb5_clr_error()
+{
+    krb5_err_struct_t *err_struct = &krb5_err;
+
+    init_err_handling(); /* takes care for multiple inits */
+
+    err_struct->subsystem = krb5_err_unknown;
+}
+
+
+#endif
diff --git a/src/lib/kadm5/clnt/err_handle.h b/src/lib/kadm5/clnt/err_handle.h
new file mode 100644 (file)
index 0000000..76b6ee4
--- /dev/null
@@ -0,0 +1,32 @@
+/**********************************************************************
+*
+*      C Header:               err_handle.h
+*      Instance:               idc_sec_1
+*      Description:    
+*      %created_by:    spradeep %
+*      %date_created:  Thu Apr  7 15:36:49 2005 %
+*
+**********************************************************************/
+#ifndef _idc_sec_1_err_handle_h_H
+#define _idc_sec_1_err_handle_h_H
+#include <k5-int.h>
+
+/* Everything else goes here */
+
+#define KRB5_MAX_ERR_STR 1024
+typedef enum krb5_err_subsystem { krb5_err_unknown = 0, /* no error or unknown system. Has to be probed */
+                                 krb5_err_system,    /* error in system call */
+                                 krb5_err_krblib,    /* error in kerberos library call, should lookup in the error table */
+                                 krb5_err_have_str,  /* error message is available in the string */
+                                 krb5_err_db         /* error is a database error, should be handled by calling DB */
+} krb5_err_subsystem;
+
+typedef krb5_error_code (*krb5_set_err_func_t)( krb5_context, krb5_err_subsystem, long, char*);
+
+krb5_error_code krb5_set_err( krb5_context kcontext, krb5_err_subsystem subsystem, long err_code, char *str );
+
+const char * KRB5_CALLCONV krb5_get_err_string(long err_code);
+
+void krb5_clr_error(void);
+
+#endif
index c7b48b3694f56eaaaac11b67fc5ca4fd18aa6978..da18a74eb5f6894c373fd049aaf4d8df7e5064c9 100644 (file)
@@ -59,4 +59,5 @@ error_code KADM5_SETKEY_DUP_ENCTYPES, "Multiple values for single or folded enct
 error_code KADM5_SETV4KEY_INVAL_ENCTYPE, "Invalid enctype for setv4key"
 error_code KADM5_SETKEY3_ETYPE_MISMATCH, "Mismatched enctypes for setkey3"
 error_code KADM5_MISSING_KRB5_CONF_PARAMS, "Missing parameters in krb5.conf required for kadmin client"
+error_code KADM5_XDR_FAILURE,          "XDR encoding error"
 end
index d546c9472b7d72d4de5286836904d0dbd0dd155e..df776436180209fc2f3077e8a9f63ec8dbd05f51 100644 (file)
@@ -29,6 +29,7 @@ bool_t xdr_cprinc3_arg();
 struct generic_ret {
        krb5_ui_4 api_version;
        kadm5_ret_t code;
+        char *err_str;
 };
 typedef struct generic_ret generic_ret;
 bool_t xdr_generic_ret();
@@ -68,6 +69,7 @@ struct gprincs_ret {
        kadm5_ret_t code;
        char **princs;
        int count;
+        char *err_str;
 };
 typedef struct gprincs_ret gprincs_ret;
 bool_t xdr_gprincs_ret();
@@ -143,6 +145,7 @@ struct chrand_ret {
        krb5_keyblock key;
        krb5_keyblock *keys;
        int n_keys;
+        char *err_str;
 };
 typedef struct chrand_ret chrand_ret;
 bool_t xdr_chrand_ret();
@@ -159,6 +162,7 @@ struct gprinc_ret {
        krb5_ui_4 api_version;
        kadm5_ret_t code;
        kadm5_principal_ent_rec rec;
+        char *err_str;
 };
 typedef struct gprinc_ret gprinc_ret;
 bool_t xdr_gprinc_ret();
@@ -206,6 +210,7 @@ struct gpol_ret {
        krb5_ui_4 api_version;
        kadm5_ret_t code;
        kadm5_policy_ent_rec rec;
+        char *err_str;
 };
 typedef struct gpol_ret gpol_ret;
 bool_t xdr_gpol_ret();
@@ -222,6 +227,7 @@ struct gpols_ret {
        kadm5_ret_t code;
        char **pols;
        int count;
+        char *err_str;
 };
 typedef struct gpols_ret gpols_ret;
 bool_t xdr_gpols_ret();
@@ -230,6 +236,7 @@ struct getprivs_ret {
        krb5_ui_4 api_version;
        kadm5_ret_t code;
        long privs;
+        char *err_str;
 };
 typedef struct getprivs_ret getprivs_ret;
 bool_t xdr_getprivs_ret();
index f5a34e925b997006f6cf5f5d3f2097e850234945..f7090bdcf7d825bb931ce93ed2e135632045b84c 100644 (file)
@@ -544,6 +544,19 @@ xdr_generic_ret(XDR *xdrs, generic_ret *objp)
        if (!xdr_kadm5_ret_t(xdrs, &objp->code)) {
                return (FALSE);
        }
+
+       if( xdrs->x_op == XDR_ENCODE )
+       {
+           char *tmp_str = "Unknown error code";
+           if(!xdr_string(xdrs, objp->err_str?&objp->err_str:&tmp_str, (unsigned int)-1 )) {
+               return (FALSE);
+           }
+       } else {
+           if(!xdr_string(xdrs, &objp->err_str, (unsigned int)-1 )) {
+               return (FALSE);
+           }
+       }
+
        return(TRUE);
 }
 
@@ -626,6 +639,19 @@ xdr_gprincs_ret(XDR *xdrs, gprincs_ret *objp)
               return (FALSE);
          }
      }
+
+     if( xdrs->x_op == XDR_ENCODE )
+     {
+        char *tmp_str = "Unknown error code";
+        if(!xdr_string(xdrs, objp->err_str?&objp->err_str:&tmp_str, (unsigned int)-1 )) {
+            return (FALSE);
+        }
+     } else {
+        if(!xdr_string(xdrs, &objp->err_str, (unsigned int)-1 )) {
+            return (FALSE);
+        }
+     }
+
      return (TRUE);
 }
 
@@ -785,7 +811,19 @@ xdr_chrand_ret(XDR *xdrs, chrand_ret *objp)
                       return FALSE;
             }
        }
-       
+
+       if( xdrs->x_op == XDR_ENCODE )
+       {
+           char *tmp_str = "Unknown error code";
+           if(!xdr_string(xdrs, objp->err_str?&objp->err_str:&tmp_str, (unsigned int)-1 )) {
+               return (FALSE);
+           }
+       } else {
+           if(!xdr_string(xdrs, &objp->err_str, (unsigned int)-1 )) {
+               return (FALSE);
+           }
+       }
+
        return (TRUE);
 }
 
@@ -826,6 +864,19 @@ xdr_gprinc_ret(XDR *xdrs, gprinc_ret *objp)
                  }
             }
        }
+
+       if( xdrs->x_op == XDR_ENCODE )
+       {
+           char *tmp_str = "Unknown error code";
+           if(!xdr_string(xdrs, objp->err_str?&objp->err_str:&tmp_str, (unsigned int)-1 )) {
+               return (FALSE);
+           }
+       } else {
+           if(!xdr_string(xdrs, &objp->err_str, (unsigned int)-1 )) {
+               return (FALSE);
+           }
+       }
+
        return (TRUE);
 }
 
@@ -896,6 +947,19 @@ xdr_gpol_ret(XDR *xdrs, gpol_ret *objp)
            if (!xdr_kadm5_policy_ent_rec(xdrs, &objp->rec))
                return (FALSE);
        }
+
+       if( xdrs->x_op == XDR_ENCODE )
+       {
+           char *tmp_str = "Unknown error code";
+           if(!xdr_string(xdrs, objp->err_str?&objp->err_str:&tmp_str, (unsigned int)-1 )) {
+               return (FALSE);
+           }
+       } else {
+           if(!xdr_string(xdrs, &objp->err_str, (unsigned int)-1 )) {
+               return (FALSE);
+           }
+       }
+
        return (TRUE);
 }
 
@@ -930,6 +994,19 @@ xdr_gpols_ret(XDR *xdrs, gpols_ret *objp)
               return (FALSE);
          }
      }
+
+     if( xdrs->x_op == XDR_ENCODE )
+     {
+        char *tmp_str = "Unknown error code";
+        if(!xdr_string(xdrs, objp->err_str?&objp->err_str:&tmp_str, (unsigned int)-1 )) {
+            return (FALSE);
+        }
+     } else {
+        if(!xdr_string(xdrs, &objp->err_str, (unsigned int)-1 )) {
+            return (FALSE);
+        }
+     }
+
      return (TRUE);
 }
 
@@ -941,6 +1018,19 @@ bool_t xdr_getprivs_ret(XDR *xdrs, getprivs_ret *objp)
      if (! xdr_kadm5_ret_t(xdrs, &objp->code) ||
         ! xdr_long(xdrs, &objp->privs))
          return FALSE;
+
+     if( xdrs->x_op == XDR_ENCODE )
+     {
+        char *tmp_str = "Unknown error code";
+        if(!xdr_string(xdrs, objp->err_str?&objp->err_str:&tmp_str, (unsigned int)-1 )) {
+            return (FALSE);
+        }
+     } else {
+        if(!xdr_string(xdrs, &objp->err_str, (unsigned int)-1 )) {
+            return (FALSE);
+        }
+     }
+
      return TRUE;
 }
 
index ce818934f27d86531e3065761c745901047348b7..750aa3f8121b720ec3a22701b44096953ee7e8a4 100644 (file)
@@ -6,10 +6,11 @@ ovsec_kadm_ret_t ovsec_kadm_init_with_password(char *client_name, char *pass,
                                               char *realm,
                                               krb5_ui_4 struct_version,
                                               krb5_ui_4 api_version,
+                                              char **db_args,
                                               void **server_handle)
 {
      return kadm5_init_with_password(client_name, pass, service_name,
-                                    realm, struct_version, api_version, 
+                                    realm, struct_version, api_version, db_args,
                                     server_handle);
 }
 
@@ -18,10 +19,11 @@ ovsec_kadm_ret_t ovsec_kadm_init_with_skey(char *client_name, char *keytab,
                                           char *realm,
                                           krb5_ui_4 struct_version,
                                           krb5_ui_4 api_version,
+                                          char **db_args,
                                           void **server_handle)
 {
      return kadm5_init_with_skey(client_name, keytab, service_name, realm,
-                                struct_version, api_version,
+                                struct_version, api_version, db_args,
                                 server_handle);
 }
 
@@ -30,10 +32,11 @@ ovsec_kadm_ret_t ovsec_kadm_init(char *client_name, char *from_stash,
                                 char *realm,
                                 krb5_ui_4 struct_version,
                                 krb5_ui_4 api_version,
+                                char **db_args,
                                 void **server_handle)
 {
      return kadm5_init(client_name, from_stash, service_name,
-                      realm, struct_version, api_version,
+                      realm, struct_version, api_version, db_args,
                       server_handle);
 }
 
index 7792d0a49b4e53f9826d4ccc9ef1fab4fcf2a6e2..33d6593ac0b3dbc9f0d4bfb597c6daeb7aede0bf 100644 (file)
@@ -21,7 +21,6 @@
 #include    <krb5/kdb.h>
 #include    <kadm5/admin.h>
 #include    "admin_internal.h"
-#include    "adb.h"
 
 typedef struct _kadm5_server_handle_t {
        krb5_ui_4       magic_number;
@@ -31,9 +30,26 @@ typedef struct _kadm5_server_handle_t {
        krb5_principal  current_caller;
        kadm5_config_params  params;
        struct _kadm5_server_handle_t *lhandle;
-       osa_adb_policy_t policy_db;
+        char **db_args;
 } kadm5_server_handle_rec, *kadm5_server_handle_t;
 
+#define OSA_ADB_PRINC_VERSION_1  0x12345C01
+
+typedef struct _osa_pw_hist_t {
+  int n_key_data;
+  krb5_key_data *key_data;
+} osa_pw_hist_ent, *osa_pw_hist_t;
+                                                                                                                     typedef struct _osa_princ_ent_t {
+  int                         version;
+  char                        *policy;
+  long                        aux_attributes;
+  unsigned int                old_key_len;
+  unsigned int                old_key_next;
+  krb5_kvno                   admin_history_kvno;
+  osa_pw_hist_ent             *old_keys;
+} osa_princ_ent_rec, *osa_princ_ent_t;
+
+
 kadm5_ret_t    adb_policy_init(kadm5_server_handle_t handle);
 kadm5_ret_t    adb_policy_close(kadm5_server_handle_t handle);
 kadm5_ret_t    passwd_check(kadm5_server_handle_t handle,
@@ -55,6 +71,7 @@ krb5_error_code     kdb_put_entry(kadm5_server_handle_t handle,
 krb5_error_code     kdb_delete_entry(kadm5_server_handle_t handle,
                                     krb5_principal name);
 krb5_error_code     kdb_iter_entry(kadm5_server_handle_t handle,
+                                  char *match_entry,
                                   void (*iter_fct)(void *, krb5_principal), 
                                   void *data);
 
@@ -115,4 +132,9 @@ extern      krb5_principal  current_caller;
                          KADM5_NEW_SERVER_API_VERSION) \
      SERVER_CHECK_HANDLE(handle)
 
+bool_t          xdr_osa_princ_ent_rec(XDR *xdrs, osa_princ_ent_t objp);
+
+void
+osa_free_princ_ent(osa_princ_ent_t val);
+
 #endif /* __KADM5_SERVER_INTERNAL_H__ */
index eeba8685c97686749cb033660b404e27cb6dcc0f..c885bc65d9d531ab2acc58b4a74b6b74a10538e5 100644 (file)
@@ -1,3 +1,18 @@
+2005-06-20  Ken Raeburn  <raeburn@mit.edu>
+
+       Novell merge.
+       * Makefile.in:
+       * adb_free.c:
+       * adb_openclose.c:
+       * adb_policy.c:
+       * adb_xdr.c:
+       * server_init.c:
+       * server_kdb.c:
+       * server_misc.c:
+       * svr_iters.c:
+       * svr_policy.c:
+       * svr_principal.c:
+
 2004-12-20  Tom Yu  <tlyu@mit.edu>
 
        * svr_principal.c (add_to_history): Rewrite somewhat, using
index 66de263ce8d53864b5d1bde7e019c69b26e6df1a..6a159ffcb6c2f23a302419cad50da2da3e81a365 100644 (file)
@@ -35,10 +35,7 @@ SRCS =       $(srcdir)/svr_policy.c \
        $(srcdir)/server_dict.c \
        $(srcdir)/svr_iters.c \
        $(srcdir)/svr_chpass_util.c \
-       $(srcdir)/adb_xdr.c \
-       $(srcdir)/adb_policy.c \
-       $(srcdir)/adb_free.c \
-       $(srcdir)/adb_openclose.c
+       $(srcdir)/adb_xdr.c 
 
 OBJS = svr_policy.$(OBJEXT) \
        svr_principal.$(OBJEXT) \
@@ -49,10 +46,7 @@ OBJS =       svr_policy.$(OBJEXT) \
        server_dict.$(OBJEXT) \
        svr_iters.$(OBJEXT) \
        svr_chpass_util.$(OBJEXT) \
-       adb_xdr.$(OBJEXT) \
-       adb_policy.$(OBJEXT) \
-       adb_free.$(OBJEXT) \
-       adb_openclose.$(OBJEXT)
+       adb_xdr.$(OBJEXT) 
 
 STLIBOBJS = \
        svr_policy.o \
@@ -64,10 +58,7 @@ STLIBOBJS = \
        server_dict.o \
        svr_iters.o \
        svr_chpass_util.o \
-       adb_xdr.o \
-       adb_policy.o \
-       adb_free.o \
-       adb_openclose.o
+       adb_xdr.o
 
 all-unix:: includes
 all-unix:: all-liblinks
@@ -115,10 +106,8 @@ svr_policy.so svr_policy.po $(OUTPRE)svr_policy.$(OBJEXT): \
   $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/socket-utils.h \
   $(SRCTOP)/include/krb5/kdb.h $(BUILDTOP)/include/kadm5/kadm_err.h \
-  $(BUILDTOP)/include/kadm5/adb_err.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \
-  $(BUILDTOP)/include/kadm5/adb.h $(SRCTOP)/include/krb5/kdb.h \
-  $(DB_DEPS) $(BUILDTOP)/include/kadm5/server_internal.h \
-  $(BUILDTOP)/include/kadm5/admin_internal.h $(BUILDTOP)/include/kadm5/adb.h
+  $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/server_internal.h \
+  $(SRCTOP)/include/krb5/kdb.h $(BUILDTOP)/include/kadm5/admin_internal.h
 svr_principal.so svr_principal.po $(OUTPRE)svr_principal.$(OBJEXT): \
   svr_principal.c $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/gssrpc/rpc.h \
   $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/gssrpc/rename.h \
@@ -133,10 +122,8 @@ svr_principal.so svr_principal.po $(OUTPRE)svr_principal.$(OBJEXT): \
   $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/socket-utils.h \
   $(SRCTOP)/include/krb5/kdb.h $(BUILDTOP)/include/kadm5/kadm_err.h \
-  $(BUILDTOP)/include/kadm5/adb_err.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \
-  $(BUILDTOP)/include/kadm5/adb.h $(SRCTOP)/include/krb5/kdb.h \
-  $(DB_DEPS) $(BUILDTOP)/include/kadm5/server_internal.h \
-  $(BUILDTOP)/include/kadm5/admin_internal.h $(BUILDTOP)/include/kadm5/adb.h
+  $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(SRCTOP)/include/krb5/kdb.h \
+  $(BUILDTOP)/include/kadm5/server_internal.h $(BUILDTOP)/include/kadm5/admin_internal.h
 server_acl.so server_acl.po $(OUTPRE)server_acl.$(OBJEXT): \
   server_acl.c $(SRCTOP)/include/syslog.h $(BUILDTOP)/include/gssapi/gssapi_generic.h \
   $(BUILDTOP)/include/gssapi/gssapi.h $(SRCTOP)/include/k5-int.h \
@@ -154,9 +141,8 @@ server_acl.so server_acl.po $(OUTPRE)server_acl.$(OBJEXT): \
   $(BUILDTOP)/include/gssrpc/auth_unix.h $(BUILDTOP)/include/gssrpc/auth_gss.h \
   $(BUILDTOP)/include/gssrpc/svc_auth.h $(BUILDTOP)/include/gssrpc/svc.h \
   $(BUILDTOP)/include/krb5.h $(SRCTOP)/include/k5-int.h \
-  $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/adb_err.h \
-  $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/admin_internal.h \
-  $(BUILDTOP)/include/kadm5/adb.h $(DB_DEPS) $(SRCTOP)/include/krb5/adm_proto.h \
+  $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \
+  $(BUILDTOP)/include/kadm5/admin_internal.h $(SRCTOP)/include/krb5/adm_proto.h \
   server_acl.h
 server_kdb.so server_kdb.po $(OUTPRE)server_kdb.$(OBJEXT): \
   server_kdb.c $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/krb5/osconf.h \
@@ -173,10 +159,8 @@ server_kdb.so server_kdb.po $(OUTPRE)server_kdb.$(OBJEXT): \
   $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/svc_auth.h \
   $(BUILDTOP)/include/gssrpc/svc.h $(BUILDTOP)/include/krb5.h \
   $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/kadm5/kadm_err.h \
-  $(BUILDTOP)/include/kadm5/adb_err.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \
-  $(BUILDTOP)/include/kadm5/server_internal.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/kadm5/admin_internal.h $(BUILDTOP)/include/kadm5/adb.h \
-  $(DB_DEPS)
+  $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/server_internal.h \
+  $(SRCTOP)/include/krb5/kdb.h $(BUILDTOP)/include/kadm5/admin_internal.h
 server_misc.so server_misc.po $(OUTPRE)server_misc.$(OBJEXT): \
   server_misc.c $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/krb5/osconf.h \
   $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/k5-platform.h \
@@ -184,18 +168,17 @@ server_misc.so server_misc.po $(OUTPRE)server_misc.$(OBJEXT): \
   $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h \
   $(SRCTOP)/include/port-sockets.h $(BUILDTOP)/include/krb5/autoconf.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(SRCTOP)/include/krb5/kdb.h $(BUILDTOP)/include/kadm5/adb.h \
-  $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/gssrpc/rename.h \
-  $(SRCTOP)/include/k5-int.h $(DB_DEPS) $(BUILDTOP)/include/kadm5/admin.h \
-  $(BUILDTOP)/include/gssrpc/rpc.h $(BUILDTOP)/include/gssrpc/xdr.h \
+  $(SRCTOP)/include/krb5/kdb.h $(BUILDTOP)/include/kadm5/server_internal.h \
+  $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/kadm5/admin.h \
+  $(BUILDTOP)/include/gssrpc/rpc.h $(BUILDTOP)/include/gssrpc/types.h \
+  $(BUILDTOP)/include/gssrpc/rename.h $(BUILDTOP)/include/gssrpc/xdr.h \
   $(BUILDTOP)/include/gssrpc/auth.h $(BUILDTOP)/include/gssrpc/clnt.h \
   $(BUILDTOP)/include/gssrpc/rpc_msg.h $(BUILDTOP)/include/gssrpc/auth_unix.h \
   $(BUILDTOP)/include/gssrpc/auth_gss.h $(BUILDTOP)/include/gssapi/gssapi.h \
   $(BUILDTOP)/include/gssrpc/svc_auth.h $(BUILDTOP)/include/gssrpc/svc.h \
   $(BUILDTOP)/include/krb5.h $(SRCTOP)/include/k5-int.h \
-  $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/adb_err.h \
-  $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/server_internal.h \
-  $(BUILDTOP)/include/kadm5/admin_internal.h $(BUILDTOP)/include/kadm5/adb.h
+  $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \
+  $(BUILDTOP)/include/kadm5/admin_internal.h
 server_init.so server_init.po $(OUTPRE)server_init.$(OBJEXT): \
   server_init.c $(COM_ERR_DEPS) $(BUILDTOP)/include/kadm5/admin.h \
   $(BUILDTOP)/include/gssrpc/rpc.h $(BUILDTOP)/include/gssrpc/types.h \
@@ -210,10 +193,9 @@ server_init.so server_init.po $(OUTPRE)server_init.$(OBJEXT): \
   $(SRCTOP)/include/k5-thread.h $(BUILDTOP)/include/profile.h \
   $(SRCTOP)/include/port-sockets.h $(BUILDTOP)/include/krb5/autoconf.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/adb_err.h \
-  $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/server_internal.h \
-  $(SRCTOP)/include/krb5/kdb.h $(BUILDTOP)/include/kadm5/admin_internal.h \
-  $(BUILDTOP)/include/kadm5/adb.h $(DB_DEPS)
+  $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \
+  $(BUILDTOP)/include/kadm5/server_internal.h $(SRCTOP)/include/krb5/kdb.h \
+  $(BUILDTOP)/include/kadm5/admin_internal.h
 server_dict.so server_dict.po $(OUTPRE)server_dict.$(OBJEXT): \
   server_dict.c $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/gssrpc/rpc.h \
   $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/gssrpc/rename.h \
@@ -228,11 +210,9 @@ server_dict.so server_dict.po $(OUTPRE)server_dict.$(OBJEXT): \
   $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/socket-utils.h \
   $(SRCTOP)/include/krb5/kdb.h $(BUILDTOP)/include/kadm5/kadm_err.h \
-  $(BUILDTOP)/include/kadm5/adb_err.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \
-  $(SRCTOP)/include/krb5/adm_proto.h $(SRCTOP)/include/syslog.h \
-  $(BUILDTOP)/include/kadm5/server_internal.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/kadm5/admin_internal.h $(BUILDTOP)/include/kadm5/adb.h \
-  $(DB_DEPS)
+  $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(SRCTOP)/include/krb5/adm_proto.h \
+  $(SRCTOP)/include/syslog.h $(BUILDTOP)/include/kadm5/server_internal.h \
+  $(SRCTOP)/include/krb5/kdb.h $(BUILDTOP)/include/kadm5/admin_internal.h
 svr_iters.so svr_iters.po $(OUTPRE)svr_iters.$(OBJEXT): \
   svr_iters.c $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/gssrpc/rpc.h \
   $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/gssrpc/rename.h \
@@ -247,10 +227,8 @@ svr_iters.so svr_iters.po $(OUTPRE)svr_iters.$(OBJEXT): \
   $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/socket-utils.h \
   $(SRCTOP)/include/krb5/kdb.h $(BUILDTOP)/include/kadm5/kadm_err.h \
-  $(BUILDTOP)/include/kadm5/adb_err.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \
-  $(BUILDTOP)/include/kadm5/adb.h $(SRCTOP)/include/krb5/kdb.h \
-  $(DB_DEPS) $(BUILDTOP)/include/kadm5/server_internal.h \
-  $(BUILDTOP)/include/kadm5/admin_internal.h $(BUILDTOP)/include/kadm5/adb.h
+  $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/server_internal.h \
+  $(SRCTOP)/include/krb5/kdb.h $(BUILDTOP)/include/kadm5/admin_internal.h
 svr_chpass_util.so svr_chpass_util.po $(OUTPRE)svr_chpass_util.$(OBJEXT): \
   svr_chpass_util.c $(BUILDTOP)/include/kadm5/admin.h \
   $(BUILDTOP)/include/gssrpc/rpc.h $(BUILDTOP)/include/gssrpc/types.h \
@@ -265,10 +243,9 @@ svr_chpass_util.so svr_chpass_util.po $(OUTPRE)svr_chpass_util.$(OBJEXT): \
   $(SRCTOP)/include/k5-thread.h $(BUILDTOP)/include/profile.h \
   $(SRCTOP)/include/port-sockets.h $(BUILDTOP)/include/krb5/autoconf.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/adb_err.h \
-  $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/server_internal.h \
-  $(SRCTOP)/include/krb5/kdb.h $(BUILDTOP)/include/kadm5/admin_internal.h \
-  $(BUILDTOP)/include/kadm5/adb.h $(DB_DEPS)
+  $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \
+  $(BUILDTOP)/include/kadm5/server_internal.h $(SRCTOP)/include/krb5/kdb.h \
+  $(BUILDTOP)/include/kadm5/admin_internal.h
 adb_xdr.so adb_xdr.po $(OUTPRE)adb_xdr.$(OBJEXT): adb_xdr.c \
   $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(BUILDTOP)/include/gssrpc/rpc.h \
   $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/gssrpc/rename.h \
@@ -276,65 +253,14 @@ adb_xdr.so adb_xdr.po $(OUTPRE)adb_xdr.$(OBJEXT): adb_xdr.c \
   $(BUILDTOP)/include/gssrpc/clnt.h $(BUILDTOP)/include/gssrpc/rpc_msg.h \
   $(BUILDTOP)/include/gssrpc/auth_unix.h $(BUILDTOP)/include/gssrpc/auth_gss.h \
   $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/svc_auth.h \
-  $(BUILDTOP)/include/gssrpc/svc.h $(BUILDTOP)/include/kadm5/adb.h \
+  $(BUILDTOP)/include/gssrpc/svc.h $(BUILDTOP)/include/kadm5/server_internal.h \
   $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/krb5/osconf.h \
   $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/k5-platform.h \
   $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/k5-thread.h \
   $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
   $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/socket-utils.h \
   $(SRCTOP)/include/krb5/kdb.h $(SRCTOP)/include/krb5/kdb.h \
-  $(DB_DEPS) $(BUILDTOP)/include/kadm5/admin.h $(SRCTOP)/include/k5-int.h \
-  $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/adb_err.h \
-  $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/admin_xdr.h \
-  $(BUILDTOP)/include/kadm5/kadm_rpc.h
-adb_policy.so adb_policy.po $(OUTPRE)adb_policy.$(OBJEXT): \
-  adb_policy.c $(BUILDTOP)/include/kadm5/adb.h $(BUILDTOP)/include/gssrpc/types.h \
-  $(BUILDTOP)/include/gssrpc/rename.h $(SRCTOP)/include/k5-int.h \
-  $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(SRCTOP)/include/k5-thread.h $(BUILDTOP)/include/krb5.h \
-  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
-  $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/socket-utils.h \
-  $(SRCTOP)/include/krb5/kdb.h $(SRCTOP)/include/krb5/kdb.h \
-  $(DB_DEPS) $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/gssrpc/rpc.h \
-  $(BUILDTOP)/include/gssrpc/xdr.h $(BUILDTOP)/include/gssrpc/auth.h \
-  $(BUILDTOP)/include/gssrpc/clnt.h $(BUILDTOP)/include/gssrpc/rpc_msg.h \
-  $(BUILDTOP)/include/gssrpc/auth_unix.h $(BUILDTOP)/include/gssrpc/auth_gss.h \
-  $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/svc_auth.h \
-  $(BUILDTOP)/include/gssrpc/svc.h $(BUILDTOP)/include/krb5.h \
-  $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/kadm5/kadm_err.h \
-  $(BUILDTOP)/include/kadm5/adb_err.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h
-adb_free.so adb_free.po $(OUTPRE)adb_free.$(OBJEXT): \
-  adb_free.c $(BUILDTOP)/include/kadm5/adb.h $(BUILDTOP)/include/gssrpc/types.h \
-  $(BUILDTOP)/include/gssrpc/rename.h $(SRCTOP)/include/k5-int.h \
-  $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(SRCTOP)/include/k5-thread.h $(BUILDTOP)/include/krb5.h \
-  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
-  $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/socket-utils.h \
-  $(SRCTOP)/include/krb5/kdb.h $(SRCTOP)/include/krb5/kdb.h \
-  $(DB_DEPS) $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/gssrpc/rpc.h \
-  $(BUILDTOP)/include/gssrpc/xdr.h $(BUILDTOP)/include/gssrpc/auth.h \
-  $(BUILDTOP)/include/gssrpc/clnt.h $(BUILDTOP)/include/gssrpc/rpc_msg.h \
-  $(BUILDTOP)/include/gssrpc/auth_unix.h $(BUILDTOP)/include/gssrpc/auth_gss.h \
-  $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/svc_auth.h \
-  $(BUILDTOP)/include/gssrpc/svc.h $(BUILDTOP)/include/krb5.h \
-  $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/kadm5/kadm_err.h \
-  $(BUILDTOP)/include/kadm5/adb_err.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h
-adb_openclose.so adb_openclose.po $(OUTPRE)adb_openclose.$(OBJEXT): \
-  adb_openclose.c $(BUILDTOP)/include/kadm5/adb.h $(BUILDTOP)/include/gssrpc/types.h \
-  $(BUILDTOP)/include/gssrpc/rename.h $(SRCTOP)/include/k5-int.h \
-  $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(SRCTOP)/include/k5-thread.h $(BUILDTOP)/include/krb5.h \
-  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
-  $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/socket-utils.h \
-  $(SRCTOP)/include/krb5/kdb.h $(SRCTOP)/include/krb5/kdb.h \
-  $(DB_DEPS) $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/gssrpc/rpc.h \
-  $(BUILDTOP)/include/gssrpc/xdr.h $(BUILDTOP)/include/gssrpc/auth.h \
-  $(BUILDTOP)/include/gssrpc/clnt.h $(BUILDTOP)/include/gssrpc/rpc_msg.h \
-  $(BUILDTOP)/include/gssrpc/auth_unix.h $(BUILDTOP)/include/gssrpc/auth_gss.h \
-  $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/svc_auth.h \
-  $(BUILDTOP)/include/gssrpc/svc.h $(BUILDTOP)/include/krb5.h \
-  $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/kadm5/kadm_err.h \
-  $(BUILDTOP)/include/kadm5/adb_err.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h
+  $(BUILDTOP)/include/kadm5/admin.h $(SRCTOP)/include/k5-int.h \
+  $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \
+  $(BUILDTOP)/include/kadm5/admin_internal.h $(BUILDTOP)/include/kadm5/admin_xdr.h \
+  $(BUILDTOP)/include/kadm5/kadm_rpc.h $(BUILDTOP)/include/kadm5/server_internal.h
diff --git a/src/lib/kadm5/srv/adb_free.c b/src/lib/kadm5/srv/adb_free.c
deleted file mode 100644 (file)
index cfc107d..0000000
+++ /dev/null
@@ -1,85 +0,0 @@
-/*
- * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved
- *
- * $Header$
- * 
- * $Log$
- * Revision 1.3  2000/06/01 02:02:03  tritan
- * Check for existance of <memory.h>.
- * (from Nathan Neulinger <nneul@umr.edu>)
- *
- * Revision 1.2  1996/10/18 19:45:49  bjaspan
- *     * svr_misc_free.c, server_dict.c, adb_policy.c, adb_free.c:
- *     include stdlib.h instead of malloc.h [krb5-admin/35]
- *
- * Revision 1.1  1996/07/24 22:23:09  tlyu
- *     * Makefile.in, configure.in: break out server lib into a
- *             subdirectory
- *
- * Revision 1.8  1996/07/22 20:35:16  marc
- * this commit includes all the changes on the OV_9510_INTEGRATION and
- * OV_MERGE branches.  This includes, but is not limited to, the new openvision
- * admin system, and major changes to gssapi to add functionality, and bring
- * the implementation in line with rfc1964.  before committing, the
- * code was built and tested for netbsd and solaris.
- *
- * Revision 1.7.4.1  1996/07/18 03:08:07  marc
- * merged in changes from OV_9510_BP to OV_9510_FINAL1
- *
- * Revision 1.7.2.1  1996/06/20  02:16:25  marc
- * File added to the repository on a branch
- *
- * Revision 1.7  1996/05/12  06:21:57  marc
- * don't use <absolute paths> for "internal header files"
- *
- * Revision 1.6  1993/12/13  21:15:56  shanzer
- * fixed memory leak
- * .,
- *
- * Revision 1.5  1993/12/06  22:20:37  marc
- * fixup free functions to use xdr to free the underlying struct
- *
- * Revision 1.4  1993/11/15  00:29:46  shanzer
- * check to make sure pointers are somewhat vaid before freeing.
- *
- * Revision 1.3  1993/11/09  04:02:24  shanzer
- * added some includefiles
- * changed bzero to memset
- *
- * Revision 1.2  1993/11/04  01:54:24  shanzer
- * added rcs header ..
- *
- */
-
-#if !defined(lint) && !defined(__CODECENTER__)
-static char *rcsid = "$Header$";
-#endif
-
-#include       "adb.h"
-#ifdef HAVE_MEMORY_H
-#include       <memory.h>
-#endif
-#include       <stdlib.h>
-
-void
-osa_free_princ_ent(osa_princ_ent_t val)
-{
-    XDR xdrs;
-
-    xdrmem_create(&xdrs, NULL, 0, XDR_FREE);
-
-    xdr_osa_princ_ent_rec(&xdrs, val);
-    free(val);
-}
-
-void
-osa_free_policy_ent(osa_policy_ent_t val)
-{
-    XDR xdrs;
-
-    xdrmem_create(&xdrs, NULL, 0, XDR_FREE);
-
-    xdr_osa_policy_ent_rec(&xdrs, val);
-    free(val);
-}
-
index 757cf92e507e9b031d839a2592b540c4cc28a41d..d5d17062a8674b1a10cfedde035c1ebb30aeba24 100644 (file)
@@ -11,7 +11,7 @@ static char *rcsid = "$Header$";
 #include <sys/types.h>
 #include <krb5.h>
 #include <gssrpc/rpc.h>
-#include "adb.h"
+#include       "server_internal.h"
 #include "admin_xdr.h"
 #ifdef HAVE_MEMORY_H
 #include <memory.h>
@@ -97,38 +97,14 @@ xdr_osa_princ_ent_rec(XDR *xdrs, osa_princ_ent_t objp)
     return (TRUE);
 }
 
-bool_t
-xdr_osa_policy_ent_rec(XDR *xdrs, osa_policy_ent_t objp)
+void
+osa_free_princ_ent(osa_princ_ent_t val)
 {
-    switch (xdrs->x_op) {
-    case XDR_ENCODE:
-        objp->version = OSA_ADB_POLICY_VERSION_1;
-        /* fall through */
-    case XDR_FREE:
-        if (!xdr_int(xdrs, &objp->version))
-             return FALSE;
-        break;
-    case XDR_DECODE:
-        if (!xdr_int(xdrs, &objp->version))
-             return FALSE;
-        if (objp->version != OSA_ADB_POLICY_VERSION_1)
-             return FALSE;
-        break;
-    }
-    
-    if(!xdr_nullstring(xdrs, &objp->name))
-       return (FALSE);
-    if (!xdr_u_int32(xdrs, &objp->pw_min_life))
-       return (FALSE);
-    if (!xdr_u_int32(xdrs, &objp->pw_max_life))
-       return (FALSE);
-    if (!xdr_u_int32(xdrs, &objp->pw_min_length))
-       return (FALSE);
-    if (!xdr_u_int32(xdrs, &objp->pw_min_classes))
-       return (FALSE);
-    if (!xdr_u_int32(xdrs, &objp->pw_history_num))
-       return (FALSE);
-    if (!xdr_u_int32(xdrs, &objp->policy_refcnt))
-       return (FALSE);
-    return (TRUE);
+    XDR xdrs;
+                                                                                                                            
+    xdrmem_create(&xdrs, NULL, 0, XDR_FREE);
+                                                                                                                            
+    xdr_osa_princ_ent_rec(&xdrs, val);
+    free(val);
 }
+                                                                                                                            
index dc3526a72ff2fe993c6fc766ad4ad1e3067e93e2..a5369298ac1d955a84a7aa02a06717197f346a7b 100644 (file)
@@ -33,15 +33,70 @@ static int check_handle(void *handle)
      return 0;
 }
 
+static int dup_db_args( kadm5_server_handle_t handle, char **db_args )
+{
+    int count  = 0;
+    int ret = 0;
+
+    for( count=0; db_args && db_args[count]; count++ );
+    if( count == 0 )
+    {
+       handle->db_args = NULL;
+       goto clean_n_exit;
+    }
+
+    handle->db_args = calloc(sizeof(char*), count+1);
+    if( handle->db_args == NULL )
+    {
+       ret=ENOMEM;
+       goto clean_n_exit;
+    }
+
+    for(count=0; db_args[count]; count++)
+    {
+       handle->db_args[count] = strdup(db_args[count]);
+       if( handle->db_args[count] == NULL )
+       {
+           ret = ENOMEM;
+           goto clean_n_exit;
+       }
+    }
+
+ clean_n_exit:
+    if( ret && handle->db_args )
+    {
+       for(count=0; handle->db_args[count]; count++ )
+           free( handle->db_args[count] );
+
+       free(handle->db_args), handle->db_args = NULL;
+    }
+
+    return ret;
+}
+
+static void free_db_args(kadm5_server_handle_t handle)
+{
+    int count;
+
+    if( handle->db_args )
+    {
+       for(count=0; handle->db_args[count]; count++ )
+           free( handle->db_args[count] );
+       
+       free(handle->db_args), handle->db_args = NULL;
+    }
+}
+
 kadm5_ret_t kadm5_init_with_password(char *client_name, char *pass,
                                     char *service_name,
                                     kadm5_config_params *params,
                                     krb5_ui_4 struct_version,
                                     krb5_ui_4 api_version,
+                                    char **db_args,
                                     void **server_handle)
 {
      return kadm5_init(client_name, pass, service_name, params,
-                      struct_version, api_version,
+                      struct_version, api_version, db_args,
                       server_handle);
 }
 
@@ -51,6 +106,7 @@ kadm5_ret_t kadm5_init_with_creds(char *client_name,
                                  kadm5_config_params *params,
                                  krb5_ui_4 struct_version,
                                  krb5_ui_4 api_version,
+                                 char **db_args,
                                  void **server_handle)
 {
      /*
@@ -64,7 +120,7 @@ kadm5_ret_t kadm5_init_with_creds(char *client_name,
         params->mkey_from_kbd)
          return KADM5_BAD_SERVER_PARAMS;
      return kadm5_init(client_name, NULL, service_name, params,
-                      struct_version, api_version,
+                      struct_version, api_version, db_args,
                       server_handle);
 }
 
@@ -74,6 +130,7 @@ kadm5_ret_t kadm5_init_with_skey(char *client_name, char *keytab,
                                 kadm5_config_params *params,
                                 krb5_ui_4 struct_version,
                                 krb5_ui_4 api_version,
+                                char **db_args,
                                 void **server_handle)
 {
      /*
@@ -87,7 +144,7 @@ kadm5_ret_t kadm5_init_with_skey(char *client_name, char *keytab,
         params->mkey_from_kbd)
          return KADM5_BAD_SERVER_PARAMS;
      return kadm5_init(client_name, NULL, service_name, params,
-                      struct_version, api_version,
+                      struct_version, api_version, db_args,
                       server_handle);
 }
 
@@ -96,6 +153,7 @@ kadm5_ret_t kadm5_init(char *client_name, char *pass,
                       kadm5_config_params *params_in,
                       krb5_ui_4 struct_version,
                       krb5_ui_4 api_version,
+                      char **db_args,
                       void **server_handle)
 {
      int ret;
@@ -112,14 +170,22 @@ kadm5_ret_t kadm5_init(char *client_name, char *pass,
         return ENOMEM;
     memset(handle, 0, sizeof(*handle));
 
+    ret = dup_db_args( handle, db_args );
+    if( ret )
+    {
+       free(handle);
+       return ret;
+    }
+
     ret = (int) krb5_init_context(&(handle->context));
     if (ret) {
+        free_db_args(handle);
         free(handle);
         return(ret);
     }
 
     initialize_ovk_error_table();
-    initialize_adb_error_table();
+/*     initialize_adb_error_table(); */
     initialize_ovku_error_table();
 
     handle->magic_number = KADM5_SERVER_HANDLE_MAGIC;
@@ -153,6 +219,7 @@ kadm5_ret_t kadm5_init(char *client_name, char *pass,
 #define ILLEGAL_PARAMS (KADM5_CONFIG_ADMIN_SERVER)
      if (params_in && (params_in->mask & ILLEGAL_PARAMS)) {
          krb5_free_context(handle->context);
+         free_db_args(handle);
          free(handle);
          return KADM5_BAD_SERVER_PARAMS;
      }
@@ -162,6 +229,7 @@ kadm5_ret_t kadm5_init(char *client_name, char *pass,
                                       &handle->params);
      if (ret) {
          krb5_free_context(handle->context);
+         free_db_args(handle);
          free(handle);
          return(ret);
      }
@@ -176,24 +244,24 @@ kadm5_ret_t kadm5_init(char *client_name, char *pass,
 
      if ((handle->params.mask & REQUIRED_PARAMS) != REQUIRED_PARAMS) {
          krb5_free_context(handle->context);
+         free_db_args(handle);
          free(handle);
          return KADM5_MISSING_CONF_PARAMS;
      }
 
-     /*
-      * Set the db_name based on configuration before calling
-      * krb5_db_init, so it will get used.
-      */
-
-    ret = krb5_db_set_name(handle->context, handle->params.dbname);
-    if (ret) {
-        free(handle);
-        return(ret);
-    }
+     ret = krb5_set_default_realm(handle->context, handle->params.realm);
+     if( ret )
+     {
+         krb5_free_context(handle->context);
+         free_db_args(handle);
+         free(handle);
+         return ret;
+     }
 
-    ret = krb5_db_init(handle->context);
+    ret = krb5_db_open(handle->context, db_args, KRB5_KDB_OPEN_RW);
     if (ret) {
         krb5_free_context(handle->context);
+        free_db_args(handle);
         free(handle);
         return(ret);
     }
@@ -202,6 +270,7 @@ kadm5_ret_t kadm5_init(char *client_name, char *pass,
                               &handle->current_caller))) {
         krb5_db_fini(handle->context);
         krb5_free_context(handle->context);
+        free_db_args(handle);
         free(handle);
         return ret;
     }
@@ -209,6 +278,7 @@ kadm5_ret_t kadm5_init(char *client_name, char *pass,
     if (! (handle->lhandle = malloc(sizeof(*handle)))) {
         krb5_db_fini(handle->context);
         krb5_free_context(handle->context);
+        free_db_args(handle);
         free(handle);
         return ENOMEM;
     }
@@ -220,6 +290,7 @@ kadm5_ret_t kadm5_init(char *client_name, char *pass,
     /* can't check the handle until current_caller is set */
     ret = check_handle((void *) handle);
     if (ret) {
+       free_db_args(handle);
         free(handle);
        return ret;
     }
@@ -250,6 +321,7 @@ kadm5_ret_t kadm5_init(char *client_name, char *pass,
     if (ret) {
         krb5_db_fini(handle->context);
        krb5_free_context(handle->context);
+       free_db_args(handle);
        free(handle);
        return ret;
     }
@@ -258,6 +330,7 @@ kadm5_ret_t kadm5_init(char *client_name, char *pass,
     if (ret) {
         krb5_db_fini(handle->context);
         krb5_free_context(handle->context);
+        free_db_args(handle);
         free(handle);
         return ret;
     }
@@ -267,20 +340,11 @@ kadm5_ret_t kadm5_init(char *client_name, char *pass,
          krb5_db_fini(handle->context);
         krb5_free_principal(handle->context, handle->current_caller);
         krb5_free_context(handle->context);
+        free_db_args(handle);
         free(handle);
         return ret;
     }
     
-    ret = adb_policy_init(handle);
-    if (ret) {
-        krb5_db_fini(handle->context);
-        krb5_free_principal(handle->context, handle->current_caller);
-        krb5_free_context(handle->context);
-        free(handle);
-        return ret;
-    }
-    handle->lhandle->policy_db = handle->policy_db;
-
     *server_handle = (void *) handle;
     
     return KADM5_OK;
@@ -301,6 +365,7 @@ kadm5_ret_t kadm5_destroy(void *server_handle)
     krb5_free_context(handle->context);
     handle->magic_number = 0;
     free(handle->lhandle);
+    free_db_args(handle);
     free(handle);
  
     return KADM5_OK;
@@ -312,10 +377,7 @@ kadm5_ret_t kadm5_lock(void *server_handle)
     kadm5_ret_t ret;
 
     CHECK_HANDLE(server_handle);
-    ret = osa_adb_open_and_lock(handle->policy_db, OSA_ADB_EXCLUSIVE);
-    if (ret)
-       return ret;
-    ret = krb5_db_lock(handle->context, KRB5_LOCKMODE_EXCLUSIVE);
+    ret = krb5_db_lock(handle->context, KRB5_DB_LOCKMODE_EXCLUSIVE);
     if (ret)
        return ret;
 
@@ -328,9 +390,6 @@ kadm5_ret_t kadm5_unlock(void *server_handle)
     kadm5_ret_t ret;
 
     CHECK_HANDLE(server_handle);
-    ret = osa_adb_close_and_unlock(handle->policy_db);
-    if (ret)
-       return ret;
     ret = krb5_db_unlock(handle->context);
     if (ret)
        return ret;
@@ -346,13 +405,7 @@ kadm5_ret_t kadm5_flush(void *server_handle)
      CHECK_HANDLE(server_handle);
 
      if ((ret = krb5_db_fini(handle->context)) ||
-        /*
-         * Set the db_name based on configuration before calling
-         * krb5_db_init, so it will get used.
-         */
-        (ret = krb5_db_set_name(handle->context,
-                                    handle->params.dbname)) ||
-        (ret = krb5_db_init(handle->context)) ||
+        (ret = krb5_db_open(handle->context, handle->db_args, KRB5_KDB_OPEN_RW)) ||
         (ret = adb_policy_close(handle)) ||
         (ret = adb_policy_init(handle))) {
          (void) kadm5_destroy(server_handle);
index 97d38c7b6b5dae810e859b9ebd0e8b4cde9df554..6392ef10d7aca1ddff8345277fd7b8911e57fd74 100644 (file)
@@ -42,7 +42,7 @@ krb5_error_code kdb_init_master(kadm5_server_handle_t handle,
     } else {
        realm = r;
     }
-           
+
     if ((ret = krb5_db_setup_mkey_name(handle->context,
                                       handle->params.mkey_name,
                                       realm, NULL, &master_princ)))
@@ -60,9 +60,6 @@ krb5_error_code kdb_init_master(kadm5_server_handle_t handle,
     if (ret)
        goto done;
                                 
-    if ((ret = krb5_db_init(handle->context)) != KSUCCESS)
-       goto done;
-
     if ((ret = krb5_db_verify_master_key(handle->context, master_princ,
                                         &master_keyblock))) {
          krb5_db_fini(handle->context);
@@ -264,7 +261,7 @@ kdb_get_entry(kadm5_server_handle_t handle,
        if (! xdr_osa_princ_ent_rec(&xdrs, adb)) {
           xdr_destroy(&xdrs);
           krb5_db_free_principal(handle->context, kdb, 1);
-          return(OSA_ADB_XDR_FAILURE);
+          return(KADM5_XDR_FAILURE);
        }
        xdr_destroy(&xdrs);
     }
@@ -346,7 +343,7 @@ kdb_put_entry(kadm5_server_handle_t handle,
     xdralloc_create(&xdrs, XDR_ENCODE); 
     if(! xdr_osa_princ_ent_rec(&xdrs, adb)) {
        xdr_destroy(&xdrs);
-       return(OSA_ADB_XDR_FAILURE);
+       return(KADM5_XDR_FAILURE);
     }
     tl_data.tl_data_type = KRB5_TL_KADM_DATA;
     tl_data.tl_data_length = xdr_getpos(&xdrs);
@@ -395,7 +392,7 @@ kdb_iter_func(krb5_pointer data, krb5_db_entry *kdb)
 }
 
 krb5_error_code
-kdb_iter_entry(kadm5_server_handle_t handle,
+kdb_iter_entry(kadm5_server_handle_t handle, char *match_entry,
               void (*iter_fct)(void *, krb5_principal), void *data)
 {
     iter_data id;
@@ -404,11 +401,10 @@ kdb_iter_entry(kadm5_server_handle_t handle,
     id.func = iter_fct;
     id.data = data;
 
-    ret = krb5_db_iterate(handle->context, kdb_iter_func, &id);
+    ret = krb5_db_iterate(handle->context, match_entry, kdb_iter_func, &id);
     if (ret)
        return(ret);
 
     return(0);
 }
 
-
index 02c7dced6961fbc6eb4982a42298e768e2088d23..4f15fd3b29be5ee4e2ddf1aa639f850fcf3b7b72 100644 (file)
@@ -11,7 +11,6 @@ static char *rcsid = "$Header$";
 #include    "k5-int.h"
 #include    <krb5/kdb.h>
 #include    <ctype.h>
-#include    "adb.h"
 #include    <pwd.h>
 
 /* for strcasecmp */
@@ -22,22 +21,17 @@ static char *rcsid = "$Header$";
 kadm5_ret_t
 adb_policy_init(kadm5_server_handle_t handle)
 {
-    osa_adb_ret_t   ret;
-    if(handle->policy_db == (osa_adb_policy_t) NULL)
-       if((ret = osa_adb_open_policy(&handle->policy_db,
-                                     &handle->params)) != OSA_ADB_OK)
-            return ret;
-    return KADM5_OK;
+    /* now policy is initialized as part of database. No seperate call needed */
+    if( krb5_db_inited( handle->context ) )
+       return KADM5_OK;
+
+    return krb5_db_open( handle->context, NULL, KRB5_KDB_OPEN_RW );
 }
 
 kadm5_ret_t
 adb_policy_close(kadm5_server_handle_t handle)
 {
-    osa_adb_ret_t   ret;
-    if(handle->policy_db != (osa_adb_policy_t) NULL)
-       if((ret = osa_adb_close_policy(handle->policy_db)) != OSA_ADB_OK)
-           return ret;
-    handle->policy_db = NULL;
+    /* will be taken care by database close */
     return KADM5_OK;
 }
 
@@ -185,3 +179,4 @@ passwd_check(kadm5_server_handle_t handle,
     }
     return KADM5_OK;    
 }
+
index 8c04d78574ae6a071bb41e19745b30f2b68aa3c8..ea1ee27cc473d3bb84e4ea82b4646fc5e252f13f 100644 (file)
@@ -21,7 +21,6 @@ static char *rcsid = "$Header$";
 #include       <sys/types.h>
 #include       <string.h>
 #include       <kadm5/admin.h>
-#include       "adb.h"
 #ifdef SOLARIS_REGEXPS
 #include       <regexpr.h>
 #endif
@@ -230,18 +229,18 @@ static kadm5_ret_t kadm5_get_either(int princ,
 
      if (princ) {
          data.context = handle->context;
-         ret = kdb_iter_entry(handle, get_princs_iter, (void *) &data);
+         ret = kdb_iter_entry(handle, exp, get_princs_iter, (void *) &data);
      } else {
-         ret = osa_adb_iter_policy(handle->policy_db, get_pols_iter, (void *)&data);
+         ret = krb5_db_iter_policy(handle->context, exp, get_pols_iter, (void *)&data);
      }
      
      free(regexp);
 #ifdef POSIX_REGEXPS
      regfree(&data.preg);
 #endif
-     if (ret == OSA_ADB_OK && data.malloc_failed)
+     if ( !ret && data.malloc_failed)
          ret = ENOMEM;
-     if (ret != OSA_ADB_OK) {
+     if ( ret ) {
          for (i = 0; i < data.n_names; i++)
               free(data.names[i]);
          free(data.names);
index d03cfd0b67910f8c0efdf0777170ef72841f779d..24398c1f4e10f6c0589be3fc0157d506e3bf7bcf 100644 (file)
@@ -10,7 +10,6 @@ static char *rcsid = "$Header$";
 
 #include       <sys/types.h>
 #include       <kadm5/admin.h>
-#include       "adb.h"
 #include       "server_internal.h"
 #include       <stdlib.h>
 
@@ -47,6 +46,8 @@ kadm5_create_policy(void *server_handle,
 {
     CHECK_HANDLE(server_handle);
 
+    krb5_db_clr_error();
+
     if (mask & KADM5_REF_COUNT)
        return KADM5_BAD_MASK;
     else
@@ -139,10 +140,10 @@ kadm5_create_policy_internal(void *server_handle,
        pent.policy_refcnt = 0;
     else
        pent.policy_refcnt = entry->policy_refcnt;
-    if ((ret = osa_adb_create_policy(handle->policy_db, &pent)) == OSA_ADB_OK)
-       return KADM5_OK;
-    else
+    if ((ret = krb5_db_create_policy(handle->context, &pent)))
        return ret;
+    else
+       return KADM5_OK;
 }
          
 kadm5_ret_t
@@ -151,24 +152,30 @@ kadm5_delete_policy(void *server_handle, kadm5_policy_t name)
     kadm5_server_handle_t handle = server_handle;
     osa_policy_ent_t           entry;
     int                                ret;
+    int                         cnt=1;
 
     CHECK_HANDLE(server_handle);
 
+    krb5_db_clr_error();
+
     if(name == (kadm5_policy_t) NULL)
        return EINVAL;
     if(strlen(name) == 0)
        return KADM5_BAD_POLICY;
-    if ((ret = osa_adb_get_policy(handle->policy_db, name, &entry)) != OSA_ADB_OK)
+    if((ret = krb5_db_get_policy(handle->context, name, &entry,&cnt)))
        return ret;
+    if( cnt != 1 )
+       return KADM5_UNK_POLICY;
+
     if(entry->policy_refcnt != 0) {
-       osa_free_policy_ent(entry);
+       krb5_db_free_policy(handle->context, entry);
        return KADM5_POLICY_REF;
     }
-    osa_free_policy_ent(entry);
-    if ((ret = osa_adb_destroy_policy(handle->policy_db, name)) == OSA_ADB_OK)
-       return KADM5_OK;
-    else
+    krb5_db_free_policy(handle->context, entry);
+    if ((ret = krb5_db_delete_policy(handle->context, name)))
        return ret;
+    else
+       return KADM5_OK;
 }
 
 kadm5_ret_t
@@ -177,6 +184,8 @@ kadm5_modify_policy(void *server_handle,
 {
     CHECK_HANDLE(server_handle);
 
+    krb5_db_clr_error();
+
     if (mask & KADM5_REF_COUNT)
        return KADM5_BAD_MASK;
     else
@@ -190,6 +199,7 @@ kadm5_modify_policy_internal(void *server_handle,
     kadm5_server_handle_t handle = server_handle;
     osa_policy_ent_t   p;
     int                        ret;
+    int                 cnt=1;
 
     CHECK_HANDLE(server_handle);
 
@@ -200,26 +210,22 @@ kadm5_modify_policy_internal(void *server_handle,
     if((mask & KADM5_POLICY))
        return KADM5_BAD_MASK;
                
-    switch ((ret = osa_adb_get_policy(handle->policy_db, entry->policy, &p))) {
-    case OSA_ADB_OK:
-       break;
-    case OSA_ADB_NOENT:
+    ret = krb5_db_get_policy(handle->context, entry->policy, &p, &cnt);
+    if( ret && (cnt==0) )
        return KADM5_UNK_POLICY;
-    default:
-       break;
-    }
+
     if ((mask & KADM5_PW_MAX_LIFE))
        p->pw_max_life = entry->pw_max_life;
     if ((mask & KADM5_PW_MIN_LIFE)) {
        if(entry->pw_min_life > p->pw_max_life && p->pw_max_life != 0)  {
-            osa_free_policy_ent(p);
+            krb5_db_free_policy(handle->context, p);
             return KADM5_BAD_MIN_PASS_LIFE;
        }
        p->pw_min_life = entry->pw_min_life;
     }
     if ((mask & KADM5_PW_MIN_LENGTH)) {
        if(entry->pw_min_length < MIN_PW_LENGTH) {
-             osa_free_policy_ent(p);
+             krb5_db_free_policy(handle->context, p);
              return KADM5_BAD_LENGTH;
         }
        p->pw_min_length = entry->pw_min_length;
@@ -227,7 +233,7 @@ kadm5_modify_policy_internal(void *server_handle,
     if ((mask & KADM5_PW_MIN_CLASSES)) {
        if(entry->pw_min_classes > MAX_PW_CLASSES ||
           entry->pw_min_classes < MIN_PW_CLASSES) {
-            osa_free_policy_ent(p);
+            krb5_db_free_policy(handle->context, p);
             return KADM5_BAD_CLASS;
        }
        p->pw_min_classes = entry->pw_min_classes;
@@ -235,22 +241,15 @@ kadm5_modify_policy_internal(void *server_handle,
     if ((mask & KADM5_PW_HISTORY_NUM)) {
        if(entry->pw_history_num < MIN_PW_HISTORY ||
           entry->pw_history_num > MAX_PW_HISTORY) {
-            osa_free_policy_ent(p);
+            krb5_db_free_policy(handle->context, p);
             return KADM5_BAD_HISTORY;
        }
        p->pw_history_num = entry->pw_history_num;
     }
     if ((mask & KADM5_REF_COUNT))
        p->policy_refcnt = entry->policy_refcnt;
-    switch ((ret = osa_adb_put_policy(handle->policy_db, p))) {
-    case OSA_ADB_OK:
-       ret = KADM5_OK;
-       break;
-    case OSA_ADB_NOENT:        /* this should not happen here ... */
-       ret = KADM5_UNK_POLICY;
-       break;
-    }
-    osa_free_policy_ent(p);
+    ret = krb5_db_put_policy(handle->context, p);
+    krb5_db_free_policy(handle->context, p);
     return ret;
 }
 
@@ -262,9 +261,12 @@ kadm5_get_policy(void *server_handle, kadm5_policy_t name,
     kadm5_policy_ent_rec       entry_local, **entry_orig, *new;
     int                                ret;
     kadm5_server_handle_t handle = server_handle;
+    int                         cnt=1;
 
     CHECK_HANDLE(server_handle);
 
+    krb5_db_clr_error();
+
     /*
      * In version 1, entry is a pointer to a kadm5_policy_ent_t that
      * should be filled with allocated memory.
@@ -279,16 +281,14 @@ kadm5_get_policy(void *server_handle, kadm5_policy_t name,
        return EINVAL;
     if(strlen(name) == 0)
        return KADM5_BAD_POLICY;
-    switch((ret = osa_adb_get_policy(handle->policy_db, name, &t))) {
-    case OSA_ADB_OK:
-       break;
-    case OSA_ADB_NOENT:
-       return KADM5_UNK_POLICY;
-    default:
+    if((ret = krb5_db_get_policy(handle->context, name, &t, &cnt)))
        return ret;
-    }
+
+    if( cnt != 1 )
+       return KADM5_UNK_POLICY;
+
     if ((entry->policy = (char *) malloc(strlen(t->name) + 1)) == NULL) {
-        osa_free_policy_ent(t);
+        krb5_db_free_policy(handle->context, t);
         return ENOMEM;
     }
     strcpy(entry->policy, t->name);
@@ -298,13 +298,13 @@ kadm5_get_policy(void *server_handle, kadm5_policy_t name,
     entry->pw_min_classes = t->pw_min_classes;
     entry->pw_history_num = t->pw_history_num;
     entry->policy_refcnt = t->policy_refcnt;
-    osa_free_policy_ent(t);
+    krb5_db_free_policy(handle->context, t);
 
     if (handle->api_version == KADM5_API_VERSION_1) {
         new = (kadm5_policy_ent_t) malloc(sizeof(kadm5_policy_ent_rec));
         if (new == NULL) {
              free(entry->policy);
-             osa_free_policy_ent(t);
+             krb5_db_free_policy(handle->context, t);
              return ENOMEM;
         }
         *new = *entry;
index 7dc2d8f6bc3d507d62062b0772a2e13240991639..f1a0717e9d5540f7463fa82bafc5734942c7a0b4 100644 (file)
@@ -11,7 +11,6 @@ static char *rcsid = "$Header$";
 #include       <sys/types.h>
 #include       <sys/time.h>
 #include       <kadm5/admin.h>
-#include       "adb.h"
 #include       "k5-int.h"
 #include       <krb5/kdb.h>
 #include       <stdio.h>
@@ -35,6 +34,79 @@ static int decrypt_key_data(krb5_context context,
                            int n_key_data, krb5_key_data *key_data,
                            krb5_keyblock **keyblocks, int *n_keys);
 
+static krb5_error_code 
+kadm5_copy_principal(krb5_context context, krb5_const_principal inprinc, krb5_principal *outprinc)
+{
+    register krb5_principal tempprinc;
+    register int i, nelems;
+                                                                                                                            
+    tempprinc = (krb5_principal)krb5_db_alloc(context, NULL, sizeof(krb5_principal_data));
+                                                                                                                            
+    if (tempprinc == 0)
+        return ENOMEM;
+                                                                                                                            
+    memcpy(tempprinc, inprinc, sizeof(krb5_principal_data));
+                                                                                                                            
+    nelems = (int) krb5_princ_size(context, inprinc);
+    tempprinc->data = krb5_db_alloc(context, NULL, nelems * sizeof(krb5_data));
+                                                                                                                            
+    if (tempprinc->data == 0) {
+       krb5_db_free(context, (char *)tempprinc);
+        return ENOMEM;
+    }
+                                                                                                                            
+    for (i = 0; i < nelems; i++) {
+        unsigned int len = krb5_princ_component(context, inprinc, i)->length;
+        krb5_princ_component(context, tempprinc, i)->length = len;
+        if (((krb5_princ_component(context, tempprinc, i)->data =
+              krb5_db_alloc(context, NULL, len)) == 0) && len) {
+            while (--i >= 0)
+                krb5_db_free(context, krb5_princ_component(context, tempprinc, i)->data);
+            krb5_db_free (context, tempprinc->data);
+            krb5_db_free (context, tempprinc);
+            return ENOMEM;
+        }
+        if (len)
+            memcpy(krb5_princ_component(context, tempprinc, i)->data,
+                   krb5_princ_component(context, inprinc, i)->data, len);
+    }
+                                                                                                                            
+    tempprinc->realm.data =
+       krb5_db_alloc(context, NULL, tempprinc->realm.length = inprinc->realm.length);
+    if (!tempprinc->realm.data && tempprinc->realm.length) {
+            for (i = 0; i < nelems; i++)
+               krb5_db_free(context, krb5_princ_component(context, tempprinc, i)->data);
+            krb5_db_free(context, tempprinc->data);
+            krb5_db_free(context, tempprinc);
+            return ENOMEM;
+    }
+    if (tempprinc->realm.length)
+        memcpy(tempprinc->realm.data, inprinc->realm.data,
+               inprinc->realm.length);
+                                                                                                                            
+    *outprinc = tempprinc;
+    return 0;
+}
+                                                                                                                            
+static void
+kadm5_free_principal(krb5_context context, krb5_principal val)
+{
+    register krb5_int32 i;
+                                                                                                                            
+    if (!val)
+        return;
+                                                                                                                            
+    if (val->data) {
+        i = krb5_princ_size(context, val);
+        while(--i >= 0)
+            krb5_db_free(context, krb5_princ_component(context, val, i)->data);
+        krb5_db_free(context, val->data);
+    }
+    if (val->realm.data)
+        krb5_db_free(context, val->realm.data);
+    krb5_db_free(context, val);
+}
+
 /*
  * XXX Functions that ought to be in libkrb5.a, but aren't.
  */
@@ -98,8 +170,8 @@ static void cleanup_key_data(context, count, data)
      for (i = 0; i < count; i++)
          for (j = 0; j < data[i].key_data_ver; j++)
               if (data[i].key_data_length[j])
-                   free(data[i].key_data_contents[j]);
-     free(data);
+                  krb5_db_free(context, data[i].key_data_contents[j]);
+     krb5_db_free(context, data);
 }
 
 kadm5_ret_t
@@ -127,6 +199,8 @@ kadm5_create_principal_3(void *server_handle,
 
     CHECK_HANDLE(server_handle);
 
+    krb5_db_clr_error();
+
     /*
      * Argument sanity checking, and opening up the DB
      */
@@ -231,20 +305,37 @@ kadm5_create_principal_3(void *server_handle,
        to free the entire kdb entry, and that will try to free the
        principal. */
 
-    if ((ret = krb5_copy_principal(handle->context,
-                                  entry->principal, &(kdb.princ)))) {
+    if ((ret = kadm5_copy_principal(handle->context,
+                                   entry->principal, &(kdb.princ)))) {
        if (mask & KADM5_POLICY)
             (void) kadm5_free_policy_ent(handle->lhandle, &polent);
        return(ret);
     }
 
     if ((ret = krb5_dbe_update_last_pwd_change(handle->context, &kdb, now))) {
-         krb5_dbe_free_contents(handle->context, &kdb);
+         krb5_db_free_principal(handle->context, &kdb, 1);
         if (mask & KADM5_POLICY)
             (void) kadm5_free_policy_ent(handle->lhandle, &polent);
         return(ret);
     }
 
+    if (mask & KADM5_TL_DATA) {
+       /* splice entry->tl_data onto the front of kdb.tl_data */
+       tl_data_orig = kdb.tl_data;
+       for (tl_data_tail = entry->tl_data; tl_data_tail;
+            tl_data_tail = tl_data_tail->tl_data_next)
+       {
+           ret = krb5_dbe_update_tl_data(handle->context, &kdb, tl_data_tail);
+           if( ret )
+           {
+               krb5_db_free_principal(handle->context, &kdb, 1);
+               if (mask & KADM5_POLICY)
+                   (void) kadm5_free_policy_ent(handle->lhandle, &polent);
+               return ret;
+           }
+       }
+    }
+
     /* initialize the keys */
 
     if ((ret = krb5_dbe_cpw(handle->context, &master_keyblock,
@@ -253,7 +344,7 @@ kadm5_create_principal_3(void *server_handle,
                            password,
                            (mask & KADM5_KVNO)?entry->kvno:1,
                            FALSE, &kdb))) {
-       krb5_dbe_free_contents(handle->context, &kdb);
+       krb5_db_free_principal(handle->context, &kdb, 1);
        if (mask & KADM5_POLICY)
             (void) kadm5_free_policy_ent(handle->lhandle, &polent);
        return(ret);
@@ -282,33 +373,17 @@ kadm5_create_principal_3(void *server_handle,
        if ((ret = kadm5_modify_policy_internal(handle->lhandle, &polent,
                                                    KADM5_REF_COUNT))
            != KADM5_OK) {
-           krb5_dbe_free_contents(handle->context, &kdb);
+           krb5_db_free_principal(handle->context, &kdb, 1);
            if (mask & KADM5_POLICY)
                 (void) kadm5_free_policy_ent(handle->lhandle, &polent);
            return(ret);
        }
     }
 
-    if (mask & KADM5_TL_DATA) {
-        /* splice entry->tl_data onto the front of kdb.tl_data */
-        tl_data_orig = kdb.tl_data;
-        for (tl_data_tail = entry->tl_data; tl_data_tail->tl_data_next;
-             tl_data_tail = tl_data_tail->tl_data_next)
-             ;
-        tl_data_tail->tl_data_next = kdb.tl_data;
-        kdb.tl_data = entry->tl_data;
-    }
-
     /* store the new db entry */
     ret = kdb_put_entry(handle, &kdb, &adb);
 
-    if (mask & KADM5_TL_DATA) {
-        /* remove entry->tl_data from the front of kdb.tl_data */
-        tl_data_tail->tl_data_next = NULL;
-        kdb.tl_data = tl_data_orig;
-    }
-
-    krb5_dbe_free_contents(handle->context, &kdb);
+    krb5_db_free_principal(handle->context, &kdb, 1);
 
     if (ret) {
        if ((mask & KADM5_POLICY)) {
@@ -346,6 +421,8 @@ kadm5_delete_principal(void *server_handle, krb5_principal principal)
 
     CHECK_HANDLE(server_handle);
 
+    krb5_db_clr_error();
+
     if (principal == NULL)
        return EINVAL;
 
@@ -392,6 +469,8 @@ kadm5_modify_principal(void *server_handle,
 
     CHECK_HANDLE(server_handle);
 
+    krb5_db_clr_error();
+
     if((mask & KADM5_PRINCIPAL) || (mask & KADM5_LAST_PWD_CHANGE) ||
        (mask & KADM5_MOD_TIME) || (mask & KADM5_MOD_NAME) ||
        (mask & KADM5_MKVNO) || (mask & KADM5_AUX_ATTRIBUTES) ||
@@ -534,34 +613,18 @@ kadm5_modify_principal(void *server_handle,
     }
 
     if (mask & KADM5_TL_DATA) {
-        krb5_tl_data *tl, *tl2;
-        /*
-         * Replace kdb.tl_data with what was passed in.  The
-         * KRB5_TL_KADM_DATA will be re-added (based on adb) by
-         * kdb_put_entry, below.
-         *
-         * Note that we have to duplicate the passed in tl_data
-         * before adding it to kdb.  The reason is that kdb_put_entry
-         * will add its own tl_data entries that we will need to
-         * free, but we cannot free the caller's tl_data (an
-         * alternative would be to scan the tl_data after put_entry
-         * and only free those entries that were not passed in).
-         */
-        while (kdb.tl_data) {
-             tl = kdb.tl_data->tl_data_next;
-             free(kdb.tl_data->tl_data_contents);
-             free(kdb.tl_data);
-             kdb.tl_data = tl;
-        }
+        krb5_tl_data *tl;
+
+        /* may have to change the version number of the API. Updates the list with the given tl_data rather than over-writting */
 
-        kdb.n_tl_data = entry->n_tl_data;
-        kdb.tl_data = NULL;
-        tl2 = entry->tl_data;
-        while (tl2) {
-             tl = dup_tl_data(tl2);
-             tl->tl_data_next = kdb.tl_data;
-             kdb.tl_data = tl;
-             tl2 = tl2->tl_data_next;
+        for (tl = entry->tl_data; tl;
+             tl = tl->tl_data_next)
+        {
+            ret = krb5_dbe_update_tl_data(handle->context, &kdb, tl);
+            if( ret )
+            {
+                goto done;
+            }
         }
     }
 
@@ -593,6 +656,8 @@ kadm5_rename_principal(void *server_handle,
 
     CHECK_HANDLE(server_handle);
 
+    krb5_db_clr_error();
+
     if (source == NULL || target == NULL)
        return EINVAL;
 
@@ -614,8 +679,8 @@ kadm5_rename_principal(void *server_handle,
        }
     }
 
-    krb5_free_principal(handle->context, kdb.princ);
-    ret = krb5_copy_principal(handle->context, target, &kdb.princ);
+    kadm5_free_principal(handle->context, kdb.princ);
+    ret = kadm5_copy_principal(handle->context, target, &kdb.princ);
     if (ret) {
        kdb.princ = NULL; /* so freeing the dbe doesn't lose */
        goto done;
@@ -638,7 +703,7 @@ kadm5_get_principal(void *server_handle, krb5_principal principal,
 {
     krb5_db_entry              kdb;
     osa_princ_ent_rec          adb;
-    osa_adb_ret_t              ret = 0;
+    krb5_error_code            ret = 0;
     long                       mask;
     int i;
     kadm5_server_handle_t handle = server_handle;
@@ -646,6 +711,8 @@ kadm5_get_principal(void *server_handle, krb5_principal principal,
 
     CHECK_HANDLE(server_handle);
 
+    krb5_db_clr_error();
+
     /*
      * In version 1, all the defined fields are always returned.
      * entry is a pointer to a kadm5_principal_ent_t_v1 that should be
@@ -1222,6 +1289,8 @@ kadm5_chpass_principal_3(void *server_handle,
 
     CHECK_HANDLE(server_handle);
 
+    krb5_db_clr_error();
+
     hist_added = 0;
     memset(&hist, 0, sizeof(hist));
 
@@ -1373,7 +1442,7 @@ done:
         free_history_entry(handle->context, &hist);
     kdb_free_entry(handle, &kdb, &adb);
     kdb_free_entry(handle, &kdb_save, NULL);
-    krb5_dbe_free_contents(handle->context, &kdb);
+    krb5_db_free_principal(handle->context, &kdb, 1);
 
     if (have_pol && (ret2 = kadm5_free_policy_ent(handle->lhandle, &pol))
        && !ret) 
@@ -1409,6 +1478,8 @@ kadm5_randkey_principal_3(void *server_handle,
     int                                ret, last_pwd, have_pol = 0;
     kadm5_server_handle_t      handle = server_handle;
 
+    krb5_db_clr_error();
+
     if (keyblocks)
         *keyblocks = NULL;
 
@@ -1538,11 +1609,16 @@ kadm5_setv4key_principal(void *server_handle,
     krb5_int32                 now;
     kadm5_policy_ent_rec       pol;
     krb5_keysalt               keysalt;
-    int                                i, kvno, ret, have_pol = 0;
+    int                                i, k, kvno, ret, have_pol = 0;
 #if 0
     int                         last_pwd;
 #endif
     kadm5_server_handle_t      handle = server_handle;
+    krb5_key_data               tmp_key_data;
+
+    krb5_db_clr_error();
+
+    memset( &tmp_key_data, 0, sizeof(tmp_key_data));
 
     CHECK_HANDLE(server_handle);
 
@@ -1566,7 +1642,7 @@ kadm5_setv4key_principal(void *server_handle,
     if (kdb.key_data != NULL)
         cleanup_key_data(handle->context, kdb.n_key_data, kdb.key_data);
     
-    kdb.key_data = (krb5_key_data*)malloc(sizeof(krb5_key_data));
+    kdb.key_data = (krb5_key_data*)krb5_db_alloc(handle->context, NULL, sizeof(krb5_key_data));
     if (kdb.key_data == NULL)
         return ENOMEM;
     memset(kdb.key_data, 0, sizeof(krb5_key_data));
@@ -1576,13 +1652,39 @@ kadm5_setv4key_principal(void *server_handle,
     keysalt.data.length = 0;
     keysalt.data.data = NULL;
 
+    /* use tmp_key_data as temporary location and reallocate later */
     ret = krb5_dbekd_encrypt_key_data(handle->context, &master_keyblock,
                                      keyblock, &keysalt, kvno + 1,
-                                     kdb.key_data);
+                                     &tmp_key_data);
     if (ret) {
        goto done;
     }
 
+    for( k = 0; k < tmp_key_data.key_data_ver; k++ )
+    {
+       kdb.key_data->key_data_type[k] = tmp_key_data.key_data_type[k];
+       kdb.key_data->key_data_length[k] = tmp_key_data.key_data_length[k];
+       if( tmp_key_data.key_data_contents[k] )
+       {
+           kdb.key_data->key_data_contents[k] = krb5_db_alloc(handle->context, NULL, tmp_key_data.key_data_length[k]);
+           if( kdb.key_data->key_data_contents[k] == NULL )
+           {
+               cleanup_key_data(handle->context, kdb.n_key_data, kdb.key_data);
+               kdb.key_data = NULL;
+               kdb.n_key_data = 0;
+               ret = ENOMEM;
+               goto done;
+           }
+           memcpy( kdb.key_data->key_data_contents[k], tmp_key_data.key_data_contents[k], tmp_key_data.key_data_length[k]);
+
+           memset( tmp_key_data.key_data_contents[k], 0, tmp_key_data.key_data_length[k]);
+           free( tmp_key_data.key_data_contents[k] );
+           tmp_key_data.key_data_contents[k] = NULL;
+       }
+    }
+
+
+
     kdb.attributes &= ~KRB5_KDB_REQUIRES_PWCHANGE;
 
     ret = krb5_timeofday(handle->context, &now);
@@ -1646,6 +1748,15 @@ kadm5_setv4key_principal(void *server_handle,
 
     ret = KADM5_OK;
 done:
+    for( i = 0; i < tmp_key_data.key_data_ver; i++ )
+    {
+       if( tmp_key_data.key_data_contents[i] )
+       {
+           memset( tmp_key_data.key_data_contents[i], 0, tmp_key_data.key_data_length[i]);
+           free( tmp_key_data.key_data_contents[i] );
+       }
+    }
+
     kdb_free_entry(handle, &kdb, &adb);
     if (have_pol)
         kadm5_free_policy_ent(handle->lhandle, &pol);
@@ -1679,16 +1790,20 @@ kadm5_setkey_principal_3(void *server_handle,
     kadm5_policy_ent_rec       pol;
     krb5_key_data              *old_key_data;
     int                                n_old_keys;
-    int                                i, j, kvno, ret, have_pol = 0;
+    int                                i, j, k, kvno, ret, have_pol = 0;
 #if 0
     int                         last_pwd;
 #endif
     kadm5_server_handle_t      handle = server_handle;
     krb5_boolean               similar;
     krb5_keysalt               keysalt;
+    krb5_key_data         tmp_key_data;
+    krb5_key_data        *tptr;
 
     CHECK_HANDLE(server_handle);
 
+    krb5_db_clr_error();
+
     if (principal == NULL || keyblocks == NULL)
        return EINVAL;
     if (hist_princ && /* this will be NULL when initializing the databse */
@@ -1733,10 +1848,14 @@ kadm5_setkey_principal_3(void *server_handle,
        old_key_data = NULL;
     }
     
-    kdb.key_data = (krb5_key_data*)malloc((n_keys+n_old_keys)
-                                         *sizeof(krb5_key_data));
+    kdb.key_data = (krb5_key_data*)krb5_db_alloc(handle->context, NULL, (n_keys+n_old_keys)
+                                                *sizeof(krb5_key_data));
     if (kdb.key_data == NULL)
-        return ENOMEM;
+    {
+       ret= ENOMEM;
+       goto done;
+    }
+
     memset(kdb.key_data, 0, (n_keys+n_old_keys)*sizeof(krb5_key_data));
     kdb.n_key_data = 0;
 
@@ -1746,20 +1865,50 @@ kadm5_setkey_principal_3(void *server_handle,
            keysalt.data.length = 0;
            keysalt.data.data = NULL;
            if (ks_tuple[i].ks_enctype != keyblocks[i].enctype) {
-               cleanup_key_data(handle->context, kdb.n_key_data,
-                                kdb.key_data);
-               return KADM5_SETKEY3_ETYPE_MISMATCH;
+               ret= KADM5_SETKEY3_ETYPE_MISMATCH;
+               goto done;
            }
        }
+       memset( &tmp_key_data, 0, sizeof(tmp_key_data));
+
        ret = krb5_dbekd_encrypt_key_data(handle->context,
                                          &master_keyblock,
                                          &keyblocks[i],
                                          n_ks_tuple ? &keysalt : NULL,
                                          kvno + 1,
-                                         &kdb.key_data[i]);
+                                         &tmp_key_data);
        if (ret) {
-           cleanup_key_data(handle->context, kdb.n_key_data, kdb.key_data);
-           return ret;
+           goto done;
+       }
+       tptr = &kdb.key_data[i];
+       for( k = 0; k < tmp_key_data.key_data_ver; k++ )
+       {
+           tptr->key_data_type[k] = tmp_key_data.key_data_type[k];
+           tptr->key_data_length[k] = tmp_key_data.key_data_length[k];
+           if( tmp_key_data.key_data_contents[k] )
+           {
+               tptr->key_data_contents[k] = krb5_db_alloc(handle->context, NULL, tmp_key_data.key_data_length[k]);
+               if( tptr->key_data_contents[k] == NULL )
+               {
+                   int i1;
+                   for( i1 = k; i1 < tmp_key_data.key_data_ver; i1++ )
+                   {
+                       if( tmp_key_data.key_data_contents[i1] )
+                       {
+                           memset( tmp_key_data.key_data_contents[i1], 0, tmp_key_data.key_data_length[i1]);
+                           free( tmp_key_data.key_data_contents[i1] );
+                       }
+                   }
+
+                   ret =  ENOMEM;
+                   goto done;
+               }
+               memcpy( tptr->key_data_contents[k], tmp_key_data.key_data_contents[k], tmp_key_data.key_data_length[k]);
+
+               memset( tmp_key_data.key_data_contents[k], 0, tmp_key_data.key_data_length[k]);
+               free( tmp_key_data.key_data_contents[k] );
+               tmp_key_data.key_data_contents[k] = NULL;
+           }
        }
        kdb.n_key_data++;
     }
@@ -1770,6 +1919,10 @@ kadm5_setkey_principal_3(void *server_handle,
        memset(&old_key_data[i], 0, sizeof (krb5_key_data));
        kdb.n_key_data++;
     }
+
+    if( old_key_data )
+       krb5_db_free(handle->context, old_key_data);
+
     /* assert(kdb.n_key_data == n_keys + n_old_keys) */
     kdb.attributes &= ~KRB5_KDB_REQUIRES_PWCHANGE;
 
@@ -1862,6 +2015,14 @@ static int decrypt_key_data(krb5_context context,
                                            &key_data[i], 
                                            &keys[i], NULL);
          if (ret) {
+             for(; i >= 0; i-- )
+             {
+                 if( keys[i].contents )
+                 {
+                     memset( keys[i].contents, 0, keys[i].length );
+                     free( keys[i].contents );
+                 }
+             }
 
               memset((char *) keys, 0, n_key_data*sizeof(krb5_keyblock));
               free(keys);
@@ -1946,3 +2107,4 @@ kadm5_ret_t kadm5_decrypt_key(void *server_handle,
 
     return KADM5_OK;
 }
+
index 4b0777e89dc5767815d56a74405584f55b3f90a6..67c82bcd36fe1e9b1f542f22d39d2382ed68a392 100644 (file)
@@ -1,3 +1,15 @@
+2005-06-20  Ken Raeburn  <raeburn@mit.edu>
+
+       Novell merge.
+       * Makefile.in:
+       * destroy-test.c:
+       * handle-test.c:
+       * init-test.c:
+       * iter-test.c:
+       * lock-test.c:
+       * randkey-test.c:
+       * setkey-test.c:
+
 2005-02-10  Tom Yu  <tlyu@mit.edu>
 
        * api.2/init-v2.exp: Handle improved error codes from
index 5d4fc1f70f1e010fcdf7c1ca0d9d8b47915b821e..242e9c256ec046a1eac4ceecf063e10259614d73 100644 (file)
@@ -5,6 +5,7 @@ BUILDTOP=$(REL)..$(S)..$(S)..
 DEFINES = -DUSE_KADM5_API_VERSION=1
 PROG_LIBPATH=-L$(TOPLIBD)
 PROG_RPATH=$(KRB5_LIBDIR)
+KDB_DEP_LIB=-ldl -lpthread
 
 all:: init-test destroy-test client-handle-test client-iter-test
 all:: randkey-test server-handle-test lock-test server-iter-test 
@@ -40,26 +41,26 @@ client-setkey-test: setkey-test.o $(KADMCLNT_DEPLIBS) $(KRB5_BASE_DEPLIBS)
 
 randkey-test: randkey-test.o $(KADMSRV_DEPLIBS) $(KRB5_BASE_DEPLIBS)
        $(CC_LINK) -o randkey-test randkey-test.o \
-               $(KADMSRV_LIBS) $(KRB5_BASE_LIBS)
+               $(KADMSRV_LIBS) $(KDB_DEP_LIB) $(KRB5_BASE_LIBS)
 
 server-handle-test: handle-test.o $(KADMSRV_DEPLIBS) $(KRB5_BASE_DEPLIBS)
        $(CC_LINK) -o server-handle-test handle-test.o \
-               $(KADMSRV_LIBS) $(KRB5_BASE_LIBS)
+               $(KADMSRV_LIBS) $(KDB_DEP_LIB) $(KRB5_BASE_LIBS)
 
 lock-test: lock-test.o $(KADMSRV_DEPLIBS) $(KRB5_BASE_DEPLIBS)
        $(CC_LINK) -o lock-test lock-test.o \
-               $(KADMSRV_LIBS) $(KRB5_BASE_LIBS)
+               $(KADMSRV_LIBS) $(KDB_DEP_LIB) $(KRB5_BASE_LIBS)
 
 server-iter-test: iter-test.o $(KADMSRV_DEPLIBS) $(KRB5_BASE_DEPLIBS)
        $(CC_LINK) -o server-iter-test iter-test.o \
-               $(KADMSRV_LIBS) $(KRB5_BASE_LIBS)
+               $(KADMSRV_LIBS) $(KDB_DEP_LIB) $(KRB5_BASE_LIBS)
 
 setkey-test.o: $(SRCTOP)/lib/kadm5/unit-test/setkey-test.c
        $(CC) $(ALL_CFLAGS) -UUSE_KADM5_API_VERSION -DUSE_KADM5_API_VERSION=2 -c $(SRCTOP)/lib/kadm5/unit-test/setkey-test.c
 
 server-setkey-test: setkey-test.o $(KADMSRV_DEPLIBS) $(KRB5_BASE_DEPLIBS)
        $(CC_LINK) -o server-setkey-test setkey-test.o \
-               $(KADMSRV_LIBS) $(KRB5_BASE_LIBS)
+               $(KADMSRV_LIBS) $(KDB_DEP_LIB) $(KRB5_BASE_LIBS)
 
 #
 # The unit-test targets
index 02bfb7ec9a938cfd5305a2f71dc3cc904b75d97b..6d7435c45bdcfe65452c6a78f538a2458f08fcc3 100644 (file)
@@ -22,7 +22,7 @@ int main()
      for(x = 0; x < TEST_NUM; x++) {
        ret = ovsec_kadm_init("admin", "admin", "ovsec_adm/admin", 0,
                              OVSEC_KADM_STRUCT_VERSION,
-                             OVSEC_KADM_API_VERSION_1,
+                             OVSEC_KADM_API_VERSION_1, NULL,
                              &server_handle);
        if(ret != OVSEC_KADM_OK) {
            com_err("test", ret, "init");
index aa71df4837c4c5f941e0390d8bd1cea1ecc1d6fc..6743e6e8e1054e3bf203ad5709ed0f6d7f246d0f 100644 (file)
@@ -25,7 +25,7 @@ int main(int argc, char *argv[])
     krb5_init_context(&context);
      
     ret = ovsec_kadm_init("admin/none", "admin", "ovsec_adm/admin", 0,
-                         OVSEC_KADM_STRUCT_VERSION, OVSEC_KADM_API_VERSION_1,
+                         OVSEC_KADM_STRUCT_VERSION, OVSEC_KADM_API_VERSION_1, NULL,
                          &server_handle);
     if(ret != OVSEC_KADM_OK) {
        com_err("test", ret, "init");
index 86b35668685fd157058dabe8d039a9d032c67739..9677698a7975d2548a3ff9e448163cd5c7c8f6e7 100644 (file)
@@ -14,7 +14,7 @@ int main()
      memset(&params, 0, sizeof(params));
      params.mask |= KADM5_CONFIG_NO_AUTH;
      ret = kadm5_init("admin", "admin", NULL, &params,
-                     KADM5_STRUCT_VERSION, KADM5_API_VERSION_2,
+                     KADM5_STRUCT_VERSION, KADM5_API_VERSION_2, NULL,
                      &server_handle);
      if (ret == KADM5_RPC_ERROR)
          exit(0);
index 4c85fe76313840baac4f4307d002137387400b98..4b85a5490d214d7c6b7160930ee4102084168156 100644 (file)
@@ -16,7 +16,7 @@ int main(int argc, char **argv)
      
      ret = ovsec_kadm_init("admin", "admin", OVSEC_KADM_ADMIN_SERVICE, 0,
                           OVSEC_KADM_STRUCT_VERSION,
-                          OVSEC_KADM_API_VERSION_1,
+                          OVSEC_KADM_API_VERSION_1, NULL,
                           &server_handle);
      if (ret != OVSEC_KADM_OK) {
          com_err("iter-test", ret, "while initializing");
index 256954c857be5aaa0d197b9e8c71a60f4747607b..24ff74a917e7a258f1d44b4b75b78fce1d7b70bb 100644 (file)
@@ -6,7 +6,7 @@
 #include <stdio.h>
 #include <krb5.h>
 #include <kadm5/admin.h>
-#include <kadm5/adb.h>
+#include <krb5/kdb.h>
 
 char *whoami;
 
@@ -20,8 +20,7 @@ static void usage()
 
 int main(int argc, char **argv)
 {
-     osa_adb_ret_t ret;
-     osa_adb_policy_t policy_db;
+     krb5_error_code ret;
      osa_policy_ent_t entry;
      krb5_context context;
      kadm5_config_params params;
@@ -36,7 +35,7 @@ int main(int argc, char **argv)
      }
 
      initialize_ovk_error_table();
-     initialize_adb_error_table();
+/*      initialize_adb_error_table(); */
      initialize_ovku_error_table();
 
      params.mask = 0;
@@ -52,8 +51,8 @@ int main(int argc, char **argv)
          exit(1);
      }
 
-     ret = osa_adb_open_policy(&policy_db, &params);
-     if (ret != OSA_ADB_OK) {
+     ret = krb5_db_open( context, NULL, KRB5_KDB_OPEN_RW);
+     if (ret) {
          com_err(whoami, ret, "while opening database");
          exit(1);
      }
@@ -61,38 +60,39 @@ int main(int argc, char **argv)
      argc--; argv++;
      while (argc) {
          if (strcmp(*argv, "shared") == 0) {
-              ret = osa_adb_get_lock(policy_db, OSA_ADB_SHARED);
-              if (ret != OSA_ADB_OK)
+              ret = krb5_db_lock(context, KRB5_DB_LOCKMODE_SHARED);
+              if (ret)
                    com_err(whoami, ret, "while getting shared lock");
               else
                    printf("shared\n");
          } else if (strcmp(*argv, "exclusive") == 0) {
-              ret = osa_adb_get_lock(policy_db, OSA_ADB_EXCLUSIVE);
-              if (ret != OSA_ADB_OK)
+              ret = krb5_db_lock(context, KRB5_DB_LOCKMODE_EXCLUSIVE );
+              if (ret)
                    com_err(whoami, ret, "while getting exclusive lock");
               else
                    printf("exclusive\n");
          } else if (strcmp(*argv, "permanent") == 0) {
-              ret = osa_adb_get_lock(policy_db, OSA_ADB_PERMANENT);
-              if (ret != OSA_ADB_OK)
+              ret = krb5_db_lock(context, KRB5_DB_LOCKMODE_EXCLUSIVE );
+              if (ret)
                    com_err(whoami, ret, "while getting permanent lock");
               else
                    printf("permanent\n");
          } else if (strcmp(*argv, "release") == 0) {
-              ret = osa_adb_release_lock(policy_db);
-              if (ret != OSA_ADB_OK)
+              ret = krb5_db_unlock(context);
+              if (ret)
                    com_err(whoami, ret, "while releasing lock");
               else
                    printf("released\n");
          } else if (strcmp(*argv, "get") == 0) {
+              int cnt = 1;
               argc--; argv++;
               if (!argc) usage();
-              if ((ret = osa_adb_get_policy(policy_db, *argv,
-                                            &entry)) != OSA_ADB_OK) {
+              if ((ret = krb5_db_get_policy(context, *argv,
+                                            &entry, &cnt)) ) {
                    com_err(whoami, ret, "while getting policy");
               } else {
                    printf("retrieved\n");
-                   osa_free_policy_ent(entry);
+                   krb5_db_free_policy(context, entry);
               }
          } else if (strcmp(*argv, "wait") == 0) {
               getchar();
@@ -105,8 +105,8 @@ int main(int argc, char **argv)
          argc--; argv++;
      }
 
-     ret = osa_adb_close_policy(policy_db);
-     if (ret != OSA_ADB_OK) {
+     ret = krb5_db_fini(context);
+     if (ret) {
          com_err(whoami, ret, "while closing database");
          exit(1);
      }
index cddc165df30cd588a1d7352a594eec7fbc5e3624..5722302de2b6fc05c71dfa6a974fdf165fa01e69 100644 (file)
@@ -23,7 +23,7 @@ int main()
      krb5_parse_name(context, "testuser", &tprinc);
      ret = ovsec_kadm_init("admin", "admin", "ovsec_adm/admin", 0,
                           OVSEC_KADM_STRUCT_VERSION,
-                          OVSEC_KADM_API_VERSION_1,
+                          OVSEC_KADM_API_VERSION_1, NULL,
                           &server_handle);
      if(ret != OVSEC_KADM_OK) {
        com_err("test", ret, "init");
index 5b791d8f3fc8c36aaad48c51f35902a8b6f67c51..af78114de5e82b7ff37d1eef03ccf5b9e8297f62 100644 (file)
@@ -119,7 +119,7 @@ main(int argc, char **argv)
   }
 
   ret = kadm5_init(authprinc, NULL, KADM5_ADMIN_SERVICE, NULL,
-                  KADM5_STRUCT_VERSION, KADM5_API_VERSION_2,
+                  KADM5_STRUCT_VERSION, KADM5_API_VERSION_2, NULL,
                   &handle);
   if (ret) {
     com_err(whoami, ret, "while initializing connection");
index 99e6b58ca74579302a2ababb01a8477961ca826e..740cef0264c224d4f84df2628746084a4ad13c53 100644 (file)
@@ -1,3 +1,30 @@
+2005-06-20  Ken Raeburn  <raeburn@mit.edu>
+
+       Novell merge.
+       * Makefile.in:
+       * adb_err.et:
+       * configure.in:
+       * decrypt_key.c:
+       * encrypt_key.c:
+       * err_handle.c:
+       * err_handle.h:
+       * fetch_mkey.c:
+       * kdb5.c:
+       * kdb5.h:
+       * kdb_compat.h:
+       * kdb_cpw.c:
+       * kdb_db2.c:
+       * kdb_db2.h:
+       * kdb_default.c:
+       * kdb_xdr.c:
+       * keytab.c:
+       * libkrb5.exports:
+       * setup_mkey.c:
+       * store_mkey.c:
+       * t_kdb.c:
+       * t_krb5.conf:
+       * verify_mky.c:
+
 2005-06-09  Ken Raeburn  <raeburn@mit.edu>
 
        * kdb_dbm.c: Unused file deleted.
index 396ce1ef45706ad00abd272f5c34d05820f1bbd7..84c94c2f5a30ef01a057eae52570d1b030aaefb3 100644 (file)
@@ -6,6 +6,8 @@ KRB5_RUN_ENV = @KRB5_RUN_ENV@
 KRB5_CONFIG_SETUP = KRB5_CONFIG=$(SRCTOP)/config-files/krb5.conf ; export KRB5_CONFIG ;
 PROG_LIBPATH=-L$(TOPLIBD)
 PROG_RPATH=$(KRB5_LIBDIR)
+CFLAGS=@CFLAGS@ -DKDB5_USE_LIB_KDB_DB2
+LOCALINCLUDES= -I.
 
 LIBBASE=kdb5
 LIBMAJOR=4
@@ -29,30 +31,29 @@ DBOBJLISTS-k5 = $(DBDIR)/hash/OBJS.ST $(DBDIR)/btree/OBJS.ST \
 
 all:: 
 
+adb_err.$(OBJEXT): adb_err.c
+adb_err.c adb_err.h: $(srcdir)/adb_err.et
+
 SRCS= \
-       $(srcdir)/keytab.c \
+       $(srcdir)/kdb5.c \
        $(srcdir)/encrypt_key.c \
        $(srcdir)/decrypt_key.c \
+       $(srcdir)/kdb_default.c \
        $(srcdir)/kdb_cpw.c \
-       $(srcdir)/kdb_db2.c \
-       $(srcdir)/kdb_xdr.c \
-       $(srcdir)/verify_mky.c \
-       $(srcdir)/fetch_mkey.c \
-       $(srcdir)/setup_mkey.c \
-       $(srcdir)/store_mkey.c
+       adb_err.c \
+       $(srcdir)/err_handle.c \
+       $(srcdir)/keytab.c
 
 STOBJLISTS=OBJS.ST $(DBOBJLISTS)
 STLIBOBJS= \
-       keytab.o \
+       kdb5.o \
        encrypt_key.o \
        decrypt_key.o \
+       kdb_default.o \
        kdb_cpw.o \
-       kdb_db2.o \
-       kdb_xdr.o \
-       verify_mky.o \
-       fetch_mkey.o \
-       setup_mkey.o \
-       store_mkey.o
+       adb_err.o \
+       err_handle.o \
+       keytab.o
 
 all-unix:: all-liblinks
 install-unix:: install-libs
@@ -78,14 +79,14 @@ clean::
 # Makefile dependencies follow.  This must be the last section in
 # the Makefile.in file
 #
-keytab.so keytab.po $(OUTPRE)keytab.$(OBJEXT): keytab.c \
-  $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/krb5/osconf.h \
-  $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/k5-platform.h \
-  $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/k5-thread.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h \
-  $(SRCTOP)/include/port-sockets.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(SRCTOP)/include/krb5/kdb_kt.h $(SRCTOP)/include/krb5/kdb.h
+kdb5.so kdb5.po $(OUTPRE)kdb5.$(OBJEXT): kdb5.c $(SRCTOP)/include/k5-int.h \
+  $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5/autoconf.h \
+  $(SRCTOP)/include/k5-thread.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+  $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/socket-utils.h \
+  $(SRCTOP)/include/krb5/kdb.h $(BUILDTOP)/include/krb5/osconf.h \
+  kdb5.h err_handle.h ./adb_err.h
 encrypt_key.so encrypt_key.po $(OUTPRE)encrypt_key.$(OBJEXT): \
   encrypt_key.c $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/krb5/osconf.h \
   $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/k5-platform.h \
@@ -100,54 +101,35 @@ decrypt_key.so decrypt_key.po $(OUTPRE)decrypt_key.$(OBJEXT): \
   $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h \
   $(SRCTOP)/include/port-sockets.h $(BUILDTOP)/include/krb5/autoconf.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
-kdb_cpw.so kdb_cpw.po $(OUTPRE)kdb_cpw.$(OBJEXT): kdb_cpw.c \
-  $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/krb5/osconf.h \
-  $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/k5-platform.h \
-  $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/k5-thread.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h \
-  $(SRCTOP)/include/port-sockets.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(SRCTOP)/include/krb5/adm.h
-kdb_db2.so kdb_db2.po $(OUTPRE)kdb_db2.$(OBJEXT): kdb_db2.c \
-  $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/krb5/osconf.h \
-  $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/k5-platform.h \
-  $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/k5-thread.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h \
-  $(SRCTOP)/include/port-sockets.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
-  $(DB_DEPS) kdb_compat.h kdb_db2.h
-kdb_xdr.so kdb_xdr.po $(OUTPRE)kdb_xdr.$(OBJEXT): kdb_xdr.c \
-  $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/krb5/osconf.h \
-  $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/k5-platform.h \
-  $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/k5-thread.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h \
-  $(SRCTOP)/include/port-sockets.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
-verify_mky.so verify_mky.po $(OUTPRE)verify_mky.$(OBJEXT): \
-  verify_mky.c $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/krb5/osconf.h \
-  $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/k5-platform.h \
-  $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/k5-thread.h \
-  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h \
-  $(SRCTOP)/include/port-sockets.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
-fetch_mkey.so fetch_mkey.po $(OUTPRE)fetch_mkey.$(OBJEXT): \
-  fetch_mkey.c $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/krb5/osconf.h \
+kdb_default.so kdb_default.po $(OUTPRE)kdb_default.$(OBJEXT): \
+  kdb_default.c $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/krb5/osconf.h \
   $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/k5-platform.h \
   $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/k5-thread.h \
   $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h \
   $(SRCTOP)/include/port-sockets.h $(BUILDTOP)/include/krb5/autoconf.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
-setup_mkey.so setup_mkey.po $(OUTPRE)setup_mkey.$(OBJEXT): \
-  setup_mkey.c $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/krb5/osconf.h \
+kdb_cpw.so kdb_cpw.po $(OUTPRE)kdb_cpw.$(OBJEXT): kdb_cpw.c \
+  $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/krb5/osconf.h \
   $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/k5-platform.h \
   $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/k5-thread.h \
   $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h \
   $(SRCTOP)/include/port-sockets.h $(BUILDTOP)/include/krb5/autoconf.h \
   $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
-store_mkey.so store_mkey.po $(OUTPRE)store_mkey.$(OBJEXT): \
-  store_mkey.c $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/krb5/osconf.h \
+adb_err.so adb_err.po $(OUTPRE)adb_err.$(OBJEXT): adb_err.c \
+  $(COM_ERR_DEPS)
+err_handle.so err_handle.po $(OUTPRE)err_handle.$(OBJEXT): \
+  err_handle.c err_handle.h $(SRCTOP)/include/k5-int.h \
+  $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5/autoconf.h \
+  $(SRCTOP)/include/k5-thread.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+  $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/socket-utils.h \
+  $(SRCTOP)/include/krb5/kdb.h
+keytab.so keytab.po $(OUTPRE)keytab.$(OBJEXT): keytab.c \
+  $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/krb5/osconf.h \
   $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/k5-platform.h \
   $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/k5-thread.h \
   $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h \
   $(SRCTOP)/include/port-sockets.h $(BUILDTOP)/include/krb5/autoconf.h \
-  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h
+  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
+  $(SRCTOP)/include/krb5/kdb_kt.h $(SRCTOP)/include/krb5/kdb.h
index dc002d878a123210e753829f12ffb8c4d5110d69..4f06b3204f02be1761126431a11108e0593fd894 100644 (file)
@@ -4,6 +4,7 @@ AC_CHECK_HEADERS(unistd.h)
 AC_TYPE_MODE_T
 AC_TYPE_OFF_T
 
+AC_CHECK_HEADERS(pthread.h)
 AC_CHECK_FUNCS(srand48 srand srandom umask)
 
 dnl AIX is unusual in that it wants all symbols resolved at link time
@@ -19,4 +20,5 @@ dnl The following is for check...
 KRB5_BUILD_PROGRAM
 KRB5_BUILD_LIBOBJS
 KRB5_BUILD_LIBRARY_WITH_DEPS
-V5_AC_OUTPUT_MAKEFILE
+AC_CONFIG_SUBDIRS(kdb_db2)
+V5_AC_OUTPUT_MAKEFILE(. kdb_db2)
index 765e6f377ef8178785681daeff3e9b7c8f2a3011..53d02ffb7b46f663cc5861304a341614168045c5 100644 (file)
  */
 
 krb5_error_code
-krb5_dbekd_decrypt_key_data(context, mkey, key_data, dbkey, keysalt)
-    krb5_context         context;
-    const krb5_keyblock        * mkey;
-    const krb5_key_data        * key_data;
-    krb5_keyblock      * dbkey;
-    krb5_keysalt       * keysalt;
+krb5_dbekd_decrypt_key_data( krb5_context        context,
+                            const krb5_keyblock        * mkey,
+                            const krb5_key_data        * key_data,
+                            krb5_keyblock      * dbkey,
+                            krb5_keysalt       * keysalt)
 {
     krb5_error_code      retval = 0;
     krb5_int16           tmplen;
index aa259f9002b68eb95fadcd3c2042129e7475f766..13686a4ed24e924032b9d4177ec1263b29706967 100644 (file)
  */
 
 krb5_error_code
-krb5_dbekd_encrypt_key_data(context, mkey, dbkey, keysalt, keyver, key_data)
-    krb5_context                 context;
-    const krb5_keyblock                * mkey;
-    const krb5_keyblock        * dbkey;
-    const krb5_keysalt         * keysalt;
-    int                                  keyver;
-    krb5_key_data              * key_data;
+krb5_dbekd_encrypt_key_data( krb5_context                context,
+                            const krb5_keyblock        * mkey,
+                            const krb5_keyblock        * dbkey,
+                            const krb5_keysalt         * keysalt,
+                            int                          keyver,
+                            krb5_key_data              * key_data)
 {
     krb5_error_code              retval;
     krb5_octet                 * ptr;
diff --git a/src/lib/kdb/err_handle.c b/src/lib/kdb/err_handle.c
new file mode 100644 (file)
index 0000000..7d54441
--- /dev/null
@@ -0,0 +1,193 @@
+/**********************************************************************
+*
+*      C %name:                err_handle.c %
+*      Instance:               idc_sec_1
+*      Description:    
+*      %created_by:    spradeep %
+*      %date_created:  Thu Apr  7 14:05:00 2005 %
+*
+**********************************************************************/
+#ifndef lint
+static char *_csrc = "@(#) %filespec: err_handle.c~1 %  (%full_filespec: err_handle.c~1:csrc:idc_sec#1 %)";
+#endif
+
+/* This file should be ideally be in util/et.  But, for now thread
+   safety requirement stops me from putting there.  if I do, then all
+   the applications have to link to pthread.  */
+
+#ifdef HAVE_PTHREAD_H
+#include <pthread.h>
+#endif
+#include "err_handle.h"
+#include <assert.h>
+
+#ifdef NOVELL
+krb5_errcode_2_string_func old_error_2_string = NULL;
+#endif
+
+typedef struct {
+    char krb5_err_str[KRB5_MAX_ERR_STR + 1];
+    long err_code;
+    krb5_err_subsystem subsystem;
+    krb5_context kcontext;
+} krb5_err_struct_t;
+
+#ifdef HAVE_PTHREAD_H
+static void tsd_key_destructor(void *data)
+{
+    free(data);
+}
+
+static pthread_key_t krb5_err_key;
+
+static void init_err_handling( void )
+{
+    assert(!pthread_key_create(&krb5_err_key, tsd_key_destructor));
+#ifdef NOVELL
+    old_error_2_string = error_message;
+    error_message = krb5_get_err_string;
+#endif
+}
+
+static pthread_once_t krb5_key_create = PTHREAD_ONCE_INIT;
+
+krb5_error_code krb5_set_err( krb5_context kcontext, krb5_err_subsystem subsystem, long err_code, char *str )
+{
+    int ret;
+    krb5_err_struct_t *err_struct;
+    pthread_once(&krb5_key_create, init_err_handling);
+    
+    err_struct = (krb5_err_struct_t*) pthread_getspecific(krb5_err_key);
+    if( err_struct == NULL )
+    {
+       err_struct = calloc(sizeof(krb5_err_struct_t), 1);
+       if( err_struct == NULL )
+           return ENOMEM;
+
+       if((ret = pthread_setspecific(krb5_err_key, err_struct)))
+       {
+           free( err_struct );
+           return ret;
+       }
+    }
+
+    err_struct->subsystem = subsystem;
+    err_struct->err_code  = err_code;
+    err_struct->kcontext  = kcontext;
+    if( err_struct->subsystem == krb5_err_have_str )
+    {
+       strncpy( err_struct->krb5_err_str, str, sizeof(err_struct->krb5_err_str) );
+       err_struct->krb5_err_str[KRB5_MAX_ERR_STR] = '\0';
+    }
+
+    return 0;
+}
+
+const char * KRB5_CALLCONV krb5_get_err_string(long err_code)
+{
+    krb5_err_struct_t *err_struct;
+    pthread_once(&krb5_key_create, init_err_handling);
+    
+    err_struct = (krb5_err_struct_t*) pthread_getspecific(krb5_err_key);
+    if( err_struct && (err_struct->subsystem == krb5_err_have_str) && (err_code == err_struct->err_code) )
+    {
+       /* checking error code is for safety. 
+          In case, the caller ignores a database error and calls other calls before doing com_err. 
+          Though not perfect, caller should call krb5_clr_error before this*/
+       err_struct->subsystem = krb5_err_unknown;
+       return err_struct->krb5_err_str;
+    }
+
+    if( err_struct && (err_struct->subsystem == krb5_err_db) && (err_code == err_struct->err_code) )
+    {
+       err_struct->subsystem = krb5_err_unknown;
+       return krb5_db_errcode2string(err_struct->kcontext, err_code);
+    }
+
+    /* Error strings are not generated here. the remaining two cases are handled by the default error string convertor */
+#ifdef NOVELL
+    return old_error_2_string(err_code);
+#else
+    return error_message (err_code);
+#endif
+}
+
+void krb5_clr_error()
+{
+    krb5_err_struct_t *err_struct;
+    pthread_once(&krb5_key_create, init_err_handling);
+    
+    err_struct = (krb5_err_struct_t*) pthread_getspecific(krb5_err_key);
+    if( err_struct )
+       err_struct->subsystem = krb5_err_unknown;
+}
+
+#else
+krb5_err_struct_t krb5_err = {{0}, 0, 0, 0};
+krb5_boolean krb5_init_once = TRUE;
+
+static void init_err_handling( void )
+{
+    if( krb5_init_once )
+    {
+       old_error_2_string = error_message;
+       error_message = krb5_get_err_string;
+       krb5_init_once = FALSE;
+    }
+}
+
+krb5_error_code krb5_set_err( krb5_context kcontext, krb5_err_subsystem subsystem, long err_code, char *str )
+{
+    krb5_err_struct_t *err_struct = &krb5_err;
+
+    init_err_handling(); /* takes care for multiple inits */
+
+    err_struct->subsystem = subsystem;
+    err_struct->err_code  = err_code;
+    err_struct->kcontext  = kcontext;
+    if( err_struct->subsystem == krb5_err_have_str )
+    {
+       strncpy( err_struct->krb5_err_str, str, sizeof(err_struct->krb5_err_str) );
+       err_struct->krb5_err_str[KRB5_MAX_ERR_STR] = '\0';
+    }
+
+    return 0;
+}
+
+const char * KRB5_CALLCONV krb5_get_err_string(long err_code)
+{
+    krb5_err_struct_t *err_struct = &krb5_err;
+
+    init_err_handling(); /* takes care for multiple inits */
+
+    if( (err_struct->subsystem == krb5_err_have_str) && (err_code == err_struct->err_code) )
+    {
+       /* checking error code is for safety. 
+          In case, the caller ignores a database error and calls other calls before doing com_err. 
+          Though not perfect, caller should call krb5_clr_error before this*/
+       err_struct->subsystem = krb5_err_unknown;
+       return err_struct->krb5_err_str;
+    }
+
+    if( (err_struct->subsystem == krb5_err_db) && (err_code == err_struct->err_code) )
+    {
+       err_struct->subsystem = krb5_err_unknown;
+       return krb5_db_errcode2string(err_struct->kcontext, err_code);
+    }
+
+    /* it is not generated here. the remaining two cases are handled by the default error string convertor */
+    return old_error_2_string(err_code);
+    
+}
+
+void krb5_clr_error()
+{
+    krb5_err_struct_t *err_struct = &krb5_err;
+
+    init_err_handling(); /* takes care for multiple inits */
+
+    err_struct->subsystem = krb5_err_unknown;
+}
+
+
+#endif
diff --git a/src/lib/kdb/err_handle.h b/src/lib/kdb/err_handle.h
new file mode 100644 (file)
index 0000000..e123afc
--- /dev/null
@@ -0,0 +1,32 @@
+/**********************************************************************
+*
+*      C Header:               err_handle.h
+*      Instance:               idc_sec_1
+*      Description:    
+*      %created_by:    spradeep %
+*      %date_created:  Thu Apr  7 14:05:33 2005 %
+*
+**********************************************************************/
+#ifndef _idc_sec_1_err_handle_h_H
+#define _idc_sec_1_err_handle_h_H
+#include <k5-int.h>
+
+/* Everything else goes here */
+
+#define KRB5_MAX_ERR_STR 1024
+typedef enum krb5_err_subsystem { krb5_err_unknown = 0, /* no error or unknown system. Has to be probed */
+                                 krb5_err_system,    /* error in system call */
+                                 krb5_err_krblib,    /* error in kerberos library call, should lookup in the error table */
+                                 krb5_err_have_str,  /* error message is available in the string */
+                                 krb5_err_db         /* error is a database error, should be handled by calling DB */
+} krb5_err_subsystem;
+
+typedef krb5_error_code (*krb5_set_err_func_t)( krb5_context, krb5_err_subsystem, long, char*);
+
+krb5_error_code krb5_set_err( krb5_context kcontext, krb5_err_subsystem subsystem, long err_code, char *str );
+
+const char * KRB5_CALLCONV krb5_get_err_string(long err_code);
+
+void krb5_clr_error(void);
+
+#endif
diff --git a/src/lib/kdb/fetch_mkey.c b/src/lib/kdb/fetch_mkey.c
deleted file mode 100644 (file)
index 5d63b8c..0000000
+++ /dev/null
@@ -1,182 +0,0 @@
-/*
- * lib/kdb/fetch_mkey.c
- *
- * Copyright 1990 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- *   require a specific license from the United States Government.
- *   It is the responsibility of any person or organization contemplating
- *   export to obtain such a license before exporting.
- * 
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission.  Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose.  It is provided "as is" without express
- * or implied warranty.
- * 
- *
- * krb5_db_fetch_mkey():
- * Fetch a database master key from somewhere.
- */
-
-/*
- * Copyright (C) 1998 by the FundsXpress, INC.
- * 
- * All rights reserved.
- * 
- * Export of this software from the United States of America may require
- * a specific license from the United States Government.  It is the
- * responsibility of any person or organization contemplating export to
- * obtain such a license before exporting.
- * 
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of FundsXpress. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission.  FundsXpress makes no representations about the suitability of
- * this software for any purpose.  It is provided "as is" without express
- * or implied warranty.
- * 
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
- * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
- */
-
-#include "k5-int.h"
-
-/* these are available to other funcs, and the pointers may be reassigned */
-
-char *krb5_mkey_pwd_prompt1 = KRB5_KDC_MKEY_1;
-char *krb5_mkey_pwd_prompt2 = KRB5_KDC_MKEY_2;
-
-/*
- * Get the KDC database master key from somewhere, filling it into *key.
- *
- * key->enctype should be set to the desired key type.
- *
- * if fromkeyboard is TRUE, then the master key is read as a password
- * from the user's terminal.  In this case,
- * eblock should point to a block with an appropriate string_to_key function.
- * if twice is TRUE, the password is read twice for verification.
- *
- * mname is the name of the key sought; this can be used by the string_to_key
- * function or by some other method to isolate the desired key.
- *
- */
-
-#ifndef min
-#define min(a,b) (((a) < (b)) ? (a) : (b))
-#endif
-
-krb5_error_code
-krb5_db_fetch_mkey(context, mname, etype, fromkeyboard, twice, keyfile,
-                  salt, key)
-    krb5_context context;
-    krb5_principal mname;
-    krb5_enctype etype;
-    krb5_boolean fromkeyboard;
-    krb5_boolean twice;
-    char *keyfile;
-    krb5_data * salt;
-    krb5_keyblock * key;
-{
-    krb5_error_code retval;
-    char password[BUFSIZ];
-    krb5_data pwd;
-    unsigned int size = sizeof(password);
-
-    if (fromkeyboard) {
-       krb5_data scratch;
-
-       if ((retval = krb5_read_password(context, krb5_mkey_pwd_prompt1,
-                                        twice ? krb5_mkey_pwd_prompt2 : 0,
-                                        password, &size)))
-           return(retval);
-
-       pwd.data = password;
-       pwd.length = size;
-       if (!salt) {
-               retval = krb5_principal2salt(context, mname, &scratch);
-               if (retval)
-                       return retval;
-       }
-       retval = krb5_c_string_to_key(context, etype, &pwd, salt?salt:&scratch,
-                                     key);
-
-       if (!salt)
-               krb5_xfree(scratch.data);
-       memset(password, 0, sizeof(password)); /* erase it */
-       return retval;
-
-    } else {
-       /* from somewhere else */
-        krb5_ui_2 enctype;
-       char defkeyfile[MAXPATHLEN+1];
-       krb5_data *realm = krb5_princ_realm(context, mname);
-       FILE *kf;
-
-       retval = 0;
-       key->magic = KV5M_KEYBLOCK;
-       (void) strcpy(defkeyfile, DEFAULT_KEYFILE_STUB);
-       (void) strncat(defkeyfile, realm->data,
-                      min(sizeof(defkeyfile)-sizeof(DEFAULT_KEYFILE_STUB)-1,
-                          realm->length));
-       defkeyfile[sizeof(defkeyfile) - 1] = '\0';
-       
-#ifdef ANSI_STDIO
-       if (!(kf = fopen((keyfile) ? keyfile : defkeyfile, "rb")))
-#else
-       if (!(kf = fopen((keyfile) ? keyfile : defkeyfile, "r")))
-#endif
-           return KRB5_KDB_CANTREAD_STORED;
-       if (fread((krb5_pointer) &enctype, 2, 1, kf) != 1) {
-           retval = KRB5_KDB_CANTREAD_STORED;
-           goto errout;
-       }
-       if (key->enctype == ENCTYPE_UNKNOWN)
-           key->enctype = enctype;
-       else if (enctype != key->enctype) {
-           retval = KRB5_KDB_BADSTORED_MKEY;
-           goto errout;
-       }
-       if (fread((krb5_pointer) &key->length,
-                 sizeof(key->length), 1, kf) != 1) {
-           retval = KRB5_KDB_CANTREAD_STORED;
-           goto errout;
-       }
-       if (!key->length || ((int) key->length) < 0) {
-           retval = KRB5_KDB_BADSTORED_MKEY;
-           goto errout;
-       }
-       
-       if (!(key->contents = (krb5_octet *)malloc(key->length))) {
-           retval = ENOMEM;
-           goto errout;
-       }
-       if (fread((krb5_pointer) key->contents,
-                 sizeof(key->contents[0]), key->length, kf) 
-           != key->length) {
-           retval = KRB5_KDB_CANTREAD_STORED;
-           memset(key->contents, 0,  key->length);
-           free(key->contents);
-           key->contents = 0;
-       } else
-           retval = 0;
-
-    errout:
-       (void) fclose(kf);
-       return retval;
-    }
-}
diff --git a/src/lib/kdb/kdb5.c b/src/lib/kdb/kdb5.c
new file mode 100644 (file)
index 0000000..c4afa1b
--- /dev/null
@@ -0,0 +1,2051 @@
+/* 
+ * Include files
+ */
+
+#ifdef HAVE_PTHREAD_H
+#include <pthread.h>
+#endif
+
+#include <stdio.h>
+#include <string.h>
+#include <dlfcn.h>
+#include <k5-int.h>
+#include <osconf.h>
+#include "kdb5.h"
+#include <assert.h>
+
+/* currently DB2 policy related errors are exported from DAL. But other databases should set_err function to return string */
+#include "adb_err.h"
+
+
+/*
+ * Type definitions
+ */
+#define KRB5_TL_DB_ARGS                 0x7fff
+
+/*
+ * internal static variable
+ */
+
+#ifdef HAVE_PTHREAD_H
+/* static pthread_once_t db_inited = PTHREAD_ONCE_INIT; */
+static pthread_mutex_t db_lock  = PTHREAD_MUTEX_INITIALIZER;
+#else
+/* static int db_inited = 0; */
+#endif
+
+
+#ifdef _KDB5_STATIC_LINK
+#undef _KDB5_DYNAMIC_LINK
+#else
+#undef _KDB5_DYNAMIC_LINK 
+/* to avoid redefinition problem */
+#define _KDB5_DYNAMIC_LINK
+#endif
+
+
+static db_library lib_list;
+
+/*
+ * Helper Functions
+ */
+#ifdef HAVE_PTHREAD_H
+
+/* 
+ * KNOWN ISSUES with locking: This code does not handle a scenario where a library is thread-safe for different DB contexts,
+ * but not with the same context. It locks the complete DB library. If this is not the scenario, then lock has to be moved from
+ * db_library to kdb5_dal_handle. For now doing a pessimistic locking. 
+ *
+ * If any thread does a DB lock, all the other threads are barred from accessing DB using this context (infact library 
+ * because of the previous defect). 
+ * This is with the assumption that, DB's lock code will take care of excluding other processes/machines from 
+ * using the DB. But there could be a scenario where access by some other thread using the same context might corrupt the database. 
+ */
+
+static int kdb_lock_list()
+{
+    return pthread_mutex_lock( &db_lock );
+}
+
+static int kdb_unlock_list()
+{
+    return pthread_mutex_unlock( &db_lock );
+}
+
+static int kdb_init_lib_lock( db_library lib )
+{
+    krb5_error_code retval;
+    if( (retval= pthread_mutex_init( &lib->lib_lock, NULL )))
+    {
+       return retval;
+    }
+
+    lib->lock_holder = pthread_self();
+    lib->excl  = 0;
+    lib->recursive_cnt   = 0;
+
+    return pthread_cond_init( &lib->unlocked, NULL );
+}
+
+static int kdb_destroy_lib_lock ( db_library lib )
+{
+    krb5_error_code retval;
+    if( (retval = pthread_mutex_destroy( &lib->lib_lock )) )
+    {
+       return retval;
+    }
+
+    return pthread_cond_destroy( &lib->unlocked );
+}
+
+static int kdb_lock_lib_lock( db_library lib, krb5_boolean exclusive )
+{
+    /* since, handle locked by one thread should not allow another thread to continue */
+    krb5_error_code retval = 0;
+    pthread_t myid = pthread_self();
+
+    if( (retval = pthread_mutex_lock( &lib->lib_lock )) )
+       return retval;
+
+    while( (exclusive && (lib->excl || lib->recursive_cnt)) || 
+          (!pthread_equal(lib->lock_holder, myid) && !lib->vftabl.is_thread_safe && lib->recursive_cnt) )
+    {
+           /* exclusive lock held or some one using lock when exclusive is requested or library not-re-entrent */
+           if( (retval = pthread_cond_wait(&lib->unlocked, &lib->lib_lock)) )
+               return retval;
+    }
+
+    /* exclusive lock and recursive_cnt allow a thread to lock even it already holds a lock */
+    if( exclusive )
+       lib->excl++;
+
+    lib->recursive_cnt++;
+
+    lib->lock_holder = myid;
+
+    return pthread_mutex_unlock( &lib->lib_lock );
+}
+
+static int kdb_unlock_lib_lock( db_library lib, krb5_boolean exclusive )
+{
+    krb5_error_code retval = 0;
+
+    if( (retval = pthread_mutex_lock( &lib->lib_lock )) )
+       return retval;
+
+    lib->recursive_cnt--;
+    if( exclusive )
+       lib->excl--;
+
+    if( (retval = pthread_cond_broadcast( &lib->unlocked )) )
+       return retval;
+
+    return pthread_mutex_unlock( &lib->lib_lock );
+}
+
+#else  /* no PTHREAD */
+
+/* program is not using pthread. So, threads wont be there. No need to lock */
+#define kdb_lock_list() 0
+#define kdb_unlock_list() 0
+#define kdb_init_lib_lock(a) 0
+#define kdb_destroy_lib_lock(a) 0
+#define kdb_lock_lib_lock(a, b) 0
+#define kdb_unlock_lib_lock(a, b) 0
+
+#endif  /* end of HAVE_PTHREAD_H */
+
+
+static char * kdb_get_conf_section( krb5_context kcontext )
+{
+    krb5_error_code status = 0;
+    char *result = NULL;
+    char *value = NULL;
+
+    /* profile has to be initialized. If profile is not initialized, expect nothing less than a crash */
+    status = profile_get_string( kcontext->profile, KDB_REALM_SECTION,        /* realms */
+                                kcontext->default_realm, KDB_MODULE_POINTER, /* under the realm name, database_module */
+                                kcontext->default_realm,                     /* default value is the realm name itself */
+                                &value );
+
+    if( status )
+    {
+       /* some problem */
+       result = strdup( kcontext->default_realm );
+       /* let NULL be handled by the caller */
+    }
+    else
+    {
+       result = strdup( value );
+       /* free profile string */
+       profile_release_string( value );
+    }
+                                
+    return result; 
+}
+
+static char * kdb_get_library_name( krb5_context kcontext )
+{
+    krb5_error_code status = 0;
+    char *result = NULL;
+    char *value = NULL;
+    char *lib   = NULL;
+
+    status = profile_get_string( kcontext->profile, KDB_REALM_SECTION,        /* realms */
+                                kcontext->default_realm, KDB_MODULE_POINTER, /* under the realm name, database_module */
+                                kcontext->default_realm,                     /* default value is the realm name itself */
+                                &value );
+    if( status )
+    {
+       goto clean_n_exit;
+    }
+
+    /* we got the module section. Get the library name from the module */
+    status = profile_get_string( kcontext->profile, KDB_MODULE_SECTION,
+                                value, KDB_LIB_POINTER,
+                                "kdb_db2",                                  /* default to db2 */
+                                &lib );
+
+    if( status )
+    {
+       goto clean_n_exit;
+    }
+
+    result = strdup( lib );
+ clean_n_exit:
+    if( value )
+    {
+       /* free profile string */
+       profile_release_string( value );
+    }
+
+    if( lib )
+    {
+       /* free profile string */
+       profile_release_string( lib );
+    }
+
+    if( status )
+    {
+       /* any error default to db2 */
+       result = strdup( "kdb_db2" );
+    }
+    return result; 
+}
+
+static void kdb_setup_opt_functions ( db_library lib )
+{
+    if ( lib->vftabl.set_master_key == NULL )
+    {
+       lib->vftabl.set_master_key = kdb_def_set_mkey;
+    }
+
+    if ( lib->vftabl.get_master_key == NULL )
+    {
+       lib->vftabl.get_master_key = kdb_def_get_mkey;
+    }
+
+    if( lib->vftabl.fetch_master_key == NULL )
+    {
+       lib->vftabl.fetch_master_key = krb5_db_def_fetch_mkey;
+    }
+
+    if( lib->vftabl.verify_master_key == NULL )
+    {
+       lib->vftabl.verify_master_key = krb5_def_verify_master_key;
+    }
+
+    if( lib->vftabl.dbe_search_enctype == NULL )
+    {
+       lib->vftabl.dbe_search_enctype = krb5_dbe_def_search_enctype;
+    }
+
+    if( lib->vftabl.db_change_pwd == NULL )
+    {
+       lib->vftabl.db_change_pwd = krb5_dbe_def_cpw;
+    }
+
+    if( lib->vftabl.store_master_key == NULL )
+    {
+       lib->vftabl.store_master_key = krb5_def_store_mkey;
+    }
+}
+
+static int kdb_db2_pol_err_loaded = 0;
+#ifdef _KDB5_STATIC_LINK
+#define DEF_SYMBOL(a) extern kdb_vftabl krb5_db_vftabl_ ## a
+#define GET_SYMBOL(a) (krb5_db_vftabl_ ## a)
+static krb5_error_code kdb_load_library( krb5_context kcontext, char *lib_name, db_library *lib )
+{
+    krb5_error_code status;
+    void *vftabl_addr = NULL;
+    char buf[KRB5_MAX_ERR_STR];
+
+    if( !strcmp("kdb_db2", lib_name) && (kdb_db2_pol_err_loaded == 0) )
+    {
+       initialize_adb_error_table();
+       kdb_db2_pol_err_loaded = 1;
+    }
+
+    *lib = calloc( (size_t)1, sizeof(**lib));
+    if( *lib == NULL )
+    {
+       status = ENOMEM;
+       goto clean_n_exit;
+    }
+
+    status = kdb_init_lib_lock( *lib );
+    if( status )
+    {
+       goto clean_n_exit;
+    }
+
+    strcpy( (*lib)->name, lib_name );
+
+#if !defined(KDB5_USE_LIB_KDB_DB2) && !defined(KDB5_USE_LIB_TEST)
+#error No database module defined
+#endif
+
+#ifdef KDB5_USE_LIB_KDB_DB2
+    if( strcmp( lib_name, "kdb_db2" ) == 0 )
+    {
+       DEF_SYMBOL(kdb_db2);
+       vftabl_addr = (void*)& GET_SYMBOL(kdb_db2);
+    } 
+    else
+#endif
+#ifdef KDB5_USE_LIB_TEST
+    if( strcmp( lib_name, "test" ) == 0 )
+    {
+       DEF_SYMBOL(test);
+       vftabl_addr = (void*) &GET_SYMBOL(test);
+    } else
+#endif
+    {
+       sprintf( buf, "Program not built to support %s database type\n", lib_name );
+       status = -1;
+       krb5_db_set_err(kcontext, krb5_err_have_str, status, buf);
+       goto clean_n_exit;
+    }
+
+    memcpy( &(*lib)->vftabl, vftabl_addr, sizeof(kdb_vftabl));
+
+    kdb_setup_opt_functions( *lib );
+
+    if( (status=(*lib)->vftabl.init_library(krb5_set_err)) )
+    {
+       /* ERROR. library not initialized cleanly */
+       sprintf( buf, "%s library initialization failed, error code %ld\n", lib_name, status  );
+       status = -1;
+       krb5_db_set_err(kcontext, krb5_err_have_str, status, buf);
+       goto clean_n_exit;
+    }
+
+
+ clean_n_exit:
+    if( status )
+    {
+       free(*lib), *lib = NULL;
+    }
+    return status;
+}
+
+#else
+
+static char *db_dl_location[] = DEFAULT_KDB_LIB_PATH;
+
+static krb5_error_code kdb_load_library( krb5_context kcontext, char *lib_name, db_library *lib )
+{
+    krb5_error_code status = 0;
+    char dl_name[1024];
+    int ndx;
+    void *vftabl_addr;
+    char *err_str = NULL;
+
+    if( !strcmp("kdb_db2", lib_name) && (kdb_db2_pol_err_loaded == 0) )
+    {
+       initialize_adb_error_table();
+       kdb_db2_pol_err_loaded = 1;
+    }
+
+    *lib  = calloc( (size_t)1, sizeof(**lib));
+    if( *lib == NULL )
+    {
+       status = ENOMEM;
+       goto clean_n_exit;
+    }
+
+    status = kdb_init_lib_lock( *lib );
+    if( status )
+    {
+       goto clean_n_exit;
+    }
+
+    strcpy( (*lib)->name, lib_name );
+
+    for( ndx = 0; db_dl_location[ndx]; ndx++ )
+    {
+       sprintf(dl_name, "%s/lib%s.so", db_dl_location[ndx], lib_name);
+       (*lib)->dl_handle = dlopen( dl_name, RTLD_NOW );
+       if( (*lib)->dl_handle )
+       {
+           /* found the module */
+           sprintf( dl_name, "krb5_db_vftabl_%s", lib_name );
+
+           dlerror();
+           vftabl_addr = dlsym( (*lib)->dl_handle, dl_name );
+           if( vftabl_addr )
+           {
+               memcpy( &(*lib)->vftabl, vftabl_addr, sizeof(kdb_vftabl));
+
+               kdb_setup_opt_functions( *lib );
+
+               if( (status = (*lib)->vftabl.init_library(krb5_set_err)) )
+               {
+                   /* ERROR. library not initialized cleanly */
+                   goto clean_n_exit;
+                   
+               }
+           }
+           else
+           {
+               status = -1;
+               krb5_set_err(kcontext, krb5_err_have_str, status, dlerror());
+               goto clean_n_exit;
+           }
+           break;
+       }
+       else
+       {
+           /* set the error. Later if we find everything fine.. we will reset this */
+           err_str = dlerror();
+/*         fprintf(stderr, "Error loading library %s\n", t); */
+       }
+    }
+
+    if( ! (*lib)->dl_handle )
+    {
+       /* library not found in the given list. Error str is already set */
+       status = -1;
+       krb5_set_err(kcontext, krb5_err_have_str, status, err_str);
+       goto clean_n_exit;
+    }
+
+ clean_n_exit:
+    if( status )
+    {
+       if( *lib )
+       {
+           kdb_destroy_lib_lock( *lib );
+           if( (*lib)->dl_handle )
+           {
+               dlclose( (*lib)->dl_handle );
+           }
+           free(*lib);
+           *lib = NULL;
+       }
+    }
+    return status;
+}
+
+#endif /* end of _KDB5_STATIC_LINK */
+
+static krb5_error_code kdb_find_library( krb5_context kcontext, char *lib_name, db_library *lib)
+{
+    /* lock here so that no two threads try to do the same at the same time */
+    krb5_error_code status = 0;
+    int locked = 0;
+    db_library curr_elt, prev_elt = NULL;
+
+    if( (status = kdb_lock_list()) != 0 )
+    {
+       goto clean_n_exit;
+    }
+    locked = 1;
+
+    curr_elt = lib_list;
+    while ( curr_elt != NULL )
+    {
+       if( strcmp( lib_name, curr_elt->name ) == 0 )
+       {
+           *lib = curr_elt;
+           goto clean_n_exit;
+       }
+       prev_elt = curr_elt;
+       curr_elt = curr_elt->next;
+    }
+
+    /* module not found. create and add to list */
+    status = kdb_load_library( kcontext, lib_name, lib);
+    if( status )
+    {
+       goto clean_n_exit;
+    }
+
+    if( prev_elt )
+    {
+       /* prev_elt points to the last element in the list */
+       prev_elt->next = *lib;
+       (*lib)->prev   = prev_elt;
+    }
+    else
+    {
+       lib_list = *lib;
+    }
+
+ clean_n_exit:
+    if( *lib )
+    {
+       (*lib)->reference_cnt++;
+    }
+
+    if( locked )
+    {
+       kdb_unlock_list();
+    }
+
+    return status;
+}
+
+
+static krb5_error_code kdb_free_library( db_library lib)
+{
+    krb5_error_code status = 0;
+    int locked = 0;
+
+    if( (status = kdb_lock_list()) != 0 )
+    {
+       goto clean_n_exit;
+    }
+    locked = 1;
+
+    lib->reference_cnt--;
+
+    if( lib->reference_cnt == 0 )
+    {
+       status = lib->vftabl.fini_library();
+       if( status )
+       {
+           goto clean_n_exit;
+       }
+
+       /* close the library */
+       if( lib->dl_handle )
+       {
+           dlclose( lib->dl_handle );
+       }
+
+       kdb_destroy_lib_lock( lib );
+
+       if( lib->prev == NULL )
+       {
+           /* first element in the list */
+           lib_list = lib->next;
+       }
+       else
+       {
+           lib->prev->next = lib->next;
+       }
+
+       if( lib->next )
+       {
+           lib->next->prev = lib->prev;
+       }
+       free(lib);
+    }
+
+ clean_n_exit:
+    if( locked )
+    {
+       kdb_unlock_list();
+    }
+
+    return status;
+}
+
+static krb5_error_code kdb_setup_lib_handle( krb5_context kcontext )
+{
+    char *library = NULL;
+    krb5_error_code status = 0;
+    db_library lib = NULL;
+    kdb5_dal_handle *dal_handle = NULL;
+
+    dal_handle = calloc( (size_t)1, sizeof(kdb5_dal_handle) );
+    if( dal_handle == NULL )
+    {
+       status = ENOMEM;
+       goto clean_n_exit;
+    }
+
+    library = kdb_get_library_name( kcontext );
+    if( library == NULL )
+    {
+       status = -1; 
+       goto clean_n_exit;
+    }
+
+    status = kdb_find_library( kcontext, library, &lib );
+    if( status )
+    {
+       goto clean_n_exit;
+    }
+
+    dal_handle->lib_handle = lib;
+    kcontext->db_context = (void *) dal_handle;
+
+ clean_n_exit:
+    free(library);
+
+    if( status )
+    {
+       free( dal_handle );
+       if( lib )
+       {
+           kdb_free_library( lib );
+       }
+    }
+
+    return status;
+}
+
+
+static krb5_error_code kdb_free_lib_handle( krb5_context kcontext )
+{
+    krb5_error_code status = 0;
+
+    status = kdb_free_library( ((kdb5_dal_handle *)kcontext->db_context)->lib_handle );
+    if( status )
+    {
+       goto clean_n_exit;
+    }
+
+    free( kcontext->db_context );
+    kcontext->db_context = NULL;
+
+ clean_n_exit:
+    return status;
+}
+
+/*
+ *      External functions... DAL API
+ */
+void krb5_db_clr_error()
+{
+    krb5_clr_error();
+}
+
+krb5_error_code krb5_db_open( krb5_context kcontext, char **db_args, int mode )
+{
+    krb5_error_code status = 0;
+    char *section = NULL;
+    kdb5_dal_handle *dal_handle;
+    char buf[KRB5_MAX_ERR_STR];
+
+    section = kdb_get_conf_section( kcontext );
+    if( section == NULL )
+    {
+       sprintf( buf, "unable to determine configuration section for realm %s\n", kcontext->default_realm  );
+       status = -1;
+       krb5_set_err(kcontext, krb5_err_have_str, status, buf);
+       goto clean_n_exit;
+    }
+
+    if( kcontext->db_context == NULL )
+    {
+       status = kdb_setup_lib_handle( kcontext );
+       if( status )
+       {
+           goto clean_n_exit;
+       }
+    }
+
+    dal_handle = (kdb5_dal_handle *) kcontext->db_context;
+    status  = kdb_lock_lib_lock( dal_handle->lib_handle, FALSE );
+    if( status )
+    {
+       goto clean_n_exit;
+    }
+
+    status = dal_handle->lib_handle->vftabl.init_module(kcontext, section, db_args, mode );
+
+    kdb_unlock_lib_lock( dal_handle->lib_handle, FALSE );
+
+ clean_n_exit:
+    if( section )
+      free(section);
+    return status;
+}
+
+const char * krb5_db_errcode2string ( krb5_context kcontext, long err_code )
+{
+    const char *err_str = NULL;
+    krb5_error_code status = 0;
+    kdb5_dal_handle *dal_handle;
+
+    if( kcontext->db_context == NULL )
+    {
+       status = kdb_setup_lib_handle( kcontext );
+       if( status )
+       {
+           goto clean_n_exit;
+       }
+    }
+
+    dal_handle = (kdb5_dal_handle *) kcontext->db_context;
+    status  = kdb_lock_lib_lock( dal_handle->lib_handle, FALSE );
+    if( status )
+    {
+       goto clean_n_exit;
+    }
+
+    err_str = dal_handle->lib_handle->vftabl.errcode_2_string(kcontext, err_code );
+    kdb_unlock_lib_lock( dal_handle->lib_handle, FALSE );
+
+ clean_n_exit:
+    return err_str;
+}
+
+
+krb5_error_code krb5_db_inited  ( krb5_context kcontext )
+{
+    return !(kcontext && kcontext->db_context && 
+            ((kdb5_dal_handle*)kcontext->db_context)->db_context);
+}
+
+krb5_error_code krb5_db_create ( krb5_context kcontext, char **db_args )
+{
+    krb5_error_code status = 0;
+    char *section = NULL;
+    kdb5_dal_handle *dal_handle;
+    char buf[KRB5_MAX_ERR_STR];
+
+    section = kdb_get_conf_section( kcontext );
+    if( section == NULL )
+    {
+       sprintf( buf, "unable to determine configuration section for realm %s\n", kcontext->default_realm  );
+       status = -1;
+       krb5_set_err(kcontext, krb5_err_have_str, status, buf);
+       goto clean_n_exit;
+    }
+
+    if( kcontext->db_context == NULL )
+    {
+       status = kdb_setup_lib_handle( kcontext );
+       if( status )
+       {
+           goto clean_n_exit;
+       }
+    }
+
+    dal_handle = (kdb5_dal_handle *) kcontext->db_context;
+    status  = kdb_lock_lib_lock( dal_handle->lib_handle, FALSE );
+    if( status )
+    {
+       goto clean_n_exit;
+    }
+
+    status = dal_handle->lib_handle->vftabl.db_create(kcontext, section, db_args );
+
+    kdb_unlock_lib_lock( dal_handle->lib_handle, FALSE );
+
+ clean_n_exit:
+    if( section )
+      free(section);
+    return status;
+}
+
+krb5_error_code krb5_db_fini ( krb5_context kcontext )
+{
+    krb5_error_code status = 0;
+    kdb5_dal_handle *dal_handle;
+
+    if( kcontext->db_context == NULL )
+    {
+       /* module not loaded. So nothing to be done */
+       goto clean_n_exit;
+    }
+
+    dal_handle = (kdb5_dal_handle *) kcontext->db_context;
+    status  = kdb_lock_lib_lock( dal_handle->lib_handle, FALSE );
+    if( status )
+    {
+       goto clean_n_exit;
+    }
+
+    status = dal_handle->lib_handle->vftabl.fini_module( kcontext );
+
+    kdb_unlock_lib_lock( dal_handle->lib_handle, FALSE );
+
+    if( status )
+    {
+       goto clean_n_exit;
+    }
+
+    status = kdb_free_lib_handle( kcontext );
+
+ clean_n_exit:
+    return status;
+}
+
+
+krb5_error_code krb5_db_destroy ( krb5_context kcontext, char **db_args )
+{
+    krb5_error_code status = 0;
+    char      * section = NULL;
+    kdb5_dal_handle *dal_handle;
+    char buf[KRB5_MAX_ERR_STR];
+
+    section = kdb_get_conf_section( kcontext );
+    if( section == NULL )
+    {
+       sprintf( buf, "unable to determine configuration section for realm %s\n", kcontext->default_realm  );
+       status = -1;
+       krb5_set_err(kcontext, krb5_err_have_str, status, buf);
+       goto clean_n_exit;
+    }
+
+    if( kcontext->db_context == NULL )
+    {
+       status = kdb_setup_lib_handle( kcontext );
+       if( status )
+       {
+           goto clean_n_exit;
+       }
+    }
+
+    dal_handle = (kdb5_dal_handle *) kcontext->db_context;
+    status  = kdb_lock_lib_lock( dal_handle->lib_handle, FALSE );
+    if( status )
+    {
+       goto clean_n_exit;
+    }
+
+    status = dal_handle->lib_handle->vftabl.db_destroy(kcontext, section, db_args );
+    kdb_unlock_lib_lock( dal_handle->lib_handle, FALSE );
+
+ clean_n_exit:
+    if( section )
+      free(section);
+    return status;
+}
+
+krb5_error_code krb5_db_get_age ( krb5_context kcontext, char *db_name, time_t *t )
+{
+    krb5_error_code status = 0;
+    kdb5_dal_handle *dal_handle;
+
+    if( kcontext->db_context == NULL )
+    {
+       status = kdb_setup_lib_handle( kcontext );
+       if( status )
+       {
+           goto clean_n_exit;
+       }
+    }
+
+    dal_handle = (kdb5_dal_handle *) kcontext->db_context;
+    status  = kdb_lock_lib_lock( dal_handle->lib_handle, FALSE );
+    if( status )
+    {
+       goto clean_n_exit;
+    }
+
+    status = dal_handle->lib_handle->vftabl.db_get_age(kcontext, db_name, t );
+    kdb_unlock_lib_lock( dal_handle->lib_handle, FALSE );
+
+ clean_n_exit:
+    return status;
+}
+
+krb5_error_code krb5_db_set_option ( krb5_context kcontext, int option, void *value )
+{
+    krb5_error_code status = 0;
+    kdb5_dal_handle *dal_handle;
+
+    if( kcontext->db_context == NULL )
+    {
+       status = kdb_setup_lib_handle( kcontext );
+       if( status )
+       {
+           goto clean_n_exit;
+       }
+    }
+
+    dal_handle = (kdb5_dal_handle *) kcontext->db_context;
+    status  = kdb_lock_lib_lock( dal_handle->lib_handle, FALSE );
+    if( status )
+    {
+       goto clean_n_exit;
+    }
+
+    status = dal_handle->lib_handle->vftabl.db_set_option(kcontext, option, value );
+    kdb_unlock_lib_lock( dal_handle->lib_handle, FALSE );
+
+ clean_n_exit:
+    return status;
+}
+
+krb5_error_code krb5_db_lock ( krb5_context kcontext, int lock_mode )
+{
+    krb5_error_code status = 0;
+    kdb5_dal_handle *dal_handle;
+
+    if( kcontext->db_context == NULL )
+    {
+       status = kdb_setup_lib_handle( kcontext );
+       if( status )
+       {
+           goto clean_n_exit;
+       }
+    }
+
+    dal_handle = (kdb5_dal_handle *) kcontext->db_context;
+    /* acquire an exclusive lock, ensures no other thread uses this context */
+    status  = kdb_lock_lib_lock( dal_handle->lib_handle, TRUE );
+    if( status )
+    {
+       goto clean_n_exit;
+    }
+
+    status = dal_handle->lib_handle->vftabl.db_lock(kcontext, lock_mode );
+
+    /* exclusive lock is still held, so no other thread could use this context */
+    kdb_unlock_lib_lock( dal_handle->lib_handle, FALSE );
+
+ clean_n_exit:
+    return status;
+}
+
+krb5_error_code krb5_db_unlock ( krb5_context kcontext )
+{
+    krb5_error_code status = 0;
+    kdb5_dal_handle *dal_handle;
+
+    if( kcontext->db_context == NULL )
+    {
+       status = kdb_setup_lib_handle( kcontext );
+       if( status )
+       {
+           goto clean_n_exit;
+       }
+    }
+
+    dal_handle = (kdb5_dal_handle *) kcontext->db_context;
+    /* normal lock acquired and exclusive lock released */
+    status  = kdb_lock_lib_lock( dal_handle->lib_handle, FALSE );
+    if( status )
+    {
+       goto clean_n_exit;
+    }
+
+    status = dal_handle->lib_handle->vftabl.db_unlock( kcontext );
+
+    kdb_unlock_lib_lock( dal_handle->lib_handle, TRUE );
+
+ clean_n_exit:
+    return status;
+}
+
+krb5_error_code krb5_db_get_principal ( krb5_context kcontext,
+                                       krb5_const_principal search_for,
+                                       krb5_db_entry *entries,
+                                       int *nentries,
+                                       krb5_boolean *more )
+{
+    krb5_error_code status = 0;
+    kdb5_dal_handle *dal_handle;
+
+    if( kcontext->db_context == NULL )
+    {
+       status = kdb_setup_lib_handle( kcontext );
+       if( status )
+       {
+           goto clean_n_exit;
+       }
+    }
+
+    dal_handle = (kdb5_dal_handle *) kcontext->db_context;
+    status  = kdb_lock_lib_lock( dal_handle->lib_handle, FALSE );
+    if( status )
+    {
+       goto clean_n_exit;
+    }
+
+    status = dal_handle->lib_handle->vftabl.db_get_principal(kcontext, search_for, 
+                                                            entries, nentries, more);
+    kdb_unlock_lib_lock( dal_handle->lib_handle, FALSE );
+
+ clean_n_exit:
+    return status;
+}
+
+krb5_error_code krb5_db_free_principal ( krb5_context kcontext,
+                                        krb5_db_entry *entry,
+                                        int count )
+{
+    krb5_error_code status = 0;
+    kdb5_dal_handle *dal_handle;
+
+    if( kcontext->db_context == NULL )
+    {
+       status = kdb_setup_lib_handle( kcontext );
+       if( status )
+       {
+           goto clean_n_exit;
+       }
+    }
+
+    dal_handle = (kdb5_dal_handle *) kcontext->db_context;
+    status  = kdb_lock_lib_lock( dal_handle->lib_handle, FALSE );
+    if( status )
+    {
+       goto clean_n_exit;
+    }
+
+    status = dal_handle->lib_handle->vftabl.db_free_principal( kcontext, entry, count );
+    kdb_unlock_lib_lock( dal_handle->lib_handle, FALSE );
+
+ clean_n_exit:
+    return status;
+}
+
+
+krb5_error_code krb5_db_put_principal ( krb5_context kcontext,
+                                       krb5_db_entry *entries,
+                                       int *nentries )
+{
+    krb5_error_code status = 0;
+    kdb5_dal_handle *dal_handle;
+    char **db_args = NULL;
+    krb5_tl_data *prev, *curr, *next;
+    int db_args_size = 0;
+
+    if( kcontext->db_context == NULL )
+    {
+       status = kdb_setup_lib_handle( kcontext );
+       if( status )
+       {
+           goto clean_n_exit;
+       }
+    }
+
+    /* Giving db_args as part of tl data causes, db2 to store the tl_data as such.
+       To prevent this, tl_data is collated and passed as a sepearte argument. Currently supports only one principal.
+       but passing it as a seperate argument makes it difficult for kadmin remote to pass arguments to server */
+    prev=NULL, curr=entries->tl_data; 
+    while(curr)
+    {
+       if( curr->tl_data_type == KRB5_TL_DB_ARGS )
+       {
+           char **t;
+           /* since this is expected to be NULL terminated string and this could come from any client, do a check 
+              before passing it to db. */
+           if( ((char*) curr->tl_data_contents)[curr->tl_data_length-1] != '\0' )
+           {
+               /* not null terminated. Dangerous input */
+               status = EINVAL;
+               goto clean_n_exit;
+           }
+
+           db_args_size++;
+           t = realloc( db_args, sizeof(char*) * (db_args_size+1)); /* 1 for NULL */
+           if( t == NULL )
+           {
+               status = ENOMEM;
+               goto clean_n_exit;
+           }
+
+           db_args = t;
+           db_args[db_args_size-1] = (char*)curr->tl_data_contents;
+           db_args[db_args_size] = NULL;
+
+           next = curr->tl_data_next;
+           if( prev == NULL )
+           {
+               /* current node is the first in the linked list. remove it */
+               entries->tl_data = curr->tl_data_next;
+           }
+           else
+           {
+               prev->tl_data_next = curr->tl_data_next;
+           }
+           entries->n_tl_data--;
+           krb5_db_free( kcontext, curr );
+
+           /* previous does not change */
+           curr = next;
+       }
+       else
+       {
+           prev = curr;
+           curr = curr->tl_data_next;
+       }
+    }
+
+    dal_handle = (kdb5_dal_handle *) kcontext->db_context;
+    status  = kdb_lock_lib_lock( dal_handle->lib_handle, FALSE );
+    if( status )
+    {
+       goto clean_n_exit;
+    }
+
+    status = dal_handle->lib_handle->vftabl.db_put_principal( kcontext, entries, 
+                                                             nentries, db_args );
+    kdb_unlock_lib_lock( dal_handle->lib_handle, FALSE );
+
+ clean_n_exit:
+    while( db_args_size )
+    {
+       if( db_args[db_args_size-1] )
+           krb5_db_free(kcontext, db_args[db_args_size-1]);
+
+       db_args_size--;
+    }
+
+    if( db_args )
+       free(db_args);
+
+    return status;
+}
+
+krb5_error_code krb5_db_delete_principal ( krb5_context kcontext,
+                                          krb5_principal search_for,
+                                          int *nentries )
+{
+    krb5_error_code status = 0;
+    kdb5_dal_handle *dal_handle;
+
+    if( kcontext->db_context == NULL )
+    {
+       status = kdb_setup_lib_handle( kcontext );
+       if( status )
+       {
+           goto clean_n_exit;
+       }
+    }
+
+    dal_handle = (kdb5_dal_handle *) kcontext->db_context;
+    status  = kdb_lock_lib_lock( dal_handle->lib_handle, FALSE );
+    if( status )
+    {
+       goto clean_n_exit;
+    }
+
+    status = dal_handle->lib_handle->vftabl.db_delete_principal( kcontext, search_for, nentries );
+    kdb_unlock_lib_lock( dal_handle->lib_handle, FALSE );
+
+ clean_n_exit:
+    return status;
+}
+
+krb5_error_code krb5_db_iterate ( krb5_context kcontext,
+                                 char *match_entry,
+                                 int (*func) (krb5_pointer, krb5_db_entry *),
+                                 krb5_pointer func_arg )
+{
+    krb5_error_code status = 0;
+    kdb5_dal_handle *dal_handle;
+
+    if( kcontext->db_context == NULL )
+    {
+       status = kdb_setup_lib_handle( kcontext );
+       if( status )
+       {
+           goto clean_n_exit;
+       }
+    }
+
+    dal_handle = (kdb5_dal_handle *) kcontext->db_context;
+    status  = kdb_lock_lib_lock( dal_handle->lib_handle, FALSE );
+    if( status )
+    {
+       goto clean_n_exit;
+    }
+
+    status = dal_handle->lib_handle->vftabl.db_iterate( kcontext,
+                                                       match_entry,
+                                                       func,
+                                                       func_arg );
+    kdb_unlock_lib_lock( dal_handle->lib_handle, FALSE );
+
+ clean_n_exit:
+    return status;
+}
+
+krb5_error_code krb5_supported_realms ( krb5_context kcontext,
+                                       char **realms )
+{
+    krb5_error_code status = 0;
+    kdb5_dal_handle *dal_handle;
+
+    if( kcontext->db_context == NULL )
+    {
+       status = kdb_setup_lib_handle( kcontext );
+       if( status )
+       {
+           goto clean_n_exit;
+       }
+    }
+
+    dal_handle = (kdb5_dal_handle *) kcontext->db_context;
+    status  = kdb_lock_lib_lock( dal_handle->lib_handle, FALSE );
+    if( status )
+    {
+       goto clean_n_exit;
+    }
+
+    status = dal_handle->lib_handle->vftabl.db_supported_realms( kcontext, realms );
+    kdb_unlock_lib_lock( dal_handle->lib_handle, FALSE );
+
+ clean_n_exit:
+    return status;
+}
+
+krb5_error_code krb5_free_supported_realms ( krb5_context kcontext,
+                                            char **realms )
+{
+    krb5_error_code status = 0;
+    kdb5_dal_handle *dal_handle;
+
+    if( kcontext->db_context == NULL )
+    {
+       status = kdb_setup_lib_handle( kcontext );
+       if( status )
+       {
+           goto clean_n_exit;
+       }
+    }
+
+    dal_handle = (kdb5_dal_handle *) kcontext->db_context;
+    status  = kdb_lock_lib_lock( dal_handle->lib_handle, FALSE );
+    if( status )
+    {
+       goto clean_n_exit;
+    }
+
+    status = dal_handle->lib_handle->vftabl.db_free_supported_realms( kcontext, realms );
+    kdb_unlock_lib_lock( dal_handle->lib_handle, FALSE );
+
+ clean_n_exit:
+    return status;
+}
+
+krb5_error_code krb5_db_set_master_key_ext ( krb5_context kcontext,
+                                            char *pwd,
+                                            krb5_keyblock *key )
+{
+    krb5_error_code status = 0;
+    kdb5_dal_handle *dal_handle;
+
+    if( kcontext->db_context == NULL )
+    {
+       status = kdb_setup_lib_handle( kcontext );
+       if( status )
+       {
+           goto clean_n_exit;
+       }
+    }
+
+    dal_handle = (kdb5_dal_handle *) kcontext->db_context;
+    status  = kdb_lock_lib_lock( dal_handle->lib_handle, FALSE );
+    if( status )
+    {
+       goto clean_n_exit;
+    }
+
+    status = dal_handle->lib_handle->vftabl.set_master_key( kcontext,
+                                                           pwd,
+                                                           key );
+
+    kdb_unlock_lib_lock( dal_handle->lib_handle, FALSE );
+
+
+ clean_n_exit:
+    return status;
+}
+
+krb5_error_code krb5_db_set_mkey ( krb5_context context, 
+                                  krb5_keyblock *key)
+{
+    return krb5_db_set_master_key_ext ( context, NULL, key );
+}
+
+
+krb5_error_code krb5_db_get_mkey ( krb5_context kcontext,
+                               krb5_keyblock **key )
+{
+    krb5_error_code status = 0;
+    kdb5_dal_handle *dal_handle;
+
+    if( kcontext->db_context == NULL )
+    {
+       status = kdb_setup_lib_handle( kcontext );
+       if( status )
+       {
+           goto clean_n_exit;
+       }
+    }
+
+    dal_handle = (kdb5_dal_handle *) kcontext->db_context;
+    status  = kdb_lock_lib_lock( dal_handle->lib_handle, FALSE );
+    if( status )
+    {
+       goto clean_n_exit;
+    }
+
+    /* lets use temp key and copy it later to avoid memory problems when freed by the caller */
+    status = dal_handle->lib_handle->vftabl.get_master_key( kcontext,
+                                                           key );
+    kdb_unlock_lib_lock( dal_handle->lib_handle, FALSE );
+
+ clean_n_exit:
+    return status;
+}
+
+krb5_error_code krb5_db_store_master_key  ( krb5_context kcontext, 
+                                           char *db_arg, 
+                                           krb5_principal mname,
+                                           krb5_keyblock *key,
+                                           char *master_pwd)
+{
+    krb5_error_code status = 0;
+    kdb5_dal_handle *dal_handle;
+
+    if( kcontext->db_context == NULL )
+    {
+       status = kdb_setup_lib_handle( kcontext );
+       if( status )
+       {
+           goto clean_n_exit;
+       }
+    }
+
+    dal_handle = (kdb5_dal_handle *) kcontext->db_context;
+    status  = kdb_lock_lib_lock( dal_handle->lib_handle, FALSE );
+    if( status )
+    {
+       goto clean_n_exit;
+    }
+
+    status = dal_handle->lib_handle->vftabl.store_master_key( kcontext,
+                                                             db_arg,
+                                                             mname,
+                                                             key,
+                                                             master_pwd);
+    kdb_unlock_lib_lock( dal_handle->lib_handle, FALSE );
+
+ clean_n_exit:
+    return status;
+}
+
+
+char *krb5_mkey_pwd_prompt1 = KRB5_KDC_MKEY_1;
+char *krb5_mkey_pwd_prompt2 = KRB5_KDC_MKEY_2;
+
+
+krb5_error_code krb5_db_fetch_mkey  ( krb5_context   context,
+                                     krb5_principal mname,
+                                     krb5_enctype   etype,
+                                     krb5_boolean   fromkeyboard,
+                                     krb5_boolean   twice,
+                                     char          *db_args,
+                                     krb5_data     *salt,
+                                     krb5_keyblock *key)
+{
+    krb5_error_code retval;
+    char password[BUFSIZ];
+    krb5_data pwd;
+    unsigned int size = sizeof(password);
+    int kvno;
+    krb5_keyblock tmp_key;
+
+    memset( &tmp_key, 0, sizeof(tmp_key) );
+
+    if (fromkeyboard) {
+       krb5_data scratch;
+
+       if ((retval = krb5_read_password(context, krb5_mkey_pwd_prompt1,
+                                        twice ? krb5_mkey_pwd_prompt2 : 0,
+                                        password, &size)))
+       {
+           goto clean_n_exit;
+       }
+
+       pwd.data = password;
+       pwd.length = size;
+       if (!salt) {
+               retval = krb5_principal2salt(context, mname, &scratch);
+               if (retval)
+                   goto clean_n_exit;
+       }
+       retval = krb5_c_string_to_key(context, etype, &pwd, salt?salt:&scratch,
+                                     key);
+
+       if (!salt)
+               krb5_xfree(scratch.data);
+       memset(password, 0, sizeof(password)); /* erase it */
+
+    } else {
+       kdb5_dal_handle *dal_handle;
+
+       if( context->db_context == NULL )
+       {
+           retval = kdb_setup_lib_handle( context );
+           if( retval )
+           {
+               goto clean_n_exit;
+           }
+       }
+
+       dal_handle = (kdb5_dal_handle *) context->db_context;
+       retval  = kdb_lock_lib_lock( dal_handle->lib_handle, FALSE );
+       if( retval )
+       {
+           goto clean_n_exit;
+       }
+
+       tmp_key.enctype = key->enctype;
+       retval = dal_handle->lib_handle->vftabl.fetch_master_key( context,
+                                                                 mname,
+                                                                 &tmp_key,
+                                                                 &kvno,
+                                                                 db_args);
+       kdb_unlock_lib_lock( dal_handle->lib_handle, FALSE );
+
+       if( retval )
+       {
+           goto clean_n_exit;
+       }
+
+       key->contents = malloc( tmp_key.length );
+       if( key->contents == NULL )
+       {
+           retval = ENOMEM;
+           goto clean_n_exit;
+       }
+
+       key->magic = tmp_key.magic;
+       key->enctype = tmp_key.enctype;
+       key->length  = tmp_key.length;
+       memcpy(key->contents, tmp_key.contents, tmp_key.length);
+    }
+
+ clean_n_exit:
+    if( tmp_key.contents )
+    {
+       memset( tmp_key.contents, 0, tmp_key.length );
+       krb5_db_free( context, tmp_key.contents );
+    }
+    return retval;
+}
+
+
+krb5_error_code krb5_db_verify_master_key ( krb5_context kcontext,
+                                           krb5_principal mprinc,
+                                           krb5_keyblock *mkey )
+{
+    krb5_error_code status = 0;
+    kdb5_dal_handle *dal_handle;
+
+    if( kcontext->db_context == NULL )
+    {
+       status = kdb_setup_lib_handle( kcontext );
+       if( status )
+       {
+           goto clean_n_exit;
+       }
+    }
+
+    dal_handle = (kdb5_dal_handle *) kcontext->db_context;
+    status  = kdb_lock_lib_lock( dal_handle->lib_handle, FALSE );
+    if( status )
+    {
+       goto clean_n_exit;
+    }
+
+    status = dal_handle->lib_handle->vftabl.verify_master_key( kcontext,
+                                                              mprinc,
+                                                              mkey );
+    kdb_unlock_lib_lock( dal_handle->lib_handle, FALSE );
+
+ clean_n_exit:
+    return status;
+}
+
+
+void *krb5_db_alloc( krb5_context kcontext,
+                    void *ptr,
+                    size_t size )
+{
+    krb5_error_code status;
+    kdb5_dal_handle *dal_handle;
+    void *new_ptr = NULL;
+
+    if( kcontext->db_context == NULL )
+    {
+       status = kdb_setup_lib_handle( kcontext );
+       if( status )
+       {
+           goto clean_n_exit;
+       }
+    }
+
+    dal_handle = (kdb5_dal_handle *) kcontext->db_context;
+
+    new_ptr = dal_handle->lib_handle->vftabl.db_alloc( kcontext,
+                                                      ptr,
+                                                      size );
+
+ clean_n_exit:
+    return new_ptr;
+}
+
+void krb5_db_free( krb5_context kcontext,
+                   void *ptr)
+{
+    krb5_error_code status;
+    kdb5_dal_handle *dal_handle;
+
+    if( kcontext->db_context == NULL )
+    {
+       status = kdb_setup_lib_handle( kcontext );
+       if( status )
+       {
+           goto clean_n_exit;
+       }
+    }
+
+    dal_handle = (kdb5_dal_handle *) kcontext->db_context;
+
+    dal_handle->lib_handle->vftabl.db_free( kcontext,
+                                           ptr );
+
+ clean_n_exit:
+    return;
+}
+
+/* has to be modified */
+
+krb5_error_code
+krb5_dbe_find_enctype( krb5_context    kcontext,
+                      krb5_db_entry    *dbentp,
+                      krb5_int32               ktype,
+                      krb5_int32               stype,
+                      krb5_int32               kvno,
+                      krb5_key_data    **kdatap)
+{
+    krb5_int32 start = 0;
+    return krb5_dbe_search_enctype( kcontext, dbentp, &start, ktype, stype, kvno, kdatap );
+}
+
+
+krb5_error_code krb5_dbe_search_enctype ( krb5_context kcontext, 
+                                         krb5_db_entry *dbentp, 
+                                         krb5_int32 *start, 
+                                         krb5_int32 ktype, 
+                                         krb5_int32 stype, 
+                                         krb5_int32 kvno, 
+                                         krb5_key_data **kdatap)
+{
+    krb5_error_code status = 0;
+    kdb5_dal_handle *dal_handle;
+
+    if( kcontext->db_context == NULL )
+    {
+       status = kdb_setup_lib_handle( kcontext );
+       if( status )
+       {
+           goto clean_n_exit;
+       }
+    }
+
+    dal_handle = (kdb5_dal_handle *) kcontext->db_context;
+    status  = kdb_lock_lib_lock( dal_handle->lib_handle, FALSE );
+    if( status )
+    {
+       goto clean_n_exit;
+    }
+
+    status = dal_handle->lib_handle->vftabl.dbe_search_enctype( kcontext,
+                                                               dbentp,
+                                                               start,
+                                                               ktype,
+                                                               stype,
+                                                               kvno,
+                                                               kdatap );
+    kdb_unlock_lib_lock( dal_handle->lib_handle, FALSE );
+
+ clean_n_exit:
+    return status;
+}
+
+
+#define        REALM_SEP_STRING        "@"
+
+krb5_error_code
+krb5_db_setup_mkey_name ( krb5_context context,
+                         const char *keyname,
+                         const char *realm,
+                         char **fullname,
+                         krb5_principal *principal)
+{
+    krb5_error_code retval;
+    size_t keylen;
+    size_t rlen = strlen(realm);
+    char *fname;
+    
+    if (!keyname)
+       keyname = KRB5_KDB_M_NAME;      /* XXX external? */
+
+    keylen = strlen(keyname);
+        
+    fname = malloc(keylen+rlen+strlen(REALM_SEP_STRING)+1);
+    if (!fname)
+       return ENOMEM;
+
+    strcpy(fname, keyname);
+    strcat(fname, REALM_SEP_STRING);
+    strcat(fname, realm);
+
+    if ((retval = krb5_parse_name(context, fname, principal)))
+       return retval;
+    if (fullname)
+       *fullname = fname;
+    else
+       free(fname);
+    return 0;
+}
+
+
+
+                                                                                                                            
+krb5_error_code
+krb5_dbe_lookup_last_pwd_change(context, entry, stamp)
+    krb5_context          context;
+    krb5_db_entry       * entry;
+    krb5_timestamp      * stamp;
+{
+    krb5_tl_data        tl_data;
+    krb5_error_code     code;
+    krb5_int32          tmp;
+
+    tl_data.tl_data_type = KRB5_TL_LAST_PWD_CHANGE;
+
+    if ((code = krb5_dbe_lookup_tl_data(context, entry, &tl_data)))
+        return(code);
+
+    if (tl_data.tl_data_length != 4) {
+        *stamp = 0;
+        return(0);
+    }
+
+    krb5_kdb_decode_int32(tl_data.tl_data_contents, tmp);
+
+    *stamp = (krb5_timestamp) tmp;
+
+    return(0);
+}
+
+krb5_error_code
+krb5_dbe_lookup_tl_data(context, entry, ret_tl_data)
+    krb5_context          context;
+    krb5_db_entry       * entry;
+    krb5_tl_data        * ret_tl_data;
+{
+    krb5_tl_data *tl_data;
+
+    for (tl_data = entry->tl_data; tl_data; tl_data = tl_data->tl_data_next) {
+        if (tl_data->tl_data_type == ret_tl_data->tl_data_type) {
+            *ret_tl_data = *tl_data;
+            return(0);
+        }
+    }
+
+    /* if the requested record isn't found, return zero bytes.
+       if it ever means something to have a zero-length tl_data,
+       this code and its callers will have to be changed */
+
+    ret_tl_data->tl_data_length = 0;
+    ret_tl_data->tl_data_contents = NULL;
+    return(0);
+}
+
+krb5_error_code
+krb5_dbe_create_key_data(context, entry)
+    krb5_context          context;
+    krb5_db_entry       * entry;
+{
+    if ((entry->key_data =
+         (krb5_key_data *) krb5_db_alloc(context, entry->key_data,
+                                        (sizeof(krb5_key_data)*
+                                         (entry->n_key_data + 1)))) == NULL)
+        return(ENOMEM);
+                                                                                                                            
+                                                                                                                            
+    memset(entry->key_data + entry->n_key_data, 0, sizeof(krb5_key_data));
+    entry->n_key_data++;
+                                                                                                                            
+    return 0;
+}
+                                                                                                                            
+krb5_error_code
+krb5_dbe_update_mod_princ_data(context, entry, mod_date, mod_princ)
+    krb5_context          context;
+    krb5_db_entry       * entry;
+    krb5_timestamp        mod_date;
+    krb5_const_principal  mod_princ;
+{
+    krb5_tl_data          tl_data;
+                                                                                                                            
+    krb5_error_code       retval = 0;
+    krb5_octet          * nextloc = 0;
+    char                * unparse_mod_princ = 0;
+    unsigned int        unparse_mod_princ_size;
+                                                                                                                            
+    if ((retval = krb5_unparse_name(context, mod_princ,
+                                    &unparse_mod_princ)))
+        return(retval);
+                                                                                                                            
+    unparse_mod_princ_size = strlen(unparse_mod_princ) + 1;
+                                                                                                                            
+    if ((nextloc = (krb5_octet *) malloc(unparse_mod_princ_size + 4))
+        == NULL) {
+        free(unparse_mod_princ);
+        return(ENOMEM);
+    }
+                                                                                                                            
+    tl_data.tl_data_type = KRB5_TL_MOD_PRINC;
+    tl_data.tl_data_length = unparse_mod_princ_size + 4;
+    tl_data.tl_data_contents = nextloc;
+                                                                                                                            
+    /* Mod Date */
+    krb5_kdb_encode_int32(mod_date, nextloc);
+                                                                                                                                          
+    /* Mod Princ */
+    memcpy(nextloc+4, unparse_mod_princ, unparse_mod_princ_size);
+                                                                                                                            
+    retval = krb5_dbe_update_tl_data(context, entry, &tl_data);
+                                                                                                                            
+    free(unparse_mod_princ);
+    free(nextloc);
+                                                                                                                            
+    return(retval);
+}
+                                                                                                                            
+krb5_error_code
+krb5_dbe_lookup_mod_princ_data(context, entry, mod_time, mod_princ)
+    krb5_context          context;
+    krb5_db_entry       * entry;
+    krb5_timestamp      * mod_time;
+    krb5_principal      * mod_princ;
+{
+    krb5_tl_data        tl_data;
+    krb5_error_code     code;
+                                                                                                                            
+    tl_data.tl_data_type = KRB5_TL_MOD_PRINC;
+                                                                                                                            
+    if ((code = krb5_dbe_lookup_tl_data(context, entry, &tl_data)))
+        return(code);
+                                                                                                                            
+    if ((tl_data.tl_data_length < 5) ||
+        (tl_data.tl_data_contents[tl_data.tl_data_length-1] != '\0'))
+        return(KRB5_KDB_TRUNCATED_RECORD);
+                                                                                                                            
+    /* Mod Date */
+    krb5_kdb_decode_int32(tl_data.tl_data_contents, *mod_time);
+                                                                                                                            
+    /* Mod Princ */
+    if ((code = krb5_parse_name(context,
+                                (const char *) (tl_data.tl_data_contents+4),
+                                mod_princ)))
+        return(code);
+                                                                                                                            
+    return(0);
+}
+
+
+krb5_error_code
+krb5_dbe_update_last_pwd_change(context, entry, stamp)
+    krb5_context          context;
+    krb5_db_entry       * entry;
+    krb5_timestamp       stamp;
+{
+    krb5_tl_data        tl_data;
+    krb5_octet          buf[4]; /* this is the encoded size of an int32 */
+
+    tl_data.tl_data_type = KRB5_TL_LAST_PWD_CHANGE;
+    tl_data.tl_data_length = sizeof(buf); 
+    krb5_kdb_encode_int32((krb5_int32) stamp, buf);
+    tl_data.tl_data_contents = buf;
+
+    return(krb5_dbe_update_tl_data(context, entry, &tl_data));
+}
+
+
+krb5_error_code
+krb5_dbe_update_tl_data(context, entry, new_tl_data)
+    krb5_context          context;
+    krb5_db_entry       * entry;
+    krb5_tl_data        * new_tl_data;
+{
+    krb5_tl_data        * tl_data = NULL;
+    krb5_octet          * tmp;
+                                                                                                                            
+    /* copy the new data first, so we can fail cleanly if malloc()
+       fails */
+    if ((tmp = (krb5_octet *) krb5_db_alloc(context, NULL, new_tl_data->tl_data_length)) == NULL)
+        return(ENOMEM);
+                                                                                                                            
+    /* Find an existing entry of the specified type and point at
+       it, or NULL if not found */
+
+    if( new_tl_data->tl_data_type != KRB5_TL_DB_ARGS ) /* db_args can be multiple */
+    {
+       for (tl_data = entry->tl_data; tl_data; tl_data = tl_data->tl_data_next)
+           if (tl_data->tl_data_type == new_tl_data->tl_data_type)
+               break;
+    }
+                                                                                                           
+    /* if necessary, chain a new record in the beginning and point at it */
+                                                                                                                            
+    if (!tl_data) {
+        if ((tl_data = (krb5_tl_data *) krb5_db_alloc(context, NULL,  sizeof(krb5_tl_data)))
+            == NULL) {
+            free(tmp);
+            return(ENOMEM);
+        }
+       memset( tl_data, 0, sizeof(krb5_tl_data));
+        tl_data->tl_data_next = entry->tl_data;
+        entry->tl_data = tl_data;
+        entry->n_tl_data++;
+    }
+                                                                                                                            
+    /* fill in the record */
+                                                                                                                            
+    if (tl_data->tl_data_contents)
+        krb5_db_free(context, tl_data->tl_data_contents);
+                                                                                                                            
+    tl_data->tl_data_type = new_tl_data->tl_data_type;
+    tl_data->tl_data_length = new_tl_data->tl_data_length;
+    tl_data->tl_data_contents = tmp;
+    memcpy(tmp, new_tl_data->tl_data_contents, tl_data->tl_data_length);
+                                                                                                                            
+    return(0);
+}
+                                                                                                                            
+
+
+/* change password functions */
+krb5_error_code
+krb5_dbe_cpw( krb5_context       kcontext,
+             krb5_keyblock       * master_key,
+             krb5_key_salt_tuple       * ks_tuple,
+             int                         ks_tuple_count,
+             char              * passwd,
+             int                         new_kvno,
+             krb5_boolean        keepold,
+             krb5_db_entry     * db_entry)
+{
+    krb5_error_code status = 0;
+    kdb5_dal_handle *dal_handle;
+
+    if( kcontext->db_context == NULL )
+    {
+       status = kdb_setup_lib_handle( kcontext );
+       if( status )
+       {
+           goto clean_n_exit;
+       }
+    }
+
+    dal_handle = (kdb5_dal_handle *) kcontext->db_context;
+    status  = kdb_lock_lib_lock( dal_handle->lib_handle, FALSE );
+    if( status )
+    {
+       goto clean_n_exit;
+    }
+
+    status = dal_handle->lib_handle->vftabl.db_change_pwd( kcontext,
+                                                          master_key,
+                                                          ks_tuple,
+                                                          ks_tuple_count,
+                                                          passwd,
+                                                          new_kvno,
+                                                          keepold,
+                                                          db_entry );
+    kdb_unlock_lib_lock( dal_handle->lib_handle, FALSE );
+
+ clean_n_exit:
+    return status;
+}
+
+
+/* policy management functions */
+krb5_error_code krb5_db_create_policy( krb5_context kcontext, osa_policy_ent_t policy)
+{
+    krb5_error_code status = 0;
+    kdb5_dal_handle *dal_handle;
+
+    if( kcontext->db_context == NULL )
+    {
+        status = kdb_setup_lib_handle( kcontext );
+        if( status )
+        {
+            goto clean_n_exit;
+        }
+    }
+
+    dal_handle = (kdb5_dal_handle *) kcontext->db_context;
+    status  = kdb_lock_lib_lock( dal_handle->lib_handle, FALSE );
+    if( status )
+    {
+       goto clean_n_exit;
+    }
+
+    status = dal_handle->lib_handle->vftabl.db_create_policy(kcontext, policy);
+    kdb_unlock_lib_lock( dal_handle->lib_handle, FALSE );
+
+ clean_n_exit:
+    return status;
+}
+
+krb5_error_code krb5_db_get_policy ( krb5_context kcontext, char *name, osa_policy_ent_t *policy, int *cnt)
+{
+    krb5_error_code status = 0;
+    kdb5_dal_handle *dal_handle;
+
+    if( kcontext->db_context == NULL )
+    {
+        status = kdb_setup_lib_handle( kcontext );
+        if( status )
+        {
+            goto clean_n_exit;
+        }
+    }
+
+    dal_handle = (kdb5_dal_handle *) kcontext->db_context;
+    status  = kdb_lock_lib_lock( dal_handle->lib_handle, FALSE );
+    if( status )
+    {
+       goto clean_n_exit;
+    }
+
+    status = dal_handle->lib_handle->vftabl.db_get_policy(kcontext, name, policy, cnt);
+    kdb_unlock_lib_lock( dal_handle->lib_handle, FALSE );
+
+ clean_n_exit:
+    return status;
+}
+
+krb5_error_code krb5_db_put_policy( krb5_context kcontext, osa_policy_ent_t policy)
+{
+    krb5_error_code status = 0;
+    kdb5_dal_handle *dal_handle;
+
+    if( kcontext->db_context == NULL )
+    {
+        status = kdb_setup_lib_handle( kcontext );
+        if( status )
+        {
+            goto clean_n_exit;
+        }
+    }
+
+    dal_handle = (kdb5_dal_handle *) kcontext->db_context;
+    status  = kdb_lock_lib_lock( dal_handle->lib_handle, FALSE );
+    if( status )
+    {
+       goto clean_n_exit;
+    }
+
+    status = dal_handle->lib_handle->vftabl.db_put_policy(kcontext, policy);
+    kdb_unlock_lib_lock( dal_handle->lib_handle, FALSE );
+
+ clean_n_exit:
+    return status;
+}
+krb5_error_code krb5_db_iter_policy( krb5_context kcontext, char *match_entry, osa_adb_iter_policy_func func, void *data)
+{
+    krb5_error_code status = 0;
+    kdb5_dal_handle *dal_handle;
+
+    if( kcontext->db_context == NULL )
+    {
+        status = kdb_setup_lib_handle( kcontext );
+        if( status )
+        {
+            goto clean_n_exit;
+        }
+    }
+
+    dal_handle = (kdb5_dal_handle *) kcontext->db_context;
+    status  = kdb_lock_lib_lock( dal_handle->lib_handle, FALSE );
+    if( status )
+    {
+       goto clean_n_exit;
+    }
+
+    status = dal_handle->lib_handle->vftabl.db_iter_policy(kcontext, match_entry, func, data);
+    kdb_unlock_lib_lock( dal_handle->lib_handle, FALSE );
+
+ clean_n_exit:
+    return status;
+}
+
+krb5_error_code krb5_db_delete_policy( krb5_context kcontext, char *policy)
+{
+    krb5_error_code status = 0;
+    kdb5_dal_handle *dal_handle;
+
+    if( kcontext->db_context == NULL )
+    {
+        status = kdb_setup_lib_handle( kcontext );
+        if( status )
+        {
+            goto clean_n_exit;
+        }
+    }
+
+    dal_handle = (kdb5_dal_handle *) kcontext->db_context;
+    status  = kdb_lock_lib_lock( dal_handle->lib_handle, FALSE );
+    if( status )
+    {
+       goto clean_n_exit;
+    }
+
+    status = dal_handle->lib_handle->vftabl.db_delete_policy(kcontext, policy);
+    kdb_unlock_lib_lock( dal_handle->lib_handle, FALSE );
+
+ clean_n_exit:
+    return status;
+}
+
+void krb5_db_free_policy( krb5_context kcontext, osa_policy_ent_t policy)
+{
+    krb5_error_code status = 0;
+    kdb5_dal_handle *dal_handle;
+
+    if( kcontext->db_context == NULL )
+    {
+        status = kdb_setup_lib_handle( kcontext );
+        if( status )
+        {
+            goto clean_n_exit;
+        }
+    }
+
+    dal_handle = (kdb5_dal_handle *) kcontext->db_context;
+    status  = kdb_lock_lib_lock( dal_handle->lib_handle, FALSE );
+    if( status )
+    {
+       goto clean_n_exit;
+    }
+
+    dal_handle->lib_handle->vftabl.db_free_policy(kcontext, policy);
+    kdb_unlock_lib_lock( dal_handle->lib_handle, FALSE );
+
+ clean_n_exit:
+    return;
+}
+
diff --git a/src/lib/kdb/kdb5.h b/src/lib/kdb/kdb5.h
new file mode 100644 (file)
index 0000000..93b594a
--- /dev/null
@@ -0,0 +1,219 @@
+#ifndef _KRB5_KDB5_H_
+#define _KRB5_KDB5_H_
+
+#if HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+
+#include <errno.h>
+#include <utime.h>
+#include <utime.h>
+#include <k5-int.h>
+#include "err_handle.h"
+
+#define KDB_MAX_DB_NAME 128
+#define KDB_REALM_SECTION  "realms"
+#define KDB_MODULE_POINTER "database_module"
+#define KDB_MODULE_SECTION "db_modules"
+#define KDB_LIB_POINTER    "db_library"
+#define KDB_DATABASE_CONF_FILE  DEFAULT_SECURE_PROFILE_PATH
+#define KDB_DATABASE_ENV_PROF KDC_PROFILE_ENV
+
+#define KRB5_KDB_OPEN_RW                0
+#define KRB5_KDB_OPEN_RO                1
+
+#define KRB5_KDB_OPT_SET_DB_NAME        0
+#define KRB5_KDB_OPT_SET_LOCK_MODE      1
+
+#define KRB5_DB_GET_DB_CONTEXT(kcontext)   ( ((kdb5_dal_handle*) (kcontext)->db_context)->db_context )
+#define KRB5_DB_GET_PROFILE(kcontext)  ( (kcontext)->profile )
+#define KRB5_DB_GET_REALM(kcontext)    ( (kcontext)->default_realm )
+
+#ifndef KRB5_DB_LOCKMODE_SHARED
+#define KRB5_DB_LOCKMODE_SHARED       0x0001
+#endif
+
+#ifndef KRB5_DB_LOCKMODE_EXCLUSIVE
+#define KRB5_DB_LOCKMODE_EXCLUSIVE    0x0002
+#endif
+
+#ifndef KRB5_DB_LOCKMODE_DONTBLOCK
+#define KRB5_DB_LOCKMODE_DONTBLOCK    0x0004
+#endif
+
+#ifndef KRB5_DB_LOCKMODE_PERMANENT
+#define KRB5_DB_LOCKMODE_PERMANENT    0x0008
+#endif
+
+typedef struct _kdb_vftabl{
+    short int maj_ver;
+    short int min_ver;
+
+    short int is_thread_safe;
+
+    krb5_error_code (*init_library)(krb5_set_err_func_t);
+    krb5_error_code (*fini_library)();
+    krb5_error_code (*init_module) ( krb5_context kcontext,
+                                    char * conf_section,
+                                    char ** db_args,
+                                    int mode );
+
+    krb5_error_code (*fini_module) ( krb5_context kcontext );
+
+    krb5_error_code (*db_create) ( krb5_context kcontext,
+                                  char * conf_section,
+                                  char ** db_args );
+
+    krb5_error_code (*db_destroy) ( krb5_context kcontext,
+                                   char *conf_section,
+                                   char ** db_args );
+
+    krb5_error_code (*db_get_age) ( krb5_context kcontext, 
+                                   char *db_name, 
+                                   time_t *age );
+
+    krb5_error_code (*db_set_option) ( krb5_context kcontext,
+                                      int option,
+                                      void *value );
+
+    krb5_error_code (*db_lock) ( krb5_context kcontext,
+                                int mode );
+
+    krb5_error_code (*db_unlock) ( krb5_context kcontext);
+
+    krb5_error_code (*db_get_principal) ( krb5_context kcontext,
+                                         krb5_const_principal search_for,
+                                         krb5_db_entry *entries,
+                                         int *nentries,
+                                         krb5_boolean *more );
+
+    krb5_error_code (*db_free_principal) ( krb5_context kcontext,
+                                          krb5_db_entry *entry,
+                                          int count );
+
+    krb5_error_code (*db_put_principal) ( krb5_context kcontext,
+                                         krb5_db_entry *entries,
+                                         int *nentries,
+                                         char **db_args);
+
+    krb5_error_code (*db_delete_principal) ( krb5_context kcontext,
+                                            krb5_const_principal search_for,
+                                            int *nentries );
+
+    krb5_error_code (*db_iterate) ( krb5_context kcontext,
+                                   char *match_entry,
+                                   int (*func) (krb5_pointer, krb5_db_entry *),
+                                   krb5_pointer func_arg );
+
+    krb5_error_code (*db_create_policy) ( krb5_context kcontext,
+                                         osa_policy_ent_t policy );
+
+    krb5_error_code (*db_get_policy) ( krb5_context kcontext,
+                                      char *name,
+                                      osa_policy_ent_t *policy,
+                                      int *cnt);
+
+    krb5_error_code (*db_put_policy) ( krb5_context kcontext,
+                                      osa_policy_ent_t policy );
+
+    krb5_error_code (*db_iter_policy) ( krb5_context kcontext,
+                                       char *match_entry,
+                                       osa_adb_iter_policy_func func,
+                                       void *data );
+
+
+    krb5_error_code (*db_delete_policy) ( krb5_context kcontext,
+                                         char *policy );
+
+    void (*db_free_policy) ( krb5_context kcontext,
+                            osa_policy_ent_t val );
+
+    krb5_error_code (*db_supported_realms) ( krb5_context kcontext,
+                                           char **realms );
+
+    krb5_error_code (*db_free_supported_realms) ( krb5_context kcontext,
+                                                 char **realms );
+
+
+    const char * (*errcode_2_string) ( krb5_context kcontext,
+                                      long err_code );
+
+    void * (*db_alloc) (krb5_context kcontext, void *ptr, size_t size);
+    void   (*db_free)  (krb5_context kcontext, void *ptr);
+
+
+
+    /* optional functions */
+    krb5_error_code (*set_master_key)    ( krb5_context kcontext, 
+                                          char *pwd, 
+                                          krb5_keyblock *key);
+
+    krb5_error_code (*get_master_key)    ( krb5_context kcontext,
+                                          krb5_keyblock **key);
+
+
+    krb5_error_code (*setup_master_key_name) ( krb5_context kcontext,
+                                              char *keyname,
+                                              char *realm, 
+                                              char **fullname, 
+                                              krb5_principal  *principal);
+
+    krb5_error_code (*store_master_key)  ( krb5_context kcontext, 
+                                          char *db_arg, 
+                                          krb5_principal mname,
+                                          krb5_keyblock *key,
+                                          char *master_pwd);
+
+    krb5_error_code (*fetch_master_key)  ( krb5_context kcontext,
+                                          krb5_principal mname,
+                                          krb5_keyblock *key,
+                                          int *kvno,
+                                          char *db_args);
+
+    krb5_error_code (*verify_master_key) ( krb5_context kcontext,
+                                          krb5_principal mprinc,
+                                          krb5_keyblock *mkey );
+
+    krb5_error_code (*dbe_search_enctype) ( krb5_context kcontext, 
+                                           krb5_db_entry *dbentp, 
+                                           krb5_int32 *start, 
+                                           krb5_int32 ktype, 
+                                           krb5_int32 stype, 
+                                           krb5_int32 kvno, 
+                                           krb5_key_data **kdatap);
+    
+
+    krb5_error_code
+    (*db_change_pwd) ( krb5_context      context,
+                      krb5_keyblock       * master_key,
+                      krb5_key_salt_tuple      * ks_tuple,
+                      int                        ks_tuple_count,
+                      char             * passwd,
+                      int                        new_kvno,
+                      krb5_boolean       keepold,
+                      krb5_db_entry    * db_entry);
+
+} kdb_vftabl;
+
+typedef struct _db_library {
+    char name[KDB_MAX_DB_NAME];
+    int reference_cnt;
+#ifdef HAVE_PTHREAD_H
+    pthread_mutex_t lib_lock;
+    pthread_cond_t unlocked; /*  To check whether some one has called db_unlock */
+    int recursive_cnt;               /* this is used as lock to help recursive locking */
+    pthread_t lock_holder;
+    int excl;
+#endif
+    void *dl_handle;
+    kdb_vftabl vftabl;
+    struct _db_library *next, *prev;
+} *db_library;
+
+typedef struct _kdb5_dal_handle
+{
+    void *db_context;               /* helps us to change db_library without affecting modules to some extend */
+    db_library lib_handle;
+} kdb5_dal_handle;
+
+#endif  /* end of _KRB5_KDB5_H_ */
index 962a2b540ac1fdd4941e20f0a9bae312edd4a921..f873a3945a8b783fe60a00038a50b7cd2132f0c9 100644 (file)
@@ -52,7 +52,6 @@
  */
 
 #include "k5-int.h"
-#include "krb5/adm.h"
 #include <stdio.h>
 #include <errno.h>
 
@@ -86,11 +85,11 @@ cleanup_key_data(context, count, data)
     for (i = 0; i < count; i++) {
        for (j = 0; j < data[i].key_data_ver; j++) {
            if (data[i].key_data_length[j]) {
-               free(data[i].key_data_contents[j]);
+               krb5_db_free(context, data[i].key_data_contents[j]);
            }
        }
     }
-    free(data);
+    krb5_db_free(context, data);
 }
 
 static krb5_error_code
@@ -106,8 +105,13 @@ add_key_rnd(context, master_key, ks_tuple, ks_tuple_count, db_entry, kvno)
     krb5_keyblock        key;
     krb5_db_entry        krbtgt_entry;
     krb5_boolean         more;
-    int                          max_kvno, one, i, j;
+    int                          max_kvno, one, i, j, k;
     krb5_error_code      retval;
+    krb5_key_data         tmp_key_data;
+    krb5_key_data        *tptr;
+
+    memset( &tmp_key_data, 0, sizeof(tmp_key_data));
+
 
     retval = krb5_build_principal_ext(context, &krbtgt_princ,
                                      db_entry->princ->realm.length,
@@ -176,19 +180,59 @@ add_key_rnd(context, master_key, ks_tuple, ks_tuple_count, db_entry, kvno)
                                             &key)))
            goto add_key_rnd_err;
 
+
+       /* db library will free this. Since, its a so, it could actually be using different memory management
+          function. So, its better if the memory is allocated by the db's malloc. So, a temporary memory is used
+          here which will later be copied to the db_entry */
        retval = krb5_dbekd_encrypt_key_data(context, master_key, 
                                             &key, NULL, kvno, 
-                                            &db_entry->key_data[db_entry->n_key_data-1]);
+                                            &tmp_key_data); 
 
        krb5_free_keyblock_contents(context, &key);
-
-       if (retval)
+       if( retval )
            goto add_key_rnd_err;
+
+       tptr = &db_entry->key_data[db_entry->n_key_data-1];
+
+       tptr->key_data_ver = tmp_key_data.key_data_ver;
+       tptr->key_data_kvno = tmp_key_data.key_data_kvno;
+
+       for( k = 0; k < tmp_key_data.key_data_ver; k++ )
+       {
+           tptr->key_data_type[k] = tmp_key_data.key_data_type[k];
+           tptr->key_data_length[k] = tmp_key_data.key_data_length[k];
+           if( tmp_key_data.key_data_contents[k] )
+           {
+               tptr->key_data_contents[k] = krb5_db_alloc(context, NULL, tmp_key_data.key_data_length[k]);
+               if( tptr->key_data_contents[k] == NULL )
+               {
+                   cleanup_key_data(context, db_entry->n_key_data, db_entry->key_data);
+                   db_entry->key_data = NULL;
+                   db_entry->n_key_data = 0;
+                   retval = ENOMEM;
+                   goto add_key_rnd_err;
+               }
+               memcpy( tptr->key_data_contents[k], tmp_key_data.key_data_contents[k], tmp_key_data.key_data_length[k]);
+
+               memset( tmp_key_data.key_data_contents[k], 0, tmp_key_data.key_data_length[k]);
+               free( tmp_key_data.key_data_contents[k] );
+               tmp_key_data.key_data_contents[k] = NULL;
+           }
+       }
+
     }
 
 add_key_rnd_err:
     krb5_db_free_principal(context, &krbtgt_entry, one);
 
+    for( i = 0; i < tmp_key_data.key_data_ver; i++ )
+    {
+       if( tmp_key_data.key_data_contents[i] )
+       {
+           memset( tmp_key_data.key_data_contents[i], 0, tmp_key_data.key_data_length[i]);
+           free( tmp_key_data.key_data_contents[i] );
+       }
+    }
     return(retval);
 }
 
@@ -242,6 +286,7 @@ krb5_dbe_crk(context, master_key, ks_tuple, ks_tuple_count, keepold, db_entry)
            db_entry->key_data[i+n_new_key_data] = key_data[i];
            memset(&key_data[i], 0, sizeof(krb5_key_data));
        }
+       krb5_db_free(context, key_data); /* we moved the cotents to new memory. But, the original block which contained the data */
     } else {
        cleanup_key_data(context, key_data_count, key_data);
     }
@@ -321,7 +366,11 @@ add_key_pwd(context, master_key, ks_tuple, ks_tuple_count, passwd,
     krb5_keysalt         key_salt;
     krb5_keyblock        key;
     krb5_data            pwd;
-    int                          i, j;
+    int                          i, j, k;
+    krb5_key_data         tmp_key_data;
+    krb5_key_data        *tptr;
+
+    memset( &tmp_key_data, 0, sizeof(tmp_key_data));
 
     retval = 0;
 
@@ -424,18 +473,56 @@ add_key_pwd(context, master_key, ks_tuple, ks_tuple_count, passwd,
            key_salt.data.length = 
              krb5_princ_realm(context, db_entry->princ)->length;
 
-       if ((retval = krb5_dbekd_encrypt_key_data(context, master_key, &key,
-                    (const krb5_keysalt *)&key_salt,
-                    kvno, &db_entry->key_data[db_entry->n_key_data-1]))) {
-           if (key_salt.data.data)
-                free(key_salt.data.data);
-           krb5_xfree(key.contents);
-           return(retval);
-       }
+       /* memory allocation to be done by db. So, use temporary block and later copy
+          it to the memory allocated by db */
+       retval = krb5_dbekd_encrypt_key_data(context, master_key, &key,
+                                            (const krb5_keysalt *)&key_salt,
+                                            kvno, &tmp_key_data);
        if (key_salt.data.data)
-            free(key_salt.data.data);
+           free(key_salt.data.data);
        krb5_xfree(key.contents);
+
+       if( retval )
+           return retval;
+
+       tptr = &db_entry->key_data[db_entry->n_key_data-1];
+
+       tptr->key_data_ver = tmp_key_data.key_data_ver;
+       tptr->key_data_kvno = tmp_key_data.key_data_kvno;
+
+       for( k = 0; k < tmp_key_data.key_data_ver; k++ )
+       {
+           tptr->key_data_type[k] = tmp_key_data.key_data_type[k];
+           tptr->key_data_length[k] = tmp_key_data.key_data_length[k];
+           if( tmp_key_data.key_data_contents[k] )
+           {
+               tptr->key_data_contents[k] = krb5_db_alloc(context, NULL, tmp_key_data.key_data_length[k]);
+               if( tptr->key_data_contents[k] == NULL )
+               {
+                   cleanup_key_data(context, db_entry->n_key_data, db_entry->key_data);
+                   db_entry->key_data = NULL;
+                   db_entry->n_key_data = 0;
+                   retval = ENOMEM;
+                   goto add_key_pwd_err;
+               }
+               memcpy( tptr->key_data_contents[k], tmp_key_data.key_data_contents[k], tmp_key_data.key_data_length[k]);
+
+               memset( tmp_key_data.key_data_contents[k], 0, tmp_key_data.key_data_length[k]);
+               free( tmp_key_data.key_data_contents[k] );
+               tmp_key_data.key_data_contents[k] = NULL;
+           }
+       }
+    }
+ add_key_pwd_err:
+    for( i = 0; i < tmp_key_data.key_data_ver; i++ )
+    {
+       if( tmp_key_data.key_data_contents[i] )
+       {
+           memset( tmp_key_data.key_data_contents[i], 0, tmp_key_data.key_data_length[i]);
+           free( tmp_key_data.key_data_contents[i] );
+       }
     }
+
     return(retval);
 }
 
@@ -446,7 +533,7 @@ add_key_pwd(context, master_key, ks_tuple, ks_tuple_count, passwd,
  * As a side effect all old keys are nuked if keepold is false.
  */
 krb5_error_code
-krb5_dbe_cpw(context, master_key, ks_tuple, ks_tuple_count, passwd,
+krb5_dbe_def_cpw(context, master_key, ks_tuple, ks_tuple_count, passwd,
             new_kvno, keepold, db_entry)
     krb5_context         context;
     krb5_keyblock       * master_key;
@@ -495,6 +582,7 @@ krb5_dbe_cpw(context, master_key, ks_tuple, ks_tuple_count, passwd,
            db_entry->key_data[i+n_new_key_data] = key_data[i];
            memset(&key_data[i], 0, sizeof(krb5_key_data));
        }
+       krb5_db_free( context, key_data );
     } else {
        cleanup_key_data(context, key_data_count, key_data);
     }
@@ -556,3 +644,5 @@ krb5_dbe_apw(context, master_key, ks_tuple, ks_tuple_count, passwd, db_entry)
     }
     return(retval);
 }
+
+
diff --git a/src/lib/kdb/kdb_db2/ChangeLog b/src/lib/kdb/kdb_db2/ChangeLog
new file mode 100644 (file)
index 0000000..6ebc2a0
--- /dev/null
@@ -0,0 +1,17 @@
+2005-06-20  Ken Raeburn  <raeburn@mit.edu>
+
+       Novell merge.
+       * Makefile.in:
+       * adb_openclose.c:
+       * adb_policy.c:
+       * configure.in:
+       * db2_exp.c:
+       * kdb_compat.h:
+       * kdb_db2.c:
+       * kdb_db2.h:
+       * kdb_xdr.c:
+       * kdb_xdr.h:
+       * libkdb_db2.exports:
+       * pol_xdr.c:
+       * policy_db.h:
+
diff --git a/src/lib/kdb/kdb_db2/Makefile.in b/src/lib/kdb/kdb_db2/Makefile.in
new file mode 100644 (file)
index 0000000..ebd39f0
--- /dev/null
@@ -0,0 +1,150 @@
+thisconfigdir=.
+myfulldir=lib/kdb/kdb_db2
+mydir=.
+BUILDTOP=$(REL)..$(S)..$(S)..
+KRB5_RUN_ENV = @KRB5_RUN_ENV@
+KRB5_CONFIG_SETUP = KRB5_CONFIG=$(SRCTOP)/config-files/krb5.conf ; export KRB5_CONFIG ;
+PROG_LIBPATH=-L$(TOPLIBD)
+PROG_RPATH=$(KRB5_LIBDIR)
+
+LOCALINCLUDES = -I..
+
+LIBBASE=kdb_db2
+LIB=$(LIBBASE)
+LIBMAJOR=4
+LIBMINOR=0
+RELDIR=kdb/kdb_db2
+SO_EXT=.so
+# Depends on libk5crypto and libkrb5
+
+SHLIB_EXPDEPS = \
+       $(TOPLIBD)/libk5crypto$(SHLIBEXT) \
+       $(TOPLIBD)/libkrb5$(SHLIBEXT)
+SHLIB_EXPLIBS=-lkrb5 -lcom_err -lk5crypto $(KDB5_DB_LIB) $(LIBS)
+SHLIB_DIRS=-L$(TOPLIBD)
+SHLIB_RDIRS=$(KRB5_LIBDIR)
+
+DBDIR = $(BUILDTOP)/util/db2
+DBOBJLISTS = $(DBOBJLISTS-@DB_VERSION@)
+DBOBJLISTS-sys =
+DBOBJLISTS-k5 = $(DBDIR)/hash/OBJS.ST $(DBDIR)/btree/OBJS.ST \
+       $(DBDIR)/db/OBJS.ST $(DBDIR)/mpool/OBJS.ST $(DBDIR)/recno/OBJS.ST \
+       $(DBDIR)/clib/OBJS.ST
+
+all:: lib$(LIB)$(SO_EXT)
+
+SRCS= \
+       $(srcdir)/kdb_xdr.c \
+       $(srcdir)/adb_openclose.c \
+       $(srcdir)/adb_policy.c \
+       $(srcdir)/kdb_db2.c \
+       $(srcdir)/pol_xdr.c \
+       $(srcdir)/db2_exp.c
+
+STOBJLISTS=OBJS.ST $(DBOBJLISTS)
+STLIBOBJS= \
+       kdb_xdr.o \
+       adb_openclose.o \
+       adb_policy.o \
+       kdb_db2.o \
+       pol_xdr.o \
+       db2_exp.o
+
+all-unix:: all-liblinks
+install-unix:: install-libs
+clean-unix:: clean-liblinks clean-libs clean-libobjs
+
+lib$(LIB)$(SO_EXT):  db2_exp.o # lib$(LIB)$(STLIBEXT)
+       $(CC) -shared -o $@ -L$(TOPLIBD) $^ -lgssrpc -ldb $(SHLIB_EXPLIBS) 
+
+clean::
+       $(RM) lib$(LIB)$(SO_EXT) db2_exp.o
+
+
+t_kdb: t_kdb.o $(OBJS) $(KDB5_DEPLIBS) $(KRB5_BASE_DEPLIBS)
+       $(CC_LINK) -o t_kdb t_kdb.o $(OBJS) $(KDB5_LIBS) $(KRB5_BASE_LIBS)
+
+check::        t_kdb
+       $(RM) test_db
+       $(KRB5_CONFIG_SETUP) $(KRB5_RUN_ENV) ./t_kdb -tcv
+       $(KRB5_CONFIG_SETUP) $(KRB5_RUN_ENV) ./t_kdb -tcvr
+
+clean::
+       $(RM) t_kdb t_kdb.o
+
+
+adb_openclose.c adb_policy.c : ../adb_err.h
+
+# @lib_frag@
+# @libobj_frag@
+
+# +++ Dependency line eater +++
+# 
+# Makefile dependencies follow.  This must be the last section in
+# the Makefile.in file
+#
+kdb_xdr.so kdb_xdr.po $(OUTPRE)kdb_xdr.$(OBJEXT): kdb_xdr.c \
+  $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/krb5/osconf.h \
+  $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/k5-platform.h \
+  $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/k5-thread.h \
+  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h \
+  $(SRCTOP)/include/port-sockets.h $(BUILDTOP)/include/krb5/autoconf.h \
+  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
+  kdb_xdr.h
+adb_openclose.so adb_openclose.po $(OUTPRE)adb_openclose.$(OBJEXT): \
+  adb_openclose.c $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/krb5/osconf.h \
+  $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/k5-platform.h \
+  $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/k5-thread.h \
+  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h \
+  $(SRCTOP)/include/port-sockets.h $(BUILDTOP)/include/krb5/autoconf.h \
+  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
+  policy_db.h $(SRCTOP)/include/krb5/kdb.h $(DB_DEPS) \
+  $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/gssrpc/rename.h \
+  $(BUILDTOP)/include/gssrpc/xdr.h ../adb_err.h
+adb_policy.so adb_policy.po $(OUTPRE)adb_policy.$(OBJEXT): \
+  adb_policy.c policy_db.h $(SRCTOP)/include/k5-int.h \
+  $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \
+  $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5/autoconf.h \
+  $(SRCTOP)/include/k5-thread.h $(BUILDTOP)/include/krb5.h \
+  $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+  $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/socket-utils.h \
+  $(SRCTOP)/include/krb5/kdb.h $(SRCTOP)/include/krb5/kdb.h \
+  $(DB_DEPS) $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/gssrpc/rename.h \
+  $(BUILDTOP)/include/gssrpc/xdr.h ../adb_err.h
+kdb_db2.so kdb_db2.po $(OUTPRE)kdb_db2.$(OBJEXT): kdb_db2.c \
+  $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/krb5/osconf.h \
+  $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/k5-platform.h \
+  $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/k5-thread.h \
+  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h \
+  $(SRCTOP)/include/port-sockets.h $(BUILDTOP)/include/krb5/autoconf.h \
+  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
+  $(DB_DEPS) $(srcdir)/../kdb5.h $(SRCTOP)/include/k5-int.h \
+  $(srcdir)/../err_handle.h kdb_db2.h policy_db.h $(SRCTOP)/include/krb5/kdb.h \
+  $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/gssrpc/rename.h \
+  $(BUILDTOP)/include/gssrpc/xdr.h ../adb_err.h kdb_xdr.h \
+  kdb_compat.h
+pol_xdr.so pol_xdr.po $(OUTPRE)pol_xdr.$(OBJEXT): pol_xdr.c \
+  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(BUILDTOP)/include/gssrpc/rpc.h \
+  $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/gssrpc/rename.h \
+  $(BUILDTOP)/include/gssrpc/xdr.h $(BUILDTOP)/include/gssrpc/auth.h \
+  $(BUILDTOP)/include/gssrpc/clnt.h $(BUILDTOP)/include/gssrpc/rpc_msg.h \
+  $(BUILDTOP)/include/gssrpc/auth_unix.h $(BUILDTOP)/include/gssrpc/auth_gss.h \
+  $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/svc_auth.h \
+  $(BUILDTOP)/include/gssrpc/svc.h $(SRCTOP)/include/krb5/kdb.h \
+  policy_db.h $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/krb5/osconf.h \
+  $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/k5-platform.h \
+  $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/k5-thread.h \
+  $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \
+  $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/socket-utils.h \
+  $(SRCTOP)/include/krb5/kdb.h $(DB_DEPS) ../adb_err.h
+db2_exp.so db2_exp.po $(OUTPRE)db2_exp.$(OBJEXT): db2_exp.c \
+  $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/krb5/osconf.h \
+  $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/k5-platform.h \
+  $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/k5-thread.h \
+  $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h \
+  $(SRCTOP)/include/port-sockets.h $(BUILDTOP)/include/krb5/autoconf.h \
+  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \
+  $(DB_DEPS) $(srcdir)/../kdb5.h $(SRCTOP)/include/k5-int.h \
+  $(srcdir)/../err_handle.h kdb_db2.h policy_db.h $(SRCTOP)/include/krb5/kdb.h \
+  $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/gssrpc/rename.h \
+  $(BUILDTOP)/include/gssrpc/xdr.h ../adb_err.h kdb_xdr.h
similarity index 89%
rename from src/lib/kadm5/srv/adb_openclose.c
rename to src/lib/kdb/kdb_db2/adb_openclose.c
index 7bb671e9c057a71fc62c85662b1ce7814075f1f1..97ce1123b256f3b0dcf1bc6fdd3a44d8fe94df7c 100644 (file)
@@ -11,8 +11,10 @@ static char *rcsid = "$Header$";
 #include       <sys/file.h>
 #include       <fcntl.h>
 #include       <unistd.h>
-#include       "adb.h"
+#include        <k5-int.h>
+#include       "policy_db.h"
 #include       <stdlib.h>
+#include        <db.h>
 
 #define MAX_LOCK_TRIES 5
 
@@ -21,8 +23,8 @@ struct _locklist {
      struct _locklist *next;
 };
 
-osa_adb_ret_t osa_adb_create_db(char *filename, char *lockfilename,
-                               int magic)
+krb5_error_code osa_adb_create_db(char *filename, char *lockfilename,
+                                 int magic)
 {
      int lf;
      DB *db;
@@ -51,7 +53,7 @@ osa_adb_ret_t osa_adb_create_db(char *filename, char *lockfilename,
      return OSA_ADB_OK;
 }
 
-osa_adb_ret_t osa_adb_destroy_db(char *filename, char *lockfilename,
+krb5_error_code osa_adb_destroy_db(char *filename, char *lockfilename,
                                 int magic)
 {
      /* the admin databases do not contain security-critical data */
@@ -61,11 +63,11 @@ osa_adb_ret_t osa_adb_destroy_db(char *filename, char *lockfilename,
      return OSA_ADB_OK;
 }
 
-osa_adb_ret_t osa_adb_rename_db(char *filefrom, char *lockfrom,
+krb5_error_code osa_adb_rename_db(char *filefrom, char *lockfrom,
                                char *fileto, char *lockto, int magic)
 {
      osa_adb_db_t fromdb, todb;
-     osa_adb_ret_t ret;
+     krb5_error_code ret;
 
      /* make sure todb exists */
      if ((ret = osa_adb_create_db(fileto, lockto, magic)) &&
@@ -78,12 +80,12 @@ osa_adb_ret_t osa_adb_rename_db(char *filefrom, char *lockfrom,
          (void) osa_adb_fini_db(fromdb, magic);
          return ret;
      }
-     if ((ret = osa_adb_get_lock(fromdb, OSA_ADB_PERMANENT))) {
+     if ((ret = osa_adb_get_lock(fromdb, KRB5_DB_LOCKMODE_PERMANENT))) {
          (void) osa_adb_fini_db(fromdb, magic);
          (void) osa_adb_fini_db(todb, magic);
          return ret;
      }
-     if ((ret = osa_adb_get_lock(todb, OSA_ADB_PERMANENT))) {
+     if ((ret = osa_adb_get_lock(todb, KRB5_DB_LOCKMODE_PERMANENT))) {
          (void) osa_adb_fini_db(fromdb, magic);
          (void) osa_adb_fini_db(todb, magic);
          return ret;
@@ -108,7 +110,7 @@ osa_adb_ret_t osa_adb_rename_db(char *filefrom, char *lockfrom,
      return 0;
 }
 
-osa_adb_ret_t osa_adb_init_db(osa_adb_db_t *dbp, char *filename,
+krb5_error_code osa_adb_init_db(osa_adb_db_t *dbp, char *filename,
                              char *lockfilename, int magic)
 {
      osa_adb_db_t db;
@@ -188,7 +190,7 @@ osa_adb_ret_t osa_adb_init_db(osa_adb_db_t *dbp, char *filename,
      if (lockp->lockinfo.lockfile == NULL) {
          if ((code = krb5_init_context(&lockp->lockinfo.context))) {
               free(db);
-              return((osa_adb_ret_t) code);
+              return((krb5_error_code) code);
          }
 
          /*
@@ -223,7 +225,7 @@ osa_adb_ret_t osa_adb_init_db(osa_adb_db_t *dbp, char *filename,
      return OSA_ADB_OK;
 }
 
-osa_adb_ret_t osa_adb_fini_db(osa_adb_db_t db, int magic)
+krb5_error_code osa_adb_fini_db(osa_adb_db_t db, int magic)
 {
      if (db->magic != magic)
          return EINVAL;
@@ -242,7 +244,7 @@ osa_adb_ret_t osa_adb_fini_db(osa_adb_db_t db, int magic)
           * after trashing it.  This has to be allowed, so don't
           * generate an error.
           */
-         if (db->lock->lockmode != OSA_ADB_PERMANENT)
+         if (db->lock->lockmode != KRB5_DB_LOCKMODE_PERMANENT)
               (void) fclose(db->lock->lockfile);
          db->lock->lockfile = NULL;
          krb5_free_context(db->lock->context);
@@ -254,9 +256,9 @@ osa_adb_ret_t osa_adb_fini_db(osa_adb_db_t db, int magic)
      return OSA_ADB_OK;
 }     
      
-osa_adb_ret_t osa_adb_get_lock(osa_adb_db_t db, int mode)
+krb5_error_code osa_adb_get_lock(osa_adb_db_t db, int mode)
 {
-     int tries, gotlock, perm, krb5_mode, ret;
+     int tries, gotlock, perm, krb5_mode, ret = 0;
 
      if (db->lock->lockmode >= mode) {
          /* No need to upgrade lock, just incr refcnt and return */
@@ -266,12 +268,12 @@ osa_adb_ret_t osa_adb_get_lock(osa_adb_db_t db, int mode)
 
      perm = 0;
      switch (mode) {
-       case OSA_ADB_PERMANENT:
+       case KRB5_DB_LOCKMODE_PERMANENT:
          perm = 1;
-       case OSA_ADB_EXCLUSIVE:
+       case KRB5_DB_LOCKMODE_EXCLUSIVE:
          krb5_mode = KRB5_LOCKMODE_EXCLUSIVE;
          break;
-       case OSA_ADB_SHARED:
+       case KRB5_DB_LOCKMODE_SHARED:
          krb5_mode = KRB5_LOCKMODE_SHARED;
          break;
        default:
@@ -284,7 +286,7 @@ osa_adb_ret_t osa_adb_get_lock(osa_adb_db_t db, int mode)
                                    krb5_mode|KRB5_LOCKMODE_DONTBLOCK)) == 0) {
               gotlock++;
               break;
-         } else if (ret == EBADF && mode == OSA_ADB_EXCLUSIVE)
+         } else if (ret == EBADF && mode == KRB5_DB_LOCKMODE_EXCLUSIVE)
               /* tried to exclusive-lock something we don't have */
               /* write access to */
               return OSA_ADB_NOEXCL_PERM;
@@ -339,7 +341,7 @@ osa_adb_ret_t osa_adb_get_lock(osa_adb_db_t db, int mode)
      return OSA_ADB_OK;
 }
 
-osa_adb_ret_t osa_adb_release_lock(osa_adb_db_t db)
+krb5_error_code osa_adb_release_lock(osa_adb_db_t db)
 {
      int ret, fd;
      
@@ -347,7 +349,7 @@ osa_adb_ret_t osa_adb_release_lock(osa_adb_db_t db)
          return OSA_ADB_NOTLOCKED;
 
      if (--db->lock->lockcnt == 0) {
-         if (db->lock->lockmode == OSA_ADB_PERMANENT) {
+         if (db->lock->lockmode == KRB5_DB_LOCKMODE_PERMANENT) {
               /* now we need to create the file since it does not exist */
                fd = THREEPARAMOPEN(db->lock->filename,O_RDWR | O_CREAT | O_EXCL,
                                    0600);
@@ -363,7 +365,7 @@ osa_adb_ret_t osa_adb_release_lock(osa_adb_db_t db)
      return OSA_ADB_OK;
 }
 
-osa_adb_ret_t osa_adb_open_and_lock(osa_adb_princ_t db, int locktype)
+krb5_error_code osa_adb_open_and_lock(osa_adb_princ_t db, int locktype)
 {
      int ret;
 
@@ -395,7 +397,7 @@ open_ok:
      return OSA_ADB_OK;
 }
 
-osa_adb_ret_t osa_adb_close_and_unlock(osa_adb_princ_t db)
+krb5_error_code osa_adb_close_and_unlock(osa_adb_princ_t db)
 {
      if (--db->opencnt)
          return osa_adb_release_lock(db);
similarity index 82%
rename from src/lib/kadm5/srv/adb_policy.c
rename to src/lib/kdb/kdb_db2/adb_policy.c
index f081551d733808bc0c64b85b9756c34e05c57dee..e338cbbd022437054ecc4bb6c78dc3a7d466e8a0 100644 (file)
@@ -10,12 +10,11 @@ static char *rcsid = "$Header$";
 
 #include       <sys/file.h>
 #include       <fcntl.h>
-#include       "adb.h"
+#include       "policy_db.h"
 #include       <stdlib.h>
 #include       <string.h>
 #include <errno.h>
 
-
 #define OPENLOCK(db, mode) \
 { \
        int olret; \
@@ -34,42 +33,6 @@ static char *rcsid = "$Header$";
          return cl_ret; \
 }
 
-osa_adb_ret_t osa_adb_create_policy_db(kadm5_config_params *params)
-{
-     return osa_adb_create_db(params->admin_dbname,
-                             params->admin_lockfile,
-                             OSA_ADB_POLICY_DB_MAGIC);
-}
-
-osa_adb_ret_t osa_adb_rename_policy_db(kadm5_config_params *fromparams,
-                                      kadm5_config_params *toparams)
-{
-     return osa_adb_rename_db(fromparams->admin_dbname,
-                             fromparams->admin_lockfile,
-                             toparams->admin_dbname,
-                             toparams->admin_lockfile,
-                             OSA_ADB_POLICY_DB_MAGIC);
-}
-
-osa_adb_ret_t osa_adb_destroy_policy_db(kadm5_config_params *params)
-{
-     return osa_adb_destroy_db(params->admin_dbname,
-                              params->admin_lockfile,
-                              OSA_ADB_POLICY_DB_MAGIC);
-}
-
-osa_adb_ret_t osa_adb_open_policy(osa_adb_princ_t *dbp,
-                                 kadm5_config_params *rparams)
-{
-     return osa_adb_init_db(dbp, rparams->admin_dbname,
-                           rparams->admin_lockfile,
-                           OSA_ADB_POLICY_DB_MAGIC);
-}
-
-osa_adb_ret_t osa_adb_close_policy(osa_adb_princ_t db)
-{
-     return osa_adb_fini_db(db, OSA_ADB_POLICY_DB_MAGIC);
-}
 
 /*
  * Function: osa_adb_create_policy
@@ -90,7 +53,7 @@ osa_adb_ret_t osa_adb_close_policy(osa_adb_princ_t db)
  *     the policy db.
  * 
  */
-osa_adb_ret_t
+krb5_error_code
 osa_adb_create_policy(osa_adb_policy_t db, osa_policy_ent_t entry)
 {
     DBT                        dbkey;
@@ -98,7 +61,7 @@ osa_adb_create_policy(osa_adb_policy_t db, osa_policy_ent_t entry)
     XDR                        xdrs;
     int                        ret;
 
-    OPENLOCK(db, OSA_ADB_EXCLUSIVE);
+    OPENLOCK(db, KRB5_DB_LOCKMODE_EXCLUSIVE);
 
     if(entry->name == NULL) {
         ret = EINVAL;
@@ -165,13 +128,13 @@ error:
  *     policy db.
  * 
  */
-osa_adb_ret_t
-osa_adb_destroy_policy(osa_adb_policy_t db, kadm5_policy_t name)
+krb5_error_code
+osa_adb_destroy_policy(osa_adb_policy_t db, char *name)
 {
     DBT            dbkey;
     int            status, ret;
 
-    OPENLOCK(db, OSA_ADB_EXCLUSIVE);
+    OPENLOCK(db, KRB5_DB_LOCKMODE_EXCLUSIVE);
     
     if(name == NULL) {
         ret = EINVAL;
@@ -211,15 +174,16 @@ error:
  *     db              (input) db handle
  *     name            (input) name of policy
  *     entry           (output) policy entry
+ *      cnt             (inout) Number of entries
  *     <return value>  0 on success, error code on failure.
  *
  * Requires:
  * Effects:
  * Modifies:
  */
-osa_adb_ret_t
-osa_adb_get_policy(osa_adb_policy_t db, kadm5_policy_t name,
-                  osa_policy_ent_t *entry)
+krb5_error_code
+osa_adb_get_policy(osa_adb_policy_t db, char *name,
+                  osa_policy_ent_t *entry, int *cnt)
 {
     DBT                        dbkey;
     DBT                        dbdata;
@@ -227,7 +191,9 @@ osa_adb_get_policy(osa_adb_policy_t db, kadm5_policy_t name,
     int                        ret;
     char               *aligned_data;
 
-    OPENLOCK(db, OSA_ADB_SHARED);
+    OPENLOCK(db, KRB5_DB_LOCKMODE_SHARED);
+
+    *cnt = 1;
 
     if(name == NULL) {
         ret = EINVAL;
@@ -239,7 +205,8 @@ osa_adb_get_policy(osa_adb_policy_t db, kadm5_policy_t name,
     dbdata.size = 0;
     switch((db->db->get(db->db, &dbkey, &dbdata, 0))) {
     case 1:
-        ret = OSA_ADB_NOENT;
+        ret = 0;
+        *cnt = 0;
         goto error;
     case 0:
        break;
@@ -289,7 +256,7 @@ error:
  *     [modifies]
  * 
  */
-osa_adb_ret_t
+krb5_error_code
 osa_adb_put_policy(osa_adb_policy_t db, osa_policy_ent_t entry)
 {
     DBT                        dbkey;
@@ -298,7 +265,7 @@ osa_adb_put_policy(osa_adb_policy_t db, osa_policy_ent_t entry)
     XDR                        xdrs;
     int                        ret;
 
-    OPENLOCK(db, OSA_ADB_EXCLUSIVE);
+    OPENLOCK(db, KRB5_DB_LOCKMODE_EXCLUSIVE);
     
     if(entry->name == NULL) {
         ret = EINVAL;
@@ -356,7 +323,7 @@ error:
  * Effects:
  * Modifies:
  */
-osa_adb_ret_t
+krb5_error_code
 osa_adb_iter_policy(osa_adb_policy_t db, osa_adb_iter_policy_func func,
                    void *data)
 {
@@ -367,7 +334,7 @@ osa_adb_iter_policy(osa_adb_policy_t db, osa_adb_iter_policy_func func,
     osa_policy_ent_t       entry;
     char                   *aligned_data;
 
-    OPENLOCK(db, OSA_ADB_EXCLUSIVE); /* hmmm */
+    OPENLOCK(db, KRB5_DB_LOCKMODE_EXCLUSIVE); /* hmmm */
 
     if((ret = db->db->seq(db->db, &dbkey, &dbdata, R_FIRST)) == -1) {
         ret = errno;
@@ -408,3 +375,15 @@ error:
     CLOSELOCK(db);
     return ret;
 }
+
+void
+osa_free_policy_ent(osa_policy_ent_t val)
+{
+  XDR xdrs;
+
+  xdrmem_create(&xdrs, NULL, 0, XDR_FREE);
+
+  xdr_osa_policy_ent_rec(&xdrs, val);
+
+  free(val);
+}
diff --git a/src/lib/kdb/kdb_db2/configure.in b/src/lib/kdb/kdb_db2/configure.in
new file mode 100644 (file)
index 0000000..dc002d8
--- /dev/null
@@ -0,0 +1,22 @@
+AC_INIT(configure.in)
+CONFIG_RULES
+AC_CHECK_HEADERS(unistd.h)
+AC_TYPE_MODE_T
+AC_TYPE_OFF_T
+
+AC_CHECK_FUNCS(srand48 srand srandom umask)
+
+dnl AIX is unusual in that it wants all symbols resolved at link time
+dnl  Fortunately, it will allow us to link the kdb library now, even if
+dnl it is linked again later.
+case $krb5_cv_host in
+*-*-aix*)
+       LIBS="$LIBS -ldb"
+       ;;
+esac
+KRB5_RUN_FLAGS
+dnl The following is for check...
+KRB5_BUILD_PROGRAM
+KRB5_BUILD_LIBOBJS
+KRB5_BUILD_LIBRARY_WITH_DEPS
+V5_AC_OUTPUT_MAKEFILE
diff --git a/src/lib/kdb/kdb_db2/db2_exp.c b/src/lib/kdb/kdb_db2/db2_exp.c
new file mode 100644 (file)
index 0000000..f511487
--- /dev/null
@@ -0,0 +1,64 @@
+/**********************************************************************
+*
+*      C %name:                db2_exp.c %
+*      Instance:               idc_sec_2
+*      Description:    
+*      %created_by:    spradeep %
+*      %date_created:  Tue Apr  5 11:44:00 2005 %
+*
+**********************************************************************/
+#ifndef lint
+static char *_csrc = "@(#) %filespec: db2_exp.c~5 %  (%full_filespec: db2_exp.c~5:csrc:idc_sec#2 %)";
+#endif
+
+#if HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+
+#include "k5-int.h"
+#include <db.h>
+#include <stdio.h>
+#include <errno.h>
+#include <utime.h>
+#include "../kdb5.h"
+#include "kdb_db2.h"
+#include "kdb_xdr.h"
+#include "policy_db.h"
+
+/*
+ *      Exposed API
+ */
+
+kdb_vftabl krb5_db_vftabl_kdb_db2 = {
+  1,                                      /* major version number 1 */
+  0,                                      /* minor version number 0 */
+  0,                                      /* TBD. Not sure whether thread safe. For now, its not */
+  /* init_library */                          krb5_db2_lib_init,
+  /* fini_library */                          krb5_db2_lib_cleanup,
+  /* init_module */                           krb5_db2_open,
+  /* fini_module */                           krb5_db2_db_fini,
+  /* db_create */                             krb5_db2_create,
+  /* db_destroy */                            krb5_db2_destroy,
+  /* db_get_age */                             krb5_db2_db_get_age,
+  /* db_set_option */                         krb5_db2_db_set_option,
+  /* db_lock */                                       krb5_db2_db_lock,
+  /* db_unlock */                             krb5_db2_db_unlock,
+  /* db_get_principal */                      krb5_db2_db_get_principal,
+  /* db_free_principal */                     krb5_db2_db_free_principal,
+  /* db_put_principal */                      krb5_db2_db_put_principal,
+  /* db_delete_principal */                   krb5_db2_db_delete_principal,
+  /* db_iterate */                            krb5_db2_db_iterate,
+  /* db_create_policy */                       krb5_db2_create_policy,
+  /* db_get_policy */                          krb5_db2_get_policy,
+  /* db_put_policy */                          krb5_db2_put_policy,
+  /* db_iter_policy */                         krb5_db2_iter_policy,
+  /* db_delete_policy */                       krb5_db2_delete_policy,
+  /* db_free_policy */                         krb5_db2_free_policy,
+  /* db_supported_realms */                   NULL,
+  /* db_free_supported_realms */              NULL,
+  /* errcode_2_string */                       NULL,
+  /* db_alloc */                               krb5_db2_alloc,
+  /* db_free */                                krb5_db2_free,
+  /* set_master_key */                        krb5_db2_set_master_key_ext,
+  /* get_master_key */                        krb5_db2_db_get_mkey
+};
similarity index 68%
rename from src/lib/kdb/kdb_db2.c
rename to src/lib/kdb/kdb_db2/kdb_db2.c
index bcd08a2fb9b8ae603499187d4344320255909958..2ac462e897b7147e99bb8c83686873907f1677c3 100644 (file)
 #include <stdio.h>
 #include <errno.h>
 #include <utime.h>
+#include "../kdb5.h"
+#include "kdb_db2.h"
+#include "kdb_xdr.h"
+#include "policy_db.h"
+
+#define KDB_DB2_DATABASE_NAME "database_name"
 
 #define OLD_COMPAT_VERSION_1
 
 
 static char *gen_dbsuffix 
        (char *, char * );
-static krb5_error_code krb5_db2_db_start_update 
+
+static krb5_error_code krb5_db2_db_start_update
        (krb5_context);
-static krb5_error_code krb5_db2_db_end_update 
+static krb5_error_code krb5_db2_db_end_update
        (krb5_context);
+
+krb5_error_code
+krb5_db2_db_set_name(krb5_context,char*);
+
+krb5_error_code krb5_db2_db_lock
+( krb5_context, int );
+
 static krb5_error_code krb5_db2_db_set_hashfirst
        (krb5_context, int);
 
 static char default_db_name[] = DEFAULT_KDB_FILE;
+krb5_set_err_func_t krb5_db2_dal_err_funcp = NULL;
 
 /*
  * Locking:
@@ -129,8 +144,39 @@ static char default_db_name[] = DEFAULT_KDB_FILE;
 /*
  * Routines to deal with context.
  */
-#define        k5db2_inited(c) (c && c->db_context &&  \
-                        ((krb5_db2_context *) c->db_context)->db_inited)
+#define        k5db2_inited(c) (c && c->db_context \
+                        && ((kdb5_dal_handle*)c->db_context)->db_context \
+                         && ((krb5_db2_context *) ((kdb5_dal_handle*)c->db_context)->db_context)->db_inited)
+
+
+static 
+krb5_error_code
+krb5_db2_get_db_opt( char *input, char **opt, char **val )
+{
+    char *pos = strchr(input, '=');
+    if( pos == NULL )
+    {
+       *opt = NULL;
+       *val = strdup(input);
+       if( *val == NULL )
+       {
+           return ENOMEM;
+       }
+    }
+    else
+    {
+       *opt = malloc( (pos - input) + 1 );
+       *val = strdup( pos + 1 );
+       if( !*opt  || !*val )
+       {
+           return ENOMEM;
+       }
+       memcpy( *opt, input, pos - input);
+       (*opt)[pos - input] = '\0';
+    }
+    return (0);
+
+}
 
 /*
  * Restore the default context.
@@ -155,25 +201,30 @@ k5db2_clear_context(dbctx)
     dbctx->db_nb_locks = FALSE;
 }
 
+
 static krb5_error_code
 k5db2_init_context(context)
     krb5_context context;
 {
     krb5_db2_context *db_ctx;
+    kdb5_dal_handle  *dal_handle;
+
+    dal_handle = (kdb5_dal_handle*) context->db_context;
 
-    if (context->db_context == NULL) {
+    if ( dal_handle->db_context == NULL) {
        db_ctx = (krb5_db2_context *) malloc(sizeof(krb5_db2_context));
        if (db_ctx == NULL)
            return ENOMEM;
        else {
            memset((char *) db_ctx, 0, sizeof(krb5_db2_context));
            k5db2_clear_context((krb5_db2_context *)db_ctx);
-           context->db_context = (void *) db_ctx;
+           dal_handle->db_context = (void *) db_ctx;
        }
     }
     return(0);
 }
 
+
 /*
  * Utility routine: generate name of database file.
  */
@@ -196,6 +247,7 @@ gen_dbsuffix(db_name, sfx)
     return dbsuffix;
 }
 
+
 static DB *
 k5db2_dbopen(dbc, fname, flags, mode)
     krb5_db2_context *dbc;
@@ -248,10 +300,12 @@ krb5_db2_db_set_hashfirst(context, hashfirst)
     int hashfirst;
 {
     krb5_db2_context *dbc;
+    kdb5_dal_handle *dal_handle;
 
     if (k5db2_inited(context))
        return KRB5_KDB_DBNOTINITED;
-    dbc = (krb5_db2_context *) context->db_context;
+    dal_handle = (kdb5_dal_handle*) context->db_context;
+    dbc = (krb5_db2_context *) dal_handle->db_context;
     dbc->hashfirst = hashfirst;
     return 0;
 }
@@ -267,6 +321,8 @@ krb5_db2_db_init(context)
     char *filename = NULL;
     krb5_db2_context *db_ctx;
     krb5_error_code retval;
+    kdb5_dal_handle  *dal_handle;
+    char policy_db_name[1024], policy_lock_name[1024];
 
     if (k5db2_inited(context))
        return 0;
@@ -275,7 +331,8 @@ krb5_db2_db_init(context)
     if ((retval = k5db2_init_context(context)))
        return(retval);
 
-    db_ctx = context->db_context;
+    dal_handle = (kdb5_dal_handle*) context->db_context;
+    db_ctx = dal_handle->db_context;
     db_ctx->db = NULL;
 
     if (!(filename = gen_dbsuffix(db_ctx->db_name, KDB2_LOCK_EXT)))
@@ -297,6 +354,14 @@ krb5_db2_db_init(context)
     if ((retval = krb5_db2_db_get_age(context, NULL, &db_ctx->db_lf_time))) 
        goto err_out;
 
+    sprintf( policy_db_name, "%s.kadm5", db_ctx->db_name );
+    sprintf( policy_lock_name, "%s.lock", policy_db_name );
+
+    if( (retval = osa_adb_init_db(&db_ctx->policy_db, policy_db_name,
+                                policy_lock_name, OSA_ADB_POLICY_DB_MAGIC)) )
+    {
+       goto err_out;
+    }
     return 0;
     
 err_out:
@@ -305,6 +370,7 @@ err_out:
     return (retval);
 }
 
+
 /*
  * gracefully shut down database--must be called by ANY program that does
  * a krb5_db2_db_init 
@@ -315,8 +381,15 @@ krb5_db2_db_fini(context)
 {
     krb5_error_code retval = 0;
     krb5_db2_context *db_ctx;
+    kdb5_dal_handle *dal_handle;
 
-    db_ctx = (krb5_db2_context *) context->db_context;
+    dal_handle = (kdb5_dal_handle*) context->db_context;
+    if( dal_handle == NULL )
+    {
+       return 0;
+    }
+
+    db_ctx = (krb5_db2_context *) dal_handle->db_context;
 
     if (k5db2_inited(context)) {
        if (close(db_ctx->db_lf_file))
@@ -325,13 +398,22 @@ krb5_db2_db_fini(context)
            retval = 0;
     }
     if (db_ctx) {
+       if( db_ctx->policy_db )
+       {
+           retval = osa_adb_fini_db(db_ctx->policy_db, OSA_ADB_POLICY_DB_MAGIC);
+           if( retval )
+               return retval;
+       }
+
        k5db2_clear_context(db_ctx);
-       free(context->db_context);
-       context->db_context = NULL;
+       /*      free(dal_handle->db_context); */
+       dal_handle->db_context = NULL;
     }
     return retval;
 }
 
+#if 0 // pradx
+
 krb5_error_code
 krb5_db2_db_open_database(context)
     krb5_context context;
@@ -350,6 +432,8 @@ krb5_db2_db_close_database(context)
     return 0;
 }
 
+#endif // 0 -pradx
+
 /*
  * Set/Get the master key associated with the database
  */
@@ -359,11 +443,13 @@ krb5_db2_db_set_mkey(context, key)
     krb5_keyblock *key;
 {
     krb5_db2_context *db_ctx;
+    kdb5_dal_handle *dal_handle;
 
     if (!k5db2_inited(context))
        return(KRB5_KDB_DBNOTINITED);
 
-    db_ctx = context->db_context;
+    dal_handle = (kdb5_dal_handle*) context->db_context;
+    db_ctx = dal_handle->db_context;
     db_ctx->db_master_key = key;
     return 0;
 }
@@ -374,11 +460,13 @@ krb5_db2_db_get_mkey(context, key)
     krb5_keyblock **key;
 {
     krb5_db2_context *db_ctx;
+    kdb5_dal_handle *dal_handle;
 
     if (!k5db2_inited(context))
        return(KRB5_KDB_DBNOTINITED);
 
-    db_ctx = context->db_context;
+    dal_handle = (kdb5_dal_handle*)context->db_context;
+    db_ctx = dal_handle->db_context;
     *key = db_ctx->db_master_key;
 
     return 0;
@@ -401,6 +489,7 @@ krb5_db2_db_set_name(context, name)
     DB *db;
     krb5_db2_context *db_ctx;
     krb5_error_code kret;
+    kdb5_dal_handle *dal_handle;
 
     if (k5db2_inited(context))
        return KRB5_KDB_DBINITED;
@@ -412,7 +501,8 @@ krb5_db2_db_set_name(context, name)
     if (name == NULL)
        name = default_db_name;
 
-    db_ctx = context->db_context;
+    dal_handle = (kdb5_dal_handle*)context->db_context;
+    db_ctx =  dal_handle->db_context;
     db = k5db2_dbopen(db_ctx, name, O_RDONLY, 0);
     if (db == NULL)
        return errno;
@@ -435,11 +525,14 @@ krb5_db2_db_get_age(context, db_name, age)
     time_t *age;
 {
     krb5_db2_context *db_ctx;
+    kdb5_dal_handle *dal_handle;
     struct stat st;
 
     if (!k5db2_inited(context))
        return(KRB5_KDB_DBNOTINITED);
-    db_ctx = (krb5_db2_context *) context->db_context;
+    dal_handle = (kdb5_dal_handle *) context->db_context;
+    db_ctx     = (krb5_db2_context *) dal_handle->db_context;
+
     if (fstat (db_ctx->db_lf_file, &st) < 0)
        *age = -1;
     else
@@ -468,6 +561,7 @@ krb5_db2_db_end_update(context)
 {
     krb5_error_code retval;
     krb5_db2_context *db_ctx;
+    kdb5_dal_handle *dal_handle;
     struct stat st;
     time_t now;
     struct utimbuf utbuf;
@@ -476,7 +570,8 @@ krb5_db2_db_end_update(context)
        return(KRB5_KDB_DBNOTINITED);
 
     retval = 0;
-    db_ctx = context->db_context;
+    dal_handle = (kdb5_dal_handle*) context->db_context;
+    db_ctx = dal_handle->db_context;
     now = time((time_t *) NULL);
     if (fstat(db_ctx->db_lf_file, &st) == 0) {
        if (st.st_mtime >= now) {
@@ -502,24 +597,43 @@ krb5_db2_db_end_update(context)
 }
 
 krb5_error_code
-krb5_db2_db_lock(context, mode)
+krb5_db2_db_lock(context, in_mode)
     krb5_context         context;
-    int                  mode;
+    int                  in_mode;
 {
     krb5_db2_context *db_ctx;
     int krb5_lock_mode;
     DB *db;
     krb5_error_code retval;
     time_t mod_time;
+    kdb5_dal_handle *dal_handle;
+    int mode = in_mode & ~KRB5_DB_LOCKMODE_PERMANENT; /* permanent is not available for principal db */
+
+    switch( in_mode )
+    {
+    case KRB5_DB_LOCKMODE_PERMANENT:
+       mode = KRB5_DB_LOCKMODE_EXCLUSIVE;
+       break;
+    case KRB5_DB_LOCKMODE_EXCLUSIVE:
+       mode = KRB5_LOCKMODE_EXCLUSIVE;
+       break;
+
+    case KRB5_DB_LOCKMODE_SHARED:
+       mode = KRB5_LOCKMODE_SHARED;
+       break;
+    default:
+       return EINVAL;
+    }
 
     if (!k5db2_inited(context))
        return KRB5_KDB_DBNOTINITED;
 
-    db_ctx = (krb5_db2_context *) context->db_context;
+    dal_handle = (kdb5_dal_handle*) context->db_context;
+    db_ctx = (krb5_db2_context *) dal_handle->db_context;
     if (db_ctx->db_locks_held && (db_ctx->db_lock_mode >= mode)) {
        /* No need to upgrade lock, just return */
        db_ctx->db_locks_held++;
-       return(0);
+       goto policy_lock;
     }
 
     if ((mode != KRB5_LOCKMODE_SHARED) && (mode != KRB5_LOCKMODE_EXCLUSIVE)) 
@@ -557,27 +671,42 @@ krb5_db2_db_lock(context, mode)
 
     db_ctx->db_lock_mode = mode;
     db_ctx->db_locks_held++;
-    return 0;
+
+ policy_lock:
+    if((retval=osa_adb_get_lock(db_ctx->policy_db, in_mode)))
+    {
+       krb5_db2_db_unlock(context);
+    }
+    return retval;
 
 lock_error:;
     db_ctx->db_lock_mode = 0;
     db_ctx->db_locks_held = 0;
-    (void) krb5_db2_db_unlock(context);
+    krb5_db2_db_unlock(context);
     return retval;
 }
 
+
 krb5_error_code
 krb5_db2_db_unlock(context)
     krb5_context context;
 {
     krb5_db2_context *db_ctx;
+    kdb5_dal_handle  *dal_handle;
     DB *db;
     krb5_error_code retval;
 
     if (!k5db2_inited(context))
        return KRB5_KDB_DBNOTINITED;
 
-    db_ctx = (krb5_db2_context *) context->db_context;
+    dal_handle = (kdb5_dal_handle*) context->db_context;
+    db_ctx = (krb5_db2_context *) dal_handle->db_context;
+
+    if( (retval = osa_adb_release_lock(db_ctx->policy_db)) )
+    {
+       return retval;
+    }
+
     if (!db_ctx->db_locks_held)                /* lock already unlocked */
        return KRB5_KDB_NOTLOCKED;
     db = db_ctx->db;
@@ -603,15 +732,18 @@ krb5_db2_db_create(context, db_name, flags)
     krb5_int32 flags;
 {
     register krb5_error_code retval = 0;
+    kdb5_dal_handle *dal_handle;
     char *okname;
     int fd;
     krb5_db2_context *db_ctx;
     DB *db;
+    char policy_db_name[1024], policy_lock_name[1024];
 
     if ((retval = k5db2_init_context(context)))
        return(retval);
 
-    db_ctx = (krb5_db2_context *) context->db_context;
+    dal_handle = (kdb5_dal_handle*) context->db_context;
+    db_ctx = (krb5_db2_context *) dal_handle->db_context;
     switch (flags) {
     case KRB5_KDB_CREATE_HASH:
        if ((retval = krb5_db2_db_set_hashfirst(context, TRUE)))
@@ -643,6 +775,14 @@ krb5_db2_db_create(context, db_name, flags)
            free_dbsuffix(okname);
        }
     }
+
+    sprintf( policy_db_name, "%s.kadm5", db_name );
+    sprintf( policy_lock_name, "%s.lock", policy_db_name );
+
+    retval = osa_adb_create_db( policy_db_name,
+                               policy_lock_name, OSA_ADB_POLICY_DB_MAGIC);
+    
+
     return retval;
 }
 
@@ -748,9 +888,10 @@ krb5_db2_db_destroy(context, dbname)
 {
     krb5_error_code retval1, retval2;
     krb5_boolean tmpcontext;
+    char policy_db_name[1024], policy_lock_name[1024];
 
     tmpcontext = 0;
-    if (!context->db_context) {
+    if ( !context->db_context || !((kdb5_dal_handle*)context->db_context)->db_context ) {
        tmpcontext = 1;
        if ((retval1 = k5db2_init_context(context)))
            return(retval1);
@@ -761,17 +902,25 @@ krb5_db2_db_destroy(context, dbname)
     retval2 = destroy_file_suffix(dbname, KDB2_LOCK_EXT);
 
     if (tmpcontext) {
-       k5db2_clear_context((krb5_db2_context *) context->db_context);
-       free(context->db_context);
-       context->db_context = NULL;
+       k5db2_clear_context((krb5_db2_context *) ((kdb5_dal_handle*)context->db_context)->db_context );
+       free(((kdb5_dal_handle*)context->db_context)->db_context);
+       ((kdb5_dal_handle*)context->db_context)->db_context = NULL;
     }
 
     if (retval1 || retval2)
        return (retval1 ? retval1 : retval2);
-    else
-       return 0;
+
+    sprintf( policy_db_name, "%s.kadm5", dbname );
+    sprintf( policy_lock_name, "%s.lock", policy_db_name );
+
+    retval1 = osa_adb_destroy_db( policy_db_name,
+                               policy_lock_name, OSA_ADB_POLICY_DB_MAGIC);
+    
+    return retval1;
 }
 
+#if 0 // -pradx
+
 /*
  * "Atomically" rename the database in a way that locks out read
  * access in the middle of the rename.
@@ -791,13 +940,15 @@ krb5_db2_db_rename(context, from, to)
     DB *db;
     char *fromok;
     krb5_error_code retval;
+    kdb5_dal_handle *dal_handle;
     krb5_db2_context *s_context, *db_ctx;
 
-    s_context = context->db_context;
-    context->db_context = NULL;
+    dal_handle = (kdb5_dal_handle*) context->db_context;
+    s_context = dal_handle->db_context;
+    dal_handle->db_context = NULL;
     if ((retval = k5db2_init_context(context)))
        return retval;
-    db_ctx = (krb5_db2_context *) context->db_context;
+    db_ctx = (krb5_db2_context *) ((kdb5_dal_handle*)context->db_context)->db_context;
 
     /*
      * Create the database if it does not already exist; the
@@ -860,21 +1011,23 @@ krb5_db2_db_rename(context, from, to)
 errfromok:
     free_dbsuffix(fromok);
 errout:
-    if (context->db_context) {
+    if ( ((kdb5_dal_handle*)context->db_context)->db_context ) {
        if (db_ctx->db_lf_file >= 0) {
            krb5_db2_db_unlock(context);
            close(db_ctx->db_lf_file);
        }
-       k5db2_clear_context((krb5_db2_context *) context->db_context);
-       free(context->db_context);
+       k5db2_clear_context((krb5_db2_context *) ((kdb5_dal_handle*)context->db_context)->db_context);
+       free(((kdb5_dal_handle*)context->db_context)->db_context);
     }
 
-    context->db_context = s_context;
+    ((kdb5_dal_handle*)context->db_context)->db_context = s_context;
     (void) krb5_db2_db_unlock(context);        /* unlock saved context db */
 
     return retval;
 }
 
+#endif // 0 - pradx
+
 /*
  * look up a principal in the data base.
  * returns number of entries found, and whether there were
@@ -894,7 +1047,8 @@ krb5_db2_db_get_principal(context, searchfor, entries, nentries, more)
     DB *db;
     DBT key, contents;
     krb5_data keydata, contdata;
-    int trynum, dbret;
+    int try, dbret;
+    kdb5_dal_handle *dal_handle;
 
     *more = FALSE;
     *nentries = 0;
@@ -902,8 +1056,10 @@ krb5_db2_db_get_principal(context, searchfor, entries, nentries, more)
     if (!k5db2_inited(context))
        return KRB5_KDB_DBNOTINITED;
 
-    db_ctx = (krb5_db2_context *) context->db_context;
-    for (trynum = 0; trynum < KRB5_DB2_MAX_RETRY; trynum++) {
+    dal_handle = (kdb5_dal_handle*) context->db_context;
+    db_ctx = (krb5_db2_context *) dal_handle->db_context;
+
+    for (try = 0; try < KRB5_DB2_MAX_RETRY; try++) {
        if ((retval = krb5_db2_db_lock(context, KRB5_LOCKMODE_SHARED))) {
            if (db_ctx->db_nb_locks) 
                return(retval);
@@ -912,7 +1068,7 @@ krb5_db2_db_get_principal(context, searchfor, entries, nentries, more)
        }
        break;
     }
-    if (trynum == KRB5_DB2_MAX_RETRY) 
+    if (try == KRB5_DB2_MAX_RETRY) 
        return KRB5_KDB_DB_INUSE;
 
     /* XXX deal with wildcard lookups */
@@ -950,7 +1106,7 @@ cleanup:
 /*
   Free stuff returned by krb5_db2_db_get_principal.
  */
-void
+krb5_error_code
 krb5_db2_db_free_principal(context, entries, nentries)
     krb5_context context;
     krb5_db_entry *entries;
@@ -959,7 +1115,7 @@ krb5_db2_db_free_principal(context, entries, nentries)
     register int i;
     for (i = 0; i < nentries; i++)
        krb5_dbe_free_contents(context, &entries[i]);
-    return;
+    return 0;
 }
 
 /*
@@ -973,10 +1129,11 @@ krb5_db2_db_free_principal(context, entries, nentries)
  */
 
 krb5_error_code
-krb5_db2_db_put_principal(context, entries, nentries)
+krb5_db2_db_put_principal(context, entries, nentries, db_args)
     krb5_context context;
     krb5_db_entry *entries;
     register int *nentries;            /* number of entry structs to update */
+    char **db_args;
 {
     int i, n, dbret;
     DB *db;
@@ -984,13 +1141,24 @@ krb5_db2_db_put_principal(context, entries, nentries)
     krb5_data contdata, keydata;
     krb5_error_code retval;
     krb5_db2_context *db_ctx;
+    kdb5_dal_handle *dal_handle;
+
+    if( db_args )
+    {
+       /* DB2 does not support db_args DB arguments for principal */
+       char buf[KRB5_MAX_ERR_STR];
+       sprintf(buf, "Unsupported argument \"%s\" for db2", db_args[0]);
+       krb5_db2_dal_err_funcp( context, krb5_err_have_str, EINVAL, buf);
+       return EINVAL;
+    }
 
     n = *nentries;
     *nentries = 0;
     if (!k5db2_inited(context))
        return KRB5_KDB_DBNOTINITED;
 
-    db_ctx = (krb5_db2_context *) context->db_context;
+    dal_handle = (kdb5_dal_handle*) context->db_context;
+    db_ctx = (krb5_db2_context *) dal_handle->db_context;
     if ((retval = krb5_db2_db_lock(context, KRB5_LOCKMODE_EXCLUSIVE)))
        return retval;
 
@@ -1048,11 +1216,13 @@ krb5_db2_db_delete_principal(context, searchfor, nentries)
     DBT key, contents;
     krb5_data keydata, contdata;
     int i, dbret;
+    kdb5_dal_handle *dal_handle;
 
     if (!k5db2_inited(context))
        return KRB5_KDB_DBNOTINITED;
 
-    db_ctx = (krb5_db2_context *) context->db_context;
+    dal_handle = (kdb5_dal_handle*) context->db_context;
+    db_ctx = (krb5_db2_context *) dal_handle->db_context;
     if ((retval = krb5_db2_db_lock(context, KRB5_LOCKMODE_EXCLUSIVE)))
        return(retval);
 
@@ -1131,6 +1301,7 @@ krb5_db2_db_iterate_ext(context, func, func_arg, backwards, recursive)
     krb5_data contdata;
     krb5_db_entry entries;
     krb5_error_code retval;
+    kdb5_dal_handle *dal_handle;
     int dbret;
     void *cookie;
 
@@ -1138,7 +1309,8 @@ krb5_db2_db_iterate_ext(context, func, func_arg, backwards, recursive)
     if (!k5db2_inited(context))
        return KRB5_KDB_DBNOTINITED;
 
-    db_ctx = (krb5_db2_context *) context->db_context;
+    dal_handle = (kdb5_dal_handle*) context->db_context;
+    db_ctx = (krb5_db2_context *) dal_handle->db_context;
     retval = krb5_db2_db_lock(context, KRB5_LOCKMODE_SHARED);
 
     if (retval)
@@ -1198,14 +1370,15 @@ krb5_db2_db_iterate_ext(context, func, func_arg, backwards, recursive)
 }
 
 krb5_error_code
-krb5_db2_db_iterate(context, func, func_arg)
-    krb5_context context;
-    krb5_error_code (*func) (krb5_pointer, krb5_db_entry *);
-    krb5_pointer func_arg;
+krb5_db2_db_iterate( krb5_context context,
+                    char        *match_expr,
+                    krb5_error_code (*func) (krb5_pointer, krb5_db_entry *),
+                    krb5_pointer func_arg )
 {
     return krb5_db2_db_iterate_ext(context, func, func_arg, 0, 0);
 }
 
+
 krb5_boolean
 krb5_db2_db_set_lockmode(context, mode)
     krb5_context context;
@@ -1213,15 +1386,18 @@ krb5_db2_db_set_lockmode(context, mode)
 {
     krb5_boolean old;
     krb5_db2_context *db_ctx;
+    kdb5_dal_handle *dal_handle;
 
+    dal_handle = (kdb5_dal_handle*) context->db_context;
     old = mode;
-    if ((db_ctx = (krb5_db2_context *) context->db_context)) {
+    if ( dal_handle && (db_ctx = (krb5_db2_context *) dal_handle->db_context)) {
        old = db_ctx->db_nb_locks;
        db_ctx->db_nb_locks = mode;
     }
     return old;
 }
 
+#if 0 // -pradx
 /*
  * Context serialization operations.
  *
@@ -1384,7 +1560,7 @@ kdb5_context_internalize(kcontext, argp, buffer, lenremain)
                    dbctx = (krb5_db2_context *) tmpctx->db_context;
                    (void) krb5_db2_db_set_lockmode(tmpctx, 0);
                    if (lockmode)
-                       kret = krb5_db_lock(tmpctx, lockmode);
+                       kret = krb5_db2_db_lock(tmpctx, lockmode);
                    if (!kret && lockmode)
                        dbctx->db_locks_held = lockcount;
                    nb_lock = nb_lockmode & 0xff;
@@ -1432,3 +1608,393 @@ krb5_ser_db_context_init(kcontext)
 {
     return(krb5_register_serializer(kcontext, &kdb5_context_ser_entry));
 }
+
+#endif // 0 - pradx
+
+/*
+ *     DAL API functions
+ */
+krb5_error_code krb5_db2_lib_init(krb5_set_err_func_t set_err)
+{
+    krb5_db2_dal_err_funcp = set_err;
+    return 0;
+}
+
+krb5_error_code krb5_db2_lib_cleanup()
+{
+    /* right now, no cleanup required */
+    return 0;
+}
+
+krb5_error_code krb5_db2_open( krb5_context kcontext,
+                              char *conf_section,
+                              char **db_args,
+                              int mode )
+{
+    krb5_error_code status  = 0;
+    char **t_ptr = db_args;
+    char db_name_set  = 0;
+
+    if (k5db2_inited(kcontext))
+       return 0;
+
+
+    while ( t_ptr && *t_ptr )
+    {
+       char *opt = NULL, *val = NULL;
+
+       krb5_db2_get_db_opt( *t_ptr, &opt, &val );
+       if( opt && !strcmp( opt, "dbname" ) )
+       {
+           status = krb5_db2_db_set_name( kcontext, val );
+           if( status )
+           {
+               free(opt);
+               free(val);
+               goto clean_n_exit;
+           }
+           db_name_set = 1;
+       } 
+       /* ignore hash argument. Might have been passed from create */
+       else if( !opt || strcmp( opt, "hash") )
+       {
+           char buf[KRB5_MAX_ERR_STR];
+           sprintf(buf, "Unsupported argument \"%s\" for db2", opt?opt:val);
+           krb5_db2_dal_err_funcp( kcontext, krb5_err_have_str, EINVAL, buf);
+           free(opt);
+           free(val);
+           return EINVAL;
+       }
+
+       free(opt);
+       free(val);
+       t_ptr++;
+    }
+
+    if( !db_name_set )
+    {
+       char *value = NULL;
+       status = profile_get_string( KRB5_DB_GET_PROFILE(kcontext), KDB_MODULE_SECTION,
+                                    conf_section, KDB_DB2_DATABASE_NAME,    /* under given conf section */
+                                    NULL, &value );
+
+
+       if( value == NULL )
+       {
+           /* special case for db2. We might actually be looking at old type config file where database is specified as part of realm */
+           status = profile_get_string( KRB5_DB_GET_PROFILE(kcontext), KDB_REALM_SECTION,
+                                        KRB5_DB_GET_REALM(kcontext), KDB_DB2_DATABASE_NAME,    /* under given realm */
+                                        default_db_name, &value );
+           if( status )
+           {
+               goto clean_n_exit;
+           }
+       }
+
+       status = krb5_db2_db_set_name( kcontext, value );
+       profile_release_string( value );
+       if( status )
+       {
+           goto clean_n_exit;
+       }
+       
+    }
+
+    status = krb5_db2_db_init( kcontext );
+
+ clean_n_exit:
+    return status;
+}
+
+
+krb5_error_code krb5_db2_create( krb5_context kcontext,
+                                char *conf_section,
+                                char **db_args )
+{
+    krb5_error_code status  = 0;
+    char **t_ptr = db_args;
+    char db_name_set  = 0;
+    krb5_int32 flags = KRB5_KDB_CREATE_BTREE;
+    char *db_name = NULL;
+
+    if (k5db2_inited(kcontext))
+       return 0;
+
+
+    while ( t_ptr && *t_ptr )
+    {
+       char *opt = NULL, *val = NULL;
+
+       krb5_db2_get_db_opt( *t_ptr, &opt, &val );
+       if( opt && !strcmp( opt, "dbname" ) )
+       {
+           db_name = strdup(val);
+           status = krb5_db2_db_set_name( kcontext, val );
+           if( !status )
+           {
+               status = EEXIST;
+               free(opt);
+               free(val);
+               goto clean_n_exit;
+           }
+           db_name_set = 1;
+       } 
+       /* ignore hash argument. Might have been passed from create */
+       else if( opt && !strcmp( opt, "hash") )
+       {
+           flags=KRB5_KDB_CREATE_HASH;
+       }
+       else
+       {
+           char buf[KRB5_MAX_ERR_STR];
+           sprintf(buf, "Unsupported argument \"%s\" for db2", opt?opt:val);
+           krb5_db2_dal_err_funcp( kcontext, krb5_err_have_str, EINVAL, buf);
+           free(opt);
+           free(val);
+           return EINVAL;
+       }
+
+       free(opt);
+       free(val);
+       t_ptr++;
+    }
+
+    if( !db_name_set )
+    {
+       char *value = NULL;
+       status = profile_get_string( KRB5_DB_GET_PROFILE(kcontext), KDB_MODULE_SECTION,
+                                    conf_section, KDB_DB2_DATABASE_NAME,    /* under given conf section */
+                                    NULL, &value );
+
+
+       if( value == NULL )
+       {
+           /* special case for db2. We might actually be looking at old type config file where database is specified as part of realm */
+           status = profile_get_string( KRB5_DB_GET_PROFILE(kcontext), KDB_REALM_SECTION,
+                                        KRB5_DB_GET_REALM(kcontext), KDB_DB2_DATABASE_NAME,    /* under given realm */
+                                        default_db_name, &value );
+           if( status )
+           {
+               goto clean_n_exit;
+           }
+       }
+
+       db_name = strdup( value );
+       status = krb5_db2_db_set_name( kcontext, value );
+       profile_release_string( value );
+       if( !status )
+       {
+           status = EEXIST;
+           goto clean_n_exit;
+       }
+       
+    }
+
+    status = krb5_db2_db_create( kcontext, db_name, flags );
+    if( status )
+       goto clean_n_exit;
+    /* db2 has a problem of needing to close and open the database again. This removes that need */
+    status = krb5_db2_db_fini(kcontext);
+    if( status )
+       goto clean_n_exit;
+
+    status = krb5_db2_open( kcontext, conf_section, db_args, KRB5_KDB_OPEN_RW );
+
+ clean_n_exit:
+    if( db_name )
+       free( db_name );
+    return status;
+}
+
+krb5_error_code krb5_db2_destroy( krb5_context kcontext,
+                                 char *conf_section,
+                                 char **db_args )
+{
+    krb5_error_code status  = 0;
+    char **t_ptr = db_args;
+    char db_name_set  = 0;
+    char *db_name = NULL;
+
+    while ( t_ptr && *t_ptr )
+    {
+       char *opt = NULL, *val = NULL;
+
+       krb5_db2_get_db_opt( *t_ptr, &opt, &val );
+       if( opt && !strcmp( opt, "dbname" ) )
+       {
+           db_name = strdup(val);
+           status = krb5_db2_db_set_name( kcontext, val );
+           if( status )
+           {
+               free(opt);
+               free(val);
+               goto clean_n_exit;
+           }
+           db_name_set = 1;
+       } 
+       /* ignore hash argument. Might have been passed from create */
+       else if( !opt || strcmp( opt, "hash") )
+       {
+           free(opt);
+           free(val);
+           return EINVAL;
+       }
+
+       free(opt);
+       free(val);
+       t_ptr++;
+    }
+
+    if( !db_name_set )
+    {
+       char *value = NULL;
+       status = profile_get_string( KRB5_DB_GET_PROFILE(kcontext), KDB_MODULE_SECTION,
+                                    conf_section, KDB_DB2_DATABASE_NAME,    /* under given conf section */
+                                    NULL, &value );
+
+
+       if( value == NULL )
+       {
+           /* special case for db2. We might actually be looking at old type config file where database is specified as part of realm */
+           status = profile_get_string( KRB5_DB_GET_PROFILE(kcontext), KDB_REALM_SECTION,
+                                        KRB5_DB_GET_REALM(kcontext), KDB_DB2_DATABASE_NAME,    /* under given realm */
+                                        default_db_name, &value );
+           if( status )
+           {
+               goto clean_n_exit;
+           }
+       }
+
+       db_name = strdup(value);
+       status = krb5_db2_db_set_name( kcontext, value );
+       profile_release_string( value );
+       if( status )
+       {
+           goto clean_n_exit;
+       }
+       
+    }
+
+    status = krb5_db2_db_destroy( kcontext, db_name );
+
+ clean_n_exit:
+    if( db_name )
+       free(db_name);
+    return status;
+}
+
+krb5_error_code krb5_db2_set_master_key_ext ( krb5_context kcontext, 
+                                             char *pwd, 
+                                             krb5_keyblock *key)
+{
+  return krb5_db2_db_set_mkey( kcontext, key );
+}
+
+krb5_error_code krb5_db2_db_set_option ( krb5_context kcontext, int option, void *value )
+{
+  krb5_error_code status = 0;
+  krb5_boolean oldval;
+
+  switch(option)
+    {
+    case KRB5_KDB_OPT_SET_DB_NAME:
+      status = krb5_db2_db_set_name( kcontext, (char *)value);
+      break;
+
+    case KRB5_KDB_OPT_SET_LOCK_MODE:
+       oldval = krb5_db2_db_set_lockmode( kcontext, *((krb5_boolean*)value) );
+           *((krb5_boolean*)value) = oldval; 
+       break;
+
+    default:
+      status = -1;             /* TBD */
+      break;
+    }
+
+  return status;
+}
+
+void * krb5_db2_alloc( krb5_context kcontext,  void *ptr, size_t size )
+{
+    return realloc(ptr, size);
+}
+
+void krb5_db2_free( krb5_context kcontext, void *ptr )
+{
+    free(ptr);
+}
+
+
+/* policy functions */
+krb5_error_code krb5_db2_create_policy( krb5_context kcontext,
+                                       osa_policy_ent_t policy )
+{
+    kdb5_dal_handle *dal_handle;
+    krb5_db2_context *dbc;
+
+    dal_handle = (kdb5_dal_handle*) kcontext->db_context;
+    dbc        = (krb5_db2_context*) dal_handle->db_context;
+
+    return osa_adb_create_policy( dbc->policy_db, policy );
+}
+
+krb5_error_code krb5_db2_get_policy ( krb5_context kcontext,
+                                     char *name,
+                                     osa_policy_ent_t *policy,
+                                     int *cnt)
+{
+    kdb5_dal_handle *dal_handle;
+    krb5_db2_context *dbc;
+
+    dal_handle = (kdb5_dal_handle*) kcontext->db_context;
+    dbc        = (krb5_db2_context*) dal_handle->db_context;
+
+    return osa_adb_get_policy( dbc->policy_db, name, policy, cnt );
+}
+
+krb5_error_code krb5_db2_put_policy ( krb5_context kcontext,
+                                     osa_policy_ent_t policy )
+{
+    kdb5_dal_handle *dal_handle;
+    krb5_db2_context *dbc;
+
+    dal_handle = (kdb5_dal_handle*) kcontext->db_context;
+    dbc        = (krb5_db2_context*) dal_handle->db_context;
+
+    return osa_adb_put_policy( dbc->policy_db, policy );
+}
+
+krb5_error_code krb5_db2_iter_policy ( krb5_context kcontext,
+                                      char *match_entry,
+                                      osa_adb_iter_policy_func func,
+                                      void *data )
+{
+    kdb5_dal_handle *dal_handle;
+    krb5_db2_context *dbc;
+
+    dal_handle = (kdb5_dal_handle*) kcontext->db_context;
+    dbc        = (krb5_db2_context*) dal_handle->db_context;
+
+    return osa_adb_iter_policy( dbc->policy_db, func, data );
+}
+
+
+krb5_error_code krb5_db2_delete_policy ( krb5_context kcontext,
+                                        char *policy )
+{
+    kdb5_dal_handle *dal_handle;
+    krb5_db2_context *dbc;
+
+    dal_handle = (kdb5_dal_handle*) kcontext->db_context;
+    dbc        = (krb5_db2_context*) dal_handle->db_context;
+
+    return osa_adb_destroy_policy( dbc->policy_db, policy );
+}
+
+
+void krb5_db2_free_policy( krb5_context kcontext,
+                          osa_policy_ent_t entry )
+{
+    osa_free_policy_ent(entry);
+}
+
similarity index 58%
rename from src/lib/kdb/kdb_db2.h
rename to src/lib/kdb/kdb_db2/kdb_db2.h
index 80f9495964208a091ab21b4ac138dc1c835e0f32..ba03ea36f3247c4bdd976f4125c0709e6d401795 100644 (file)
  * KDC Database backend definitions for Berkely DB.
  */
 #ifndef KRB5_KDB_DB2_H
+#define KRB5_KDB_DB2_H
 
-/* renaming kludge */
-#define krb5_db2_db_set_name           krb5_db_set_name
-#define krb5_db2_db_set_nonblocking    krb5_db_set_nonblocking
-#define krb5_db2_db_init               krb5_db_init
-#define krb5_db2_db_fini               krb5_db_fini
-#define krb5_db2_db_get_age            krb5_db_get_age
-#define krb5_db2_db_create             krb5_db_create
-#define krb5_db2_db_destroy            krb5_db_destroy
-#define krb5_db2_db_rename             krb5_db_rename
-#define krb5_db2_db_get_principal      krb5_db_get_principal
-#define krb5_db2_db_free_principal     krb5_db_free_principal
-#define krb5_db2_db_put_principal      krb5_db_put_principal
-#define krb5_db2_db_delete_principal   krb5_db_delete_principal
-#define krb5_db2_db_iterate_ext                krb5_db_iterate_ext
-#define krb5_db2_db_iterate            krb5_db_iterate
-#define krb5_db2_db_lock               krb5_db_lock
-#define krb5_db2_db_unlock             krb5_db_unlock
-#define krb5_db2_db_set_lockmode       krb5_db_set_lockmode
-#define krb5_db2_db_close_database     krb5_db_close_database
-#define krb5_db2_db_open_database      krb5_db_open_database
-#define krb5_db2_db_set_mkey           krb5_db_set_mkey
-#define krb5_db2_db_get_mkey           krb5_db_get_mkey
+#include "policy_db.h"
 
 typedef struct _krb5_db2_context {
     krb5_boolean        db_inited;      /* Context initialized          */
@@ -63,6 +43,7 @@ typedef struct _krb5_db2_context {
     int                 db_lock_mode;   /* Last lock mode, e.g. greatest*/
     krb5_boolean        db_nb_locks;    /* [Non]Blocking lock modes     */
     krb5_keyblock      *db_master_key;  /* Master key of database       */
+    osa_adb_policy_t    policy_db;
 } krb5_db2_context;
 
 #define KRB5_DB2_MAX_RETRY 5
@@ -97,21 +78,23 @@ krb5_error_code krb5_db2_db_get_principal
                   krb5_db_entry *,
                   int *,
                   krb5_boolean * );
-void krb5_db2_db_free_principal 
+krb5_error_code krb5_db2_db_free_principal 
        (krb5_context,
                   krb5_db_entry *,
                   int );
 krb5_error_code krb5_db2_db_put_principal 
        (krb5_context,
-                  krb5_db_entry *,
-                  int * );
+        krb5_db_entry *,
+        int *,
+        char **db_args
+        );
 krb5_error_code krb5_db2_db_iterate_ext
        (krb5_context,
                   krb5_error_code (*) (krb5_pointer,
                                                  krb5_db_entry *),
                   krb5_pointer, int, int );
 krb5_error_code krb5_db2_db_iterate
-       (krb5_context,
+(krb5_context,char *,
                   krb5_error_code (*) (krb5_pointer,
                                                  krb5_db_entry *),
                   krb5_pointer );
@@ -127,4 +110,107 @@ krb5_error_code krb5_db2_db_open_database
 krb5_error_code krb5_db2_db_close_database 
        (krb5_context);
 
+krb5_error_code 
+krb5_db2_set_master_key_ext ( krb5_context kcontext, 
+                             char *pwd, 
+                             krb5_keyblock *key);
+
+krb5_error_code
+krb5_db2_db_set_mkey( krb5_context context,
+                     krb5_keyblock *key);
+
+krb5_error_code
+krb5_db2_db_get_mkey( krb5_context context,
+                     krb5_keyblock **key);
+
+krb5_error_code
+krb5_db2_db_put_principal( krb5_context context,
+                          krb5_db_entry *entries,
+                          register int *nentries,
+                          char **db_args);
+
+krb5_error_code
+krb5_db2_db_delete_principal(krb5_context context,
+                            krb5_const_principal searchfor,
+                            int *nentries);
+
+krb5_error_code krb5_db2_lib_init(krb5_set_err_func_t);
+
+krb5_error_code krb5_db2_lib_cleanup(void);
+
+krb5_error_code 
+krb5_db2_db_unlock(krb5_context);
+
+krb5_error_code 
+krb5_db2_db_set_option ( krb5_context kcontext, 
+                        int option, 
+                        void *value );
+
+krb5_error_code
+krb5_db2_db_lock( krb5_context           context,
+                 int             in_mode);
+
+
+krb5_error_code 
+krb5_db2_open( krb5_context kcontext,
+                              char *conf_section,
+                              char **db_args,
+                              int mode );
+
+krb5_error_code krb5_db2_create( krb5_context kcontext,
+                                char *conf_section,
+                                char **db_args );
+
+krb5_error_code krb5_db2_destroy( krb5_context kcontext,
+                                 char *conf_section,
+                                 char **db_args );
+
+const char * krb5_db2_err2str( krb5_context kcontext,
+                              long err_code );
+
+void * 
+krb5_db2_alloc( krb5_context kcontext,  
+               void *ptr, 
+               size_t size );
+
+void 
+krb5_db2_free( krb5_context kcontext, 
+                   void *ptr );
+
+
+
+
+
+/* policy management functions */
+krb5_error_code
+krb5_db2_create_policy(krb5_context context, osa_policy_ent_t entry);
+
+krb5_error_code krb5_db2_get_policy ( krb5_context kcontext,
+                                     char *name,
+                                     osa_policy_ent_t *policy,
+                                     int *cnt);
+
+krb5_error_code krb5_db2_get_policy ( krb5_context kcontext,
+                                     char *name,
+                                     osa_policy_ent_t *policy,
+                                     int *cnt);
+
+krb5_error_code krb5_db2_put_policy ( krb5_context kcontext,
+                                     osa_policy_ent_t policy );
+
+krb5_error_code krb5_db2_iter_policy ( krb5_context kcontext,
+                                      char *match_entry,
+                                      osa_adb_iter_policy_func func,
+                                      void *data );
+
+krb5_error_code krb5_db2_delete_policy ( krb5_context kcontext,
+                                        char *policy );
+
+void krb5_db2_free_policy( krb5_context kcontext,
+                          osa_policy_ent_t entry );
+
+
+
+extern krb5_set_err_func_t krb5_db2_dal_err_funcp;
+
 #endif /* KRB5_KDB_DB2_H */
similarity index 99%
rename from src/lib/kdb/kdb_xdr.c
rename to src/lib/kdb/kdb_db2/kdb_xdr.c
index fb0a41ea4afc7f63f2965e5caed080fa1d977f1d..a5332ea6db7978640a3422b3f67fcd22967164e8 100644 (file)
@@ -29,6 +29,7 @@
 #include <string.h>
 #include <stdio.h>
 #include <errno.h>
+#include "kdb_xdr.h"
 
 #define safe_realloc(p,n) ((p)?(realloc(p,n)):(malloc(n)))
 
@@ -768,6 +769,7 @@ krb5_dbe_search_enctype(kcontext, dbentp, start, ktype, stype, kvno, kdatap)
            if ((ret = krb5_c_enctype_compare(kcontext, (krb5_enctype) ktype,
                                              dbentp->key_data[i].key_data_type[0],
                                              &similar)))
+
                return(ret);
        }
 
diff --git a/src/lib/kdb/kdb_db2/kdb_xdr.h b/src/lib/kdb/kdb_db2/kdb_xdr.h
new file mode 100644 (file)
index 0000000..2ee068f
--- /dev/null
@@ -0,0 +1,32 @@
+#ifndef _KDB2_XDR_H
+#define _KDB2_XDR_H
+
+krb5_error_code
+krb5_encode_princ_dbkey( krb5_context context,
+                        krb5_data  *key,
+                        krb5_const_principal principal);
+
+krb5_error_code
+krb5_decode_princ_contents( krb5_context         context,
+                           krb5_data           * content,
+                           krb5_db_entry       * entry);
+
+void
+krb5_dbe_free_contents( krb5_context     context,
+                       krb5_db_entry   * entry);
+
+krb5_error_code
+krb5_encode_princ_contents( krb5_context         context,
+                           krb5_data           * content,
+                           krb5_db_entry       * entry);
+
+
+void
+krb5_free_princ_dbkey( krb5_context context,
+                      krb5_data  *key);
+
+void
+krb5_free_princ_contents( krb5_context context,
+                         krb5_data *contents);
+
+#endif
diff --git a/src/lib/kdb/kdb_db2/libkdb_db2.exports b/src/lib/kdb/kdb_db2/libkdb_db2.exports
new file mode 100644 (file)
index 0000000..b6902eb
--- /dev/null
@@ -0,0 +1 @@
+krb5_db_vftabl_kdb_db2
diff --git a/src/lib/kdb/kdb_db2/pol_xdr.c b/src/lib/kdb/kdb_db2/pol_xdr.c
new file mode 100644 (file)
index 0000000..3776108
--- /dev/null
@@ -0,0 +1,88 @@
+#include <sys/types.h>
+#include <krb5.h>
+#include <gssrpc/rpc.h>
+#include <krb5/kdb.h>
+#include "policy_db.h"
+#ifdef HAVE_MEMORY_H
+#include <memory.h>
+#endif
+
+bool_t xdr_nullstring(XDR *xdrs, char **objp)
+{
+     u_int size;
+                                                                                                                            
+     if (xdrs->x_op == XDR_ENCODE) {
+          if (*objp == NULL)
+               size = 0;
+          else
+               size = strlen(*objp) + 1;
+     }
+     if (! xdr_u_int(xdrs, &size)) {
+          return FALSE;
+        }
+     switch (xdrs->x_op) {
+     case XDR_DECODE:
+          if (size == 0) {
+               *objp = NULL;
+               return TRUE;
+          } else if (*objp == NULL) {
+               *objp = (char *) mem_alloc(size);
+               if (*objp == NULL) {
+                    errno = ENOMEM;
+                    return FALSE;
+               }
+          }
+          return (xdr_opaque(xdrs, *objp, size));
+                                                                                                                            
+     case XDR_ENCODE:
+          if (size != 0)
+               return (xdr_opaque(xdrs, *objp, size));
+          return TRUE;
+                                                                                                                            
+     case XDR_FREE:
+          if (*objp != NULL)
+               mem_free(*objp, size);
+          *objp = NULL;
+          return TRUE;
+     }
+                                                                                                                            
+     return FALSE;
+}
+                                                                                                                            
+
+
+bool_t
+xdr_osa_policy_ent_rec(XDR *xdrs, osa_policy_ent_t objp)
+{
+    switch (xdrs->x_op) {
+    case XDR_ENCODE:
+        objp->version = OSA_ADB_POLICY_VERSION_1;
+        /* fall through */
+    case XDR_FREE:
+        if (!xdr_int(xdrs, &objp->version))
+             return FALSE;
+        break;
+    case XDR_DECODE:
+        if (!xdr_int(xdrs, &objp->version))
+             return FALSE;
+        if (objp->version != OSA_ADB_POLICY_VERSION_1)
+             return FALSE;
+        break;
+    }
+    
+    if(!xdr_nullstring(xdrs, &objp->name))
+       return (FALSE);
+    if (!xdr_u_int32(xdrs, &objp->pw_min_life))
+       return (FALSE);
+    if (!xdr_u_int32(xdrs, &objp->pw_max_life))
+       return (FALSE);
+    if (!xdr_u_int32(xdrs, &objp->pw_min_length))
+       return (FALSE);
+    if (!xdr_u_int32(xdrs, &objp->pw_min_classes))
+       return (FALSE);
+    if (!xdr_u_int32(xdrs, &objp->pw_history_num))
+       return (FALSE);
+    if (!xdr_u_int32(xdrs, &objp->policy_refcnt))
+       return (FALSE);
+    return (TRUE);
+}
diff --git a/src/lib/kdb/kdb_db2/policy_db.h b/src/lib/kdb/kdb_db2/policy_db.h
new file mode 100644 (file)
index 0000000..772b24d
--- /dev/null
@@ -0,0 +1,87 @@
+/*
+ * Data Types for policy and principal information that
+ * exists in the respective databases.
+ *
+ * $Header$
+ *
+ * This file was originally created with rpcgen.
+ * It has been hacked up since then.
+ */
+
+#ifndef __ADB_H__
+#define __ADB_H__
+#include <sys/types.h>
+#include "k5-int.h"
+#include <krb5/kdb.h>
+#include <db.h>
+#include <gssrpc/types.h>
+#include <gssrpc/xdr.h>
+#include "adb_err.h"
+#include <com_err.h>
+
+typedef        long            osa_adb_ret_t;
+
+#define OSA_ADB_POLICY_DB_MAGIC        0x12345A00
+
+#define OSA_ADB_POLICY_VERSION_MASK    0x12345D00
+#define OSA_ADB_POLICY_VERSION_1       0x12345D01
+
+
+
+typedef struct _osa_adb_db_lock_ent_t {
+     FILE     *lockfile;
+     char     *filename;
+     int      refcnt, lockmode, lockcnt;
+     krb5_context context;
+} osa_adb_lock_ent, *osa_adb_lock_t;
+
+typedef struct _osa_adb_db_ent_t {
+     int        magic;
+     DB         *db;
+     HASHINFO   info;
+     BTREEINFO  btinfo;
+     char       *filename;
+     osa_adb_lock_t lock;
+     int        opencnt;
+} osa_adb_db_ent, *osa_adb_db_t, *osa_adb_princ_t, *osa_adb_policy_t;
+
+/*
+ * Return Code (the rest are in adb_err.h)
+ */
+#define OSA_ADB_OK             0
+
+/*
+ * Functions
+ */
+
+krb5_error_code        osa_adb_create_db(char *filename, char *lockfile, int magic);
+krb5_error_code        osa_adb_destroy_db(char *filename, char *lockfile, int magic);
+krb5_error_code   osa_adb_rename_db(char *filefrom, char *lockfrom,
+                                 char *fileto, char *lockto, int magic);
+krb5_error_code        osa_adb_init_db(osa_adb_db_t *dbp, char *filename,
+                               char *lockfile, int magic);
+krb5_error_code        osa_adb_fini_db(osa_adb_db_t db, int magic);
+krb5_error_code        osa_adb_get_lock(osa_adb_db_t db, int mode);
+krb5_error_code        osa_adb_release_lock(osa_adb_db_t db);
+krb5_error_code osa_adb_open_and_lock(osa_adb_princ_t db, int locktype);
+krb5_error_code osa_adb_close_and_unlock(osa_adb_princ_t db);
+krb5_error_code        osa_adb_close_policy(osa_adb_policy_t db);
+krb5_error_code        osa_adb_create_policy(osa_adb_policy_t db,
+                                     osa_policy_ent_t entry);
+krb5_error_code        osa_adb_destroy_policy(osa_adb_policy_t db,
+                                      char * name);
+krb5_error_code        osa_adb_get_policy(osa_adb_policy_t db,
+                                  char * name,
+                                  osa_policy_ent_t *entry,
+                                  int *cnt);
+krb5_error_code        osa_adb_put_policy(osa_adb_policy_t db,
+                                  osa_policy_ent_t entry);
+krb5_error_code        osa_adb_iter_policy(osa_adb_policy_t db,
+                                   osa_adb_iter_policy_func func,
+                                   void * data);
+void           osa_free_policy_ent(osa_policy_ent_t val);
+
+bool_t  xdr_osa_policy_ent_rec(XDR *xdrs, osa_policy_ent_t objp);
+
+#endif /* __ADB_H__ */
diff --git a/src/lib/kdb/kdb_default.c b/src/lib/kdb/kdb_default.c
new file mode 100644 (file)
index 0000000..07d1cef
--- /dev/null
@@ -0,0 +1,329 @@
+/*
+ * lib/kdb/kdb_helper.c
+ *
+ * Copyright 1995 by the Massachusetts Institute of Technology. 
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ * 
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ * 
+ */
+
+#include "k5-int.h"
+#include <string.h>
+#include <stdio.h>
+#include <errno.h>
+
+
+/*
+ * Given a particular enctype and optional salttype and kvno, find the
+ * most appropriate krb5_key_data entry of the database entry.
+ *
+ * If stype or kvno is negative, it is ignored.
+ * If kvno is 0 get the key which is maxkvno for the princ and matches
+ * the other attributes.
+ */
+krb5_error_code
+krb5_dbe_def_search_enctype(kcontext, dbentp, start, ktype, stype, kvno, kdatap)
+    krb5_context       kcontext;
+    krb5_db_entry      *dbentp;
+    krb5_int32         *start;
+    krb5_int32         ktype;
+    krb5_int32         stype;
+    krb5_int32         kvno;
+    krb5_key_data      **kdatap;
+{
+    int                        i, idx;
+    int                        maxkvno;
+    krb5_key_data      *datap;
+    krb5_error_code    ret;
+
+    ret = 0;
+    if (kvno == -1 && stype == -1 && ktype == -1)
+       kvno = 0;
+
+    if (kvno == 0) { 
+       /* Get the max key version */
+       for (i = 0; i < dbentp->n_key_data; i++) {
+           if (kvno < dbentp->key_data[i].key_data_kvno) { 
+               kvno = dbentp->key_data[i].key_data_kvno;
+           }
+       }
+    }
+
+    maxkvno = -1;
+    datap = (krb5_key_data *) NULL;
+    for (i = *start; i < dbentp->n_key_data; i++) {
+        krb5_boolean    similar;
+        krb5_int32      db_stype;
+
+       ret = 0;
+       if (dbentp->key_data[i].key_data_ver > 1) {
+           db_stype = dbentp->key_data[i].key_data_type[1];
+       } else {
+           db_stype = KRB5_KDB_SALTTYPE_NORMAL;
+       }
+
+       /*
+        * Filter out non-permitted enctypes.
+        */
+       if (!krb5_is_permitted_enctype(kcontext,
+                                      dbentp->key_data[i].key_data_type[0])) {
+           ret = KRB5_KDB_NO_PERMITTED_KEY;
+           continue;
+       }
+       
+
+       if (ktype > 0) {
+           if ((ret = krb5_c_enctype_compare(kcontext, (krb5_enctype) ktype,
+                                             dbentp->key_data[i].key_data_type[0],
+                                             &similar)))
+
+               return(ret);
+       }
+
+       if (((ktype <= 0) || similar) &&
+           ((db_stype == stype) || (stype < 0))) {
+           if (kvno >= 0) {
+               if (kvno == dbentp->key_data[i].key_data_kvno) {
+                   datap = &dbentp->key_data[i];
+                   idx = i;
+                   maxkvno = kvno;
+                   break;
+               }
+           } else {
+               if (dbentp->key_data[i].key_data_kvno > maxkvno) {
+                   maxkvno = dbentp->key_data[i].key_data_kvno;
+                   datap = &dbentp->key_data[i];
+                   idx = i;
+               }
+           }
+       }
+    }
+    if (maxkvno < 0)
+       return ret ? ret : KRB5_KDB_NO_MATCHING_KEY;
+    *kdatap = datap;
+    *start = idx+1;
+    return 0;
+}
+    
+/*
+ *  kdb default functions. Ideally, some other file should have this functions. For now, TBD.
+ */
+#ifndef min
+#define min(a,b) (((a) < (b)) ? (a) : (b))
+#endif
+
+krb5_error_code
+krb5_def_store_mkey(context, keyfile, mname, key, master_pwd)
+    krb5_context context;
+    char *keyfile;
+    krb5_principal mname;
+    krb5_keyblock *key;
+    char *master_pwd;
+{
+    FILE *kf;
+    krb5_error_code retval = 0;
+    krb5_ui_2 enctype;
+    char defkeyfile[MAXPATHLEN+1];
+    krb5_data *realm = krb5_princ_realm(context, mname);
+#if HAVE_UMASK
+    mode_t oumask;
+#endif
+
+    if (!keyfile) {
+       (void) strcpy(defkeyfile, DEFAULT_KEYFILE_STUB);
+       (void) strncat(defkeyfile, realm->data,
+                      min(sizeof(defkeyfile)-sizeof(DEFAULT_KEYFILE_STUB)-1,
+                          realm->length));
+       defkeyfile[sizeof(defkeyfile) - 1] = '\0';
+       keyfile = defkeyfile;
+    }
+
+#if HAVE_UMASK
+    oumask = umask(077);
+#endif
+#ifdef ANSI_STDIO
+    if (!(kf = fopen(keyfile, "wb")))
+#else
+    if (!(kf = fopen(keyfile, "w")))
+#endif
+    {
+#if HAVE_UMASK
+       (void) umask(oumask);
+#endif
+       return errno;
+    }
+    enctype = key->enctype;
+    if ((fwrite((krb5_pointer) &enctype,
+               2, 1, kf) != 1) ||
+       (fwrite((krb5_pointer) &key->length,
+               sizeof(key->length), 1, kf) != 1) ||
+       (fwrite((krb5_pointer) key->contents,
+               sizeof(key->contents[0]), (unsigned) key->length, 
+               kf) != key->length)) {
+       retval = errno;
+       (void) fclose(kf);
+    }
+    if (fclose(kf) == EOF)
+       retval = errno;
+#if HAVE_UMASK
+    (void) umask(oumask);
+#endif
+    return retval;
+}
+
+
+krb5_error_code
+krb5_db_def_fetch_mkey( krb5_context   context,
+                       krb5_principal mname,
+                       krb5_keyblock *key,
+                       int           *kvno,
+                       char          *db_args)
+{
+    krb5_error_code retval;
+    krb5_ui_2 enctype;
+    char defkeyfile[MAXPATHLEN+1];
+    krb5_data *realm = krb5_princ_realm(context, mname);
+    FILE *kf = NULL;
+
+    retval = 0;
+    key->magic = KV5M_KEYBLOCK;
+    (void) strcpy(defkeyfile, DEFAULT_KEYFILE_STUB);
+    (void) strncat(defkeyfile, realm->data,
+                  min(sizeof(defkeyfile)-sizeof(DEFAULT_KEYFILE_STUB)-1,
+                      realm->length));
+    defkeyfile[sizeof(defkeyfile) - 1] = '\0';
+       
+#ifdef ANSI_STDIO
+    if (!(kf = fopen((db_args) ? db_args : defkeyfile, "rb")))
+#else
+    if (!(kf = fopen((db_args) ? db_args : defkeyfile, "r")))
+#endif
+       return KRB5_KDB_CANTREAD_STORED;
+
+    if (fread((krb5_pointer) &enctype, 2, 1, kf) != 1) {
+       retval = KRB5_KDB_CANTREAD_STORED;
+       goto errout;
+    }
+
+    if (key->enctype == ENCTYPE_UNKNOWN)
+       key->enctype = enctype;
+    else if (enctype != key->enctype) {
+       retval = KRB5_KDB_BADSTORED_MKEY;
+       goto errout;
+    }
+
+    if (fread((krb5_pointer) &key->length,
+             sizeof(key->length), 1, kf) != 1) {
+       retval = KRB5_KDB_CANTREAD_STORED;
+       goto errout;
+    }
+
+    if (!key->length || ((int) key->length) < 0) {
+       retval = KRB5_KDB_BADSTORED_MKEY;
+       goto errout;
+    }
+       
+    if (!(key->contents = (krb5_octet *)malloc(key->length))) {
+       retval = ENOMEM;
+       goto errout;
+    }
+
+    if (fread((krb5_pointer) key->contents,
+             sizeof(key->contents[0]), key->length, kf) 
+       != key->length) {
+       retval = KRB5_KDB_CANTREAD_STORED;
+       memset(key->contents, 0,  key->length);
+       free(key->contents);
+       key->contents = 0;
+    } else
+       retval = 0;
+
+    *kvno = 0;
+
+ errout:
+    (void) fclose(kf);
+    return retval;
+
+}
+
+
+krb5_error_code
+krb5_def_verify_master_key(context, mprinc, mkey)
+    krb5_context context;
+    krb5_principal mprinc;
+    krb5_keyblock *mkey;
+{
+    krb5_error_code retval;
+    krb5_db_entry master_entry;
+    int nprinc;
+    krb5_boolean more;
+    krb5_keyblock tempkey;
+
+    nprinc = 1;
+    if ((retval = krb5_db_get_principal(context, mprinc,
+                                       &master_entry, &nprinc, &more)))
+       return(retval);
+       
+    if (nprinc != 1) {
+       if (nprinc)
+           krb5_db_free_principal(context, &master_entry, nprinc);
+       return(KRB5_KDB_NOMASTERKEY);
+    } else if (more) {
+       krb5_db_free_principal(context, &master_entry, nprinc);
+       return(KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE);
+    }  
+
+    if ((retval = krb5_dbekd_decrypt_key_data(context, mkey, 
+                                             &master_entry.key_data[0],
+                                             &tempkey, NULL))) {
+       krb5_db_free_principal(context, &master_entry, nprinc);
+       return retval;
+    }
+
+    if (mkey->length != tempkey.length ||
+       memcmp((char *)mkey->contents,
+              (char *)tempkey.contents,mkey->length)) {
+       retval = KRB5_KDB_BADMASTERKEY;
+    }
+
+    memset((char *)tempkey.contents, 0, tempkey.length);
+    krb5_xfree(tempkey.contents);
+    krb5_db_free_principal(context, &master_entry, nprinc);
+    
+    return retval;
+}
+
+
+krb5_error_code kdb_def_set_mkey ( krb5_context kcontext,
+                                  char *pwd,
+                                  krb5_keyblock *key )
+{
+    printf("default set master key\n");
+    return 0;
+}
+
+krb5_error_code kdb_def_get_mkey ( krb5_context kcontext,
+                                  krb5_keyblock **key )
+{
+    printf("default get master key\n");
+    return 0;
+}
+
index 679ecad65e85d234cb07986fb02ec2ee1b9bd802..227a42e086f46b8fb22b8259e8b466fadab0fbcf 100644 (file)
@@ -140,20 +140,19 @@ krb5_ktkdb_get_entry(in_context, id, principal, kvno, enctype, entry)
 
     xrealm_tgt = is_xrealm_tgt(context, principal);
 
-    /* Open database */
-    /* krb5_db_init(context); */
-    if ((kerror = krb5_db_open_database(context)))
+    /* Check whether database is inited. Open is commented */
+    if ((kerror = krb5_db_inited(context)))
         return(kerror);
 
     /* get_principal */
     kerror = krb5_db_get_principal(context, principal, &
                                       db_entry, &n, &more);
     if (kerror) {
-        krb5_db_close_database(context);
+      /*        krb5_db_close_database(context); */
         return(kerror);
     }
     if (n != 1) {
-       krb5_db_close_database(context);
+      /* krb5_db_close_database(context); */
        return KRB5_KT_NOTFOUND;
     }
 
@@ -207,8 +206,8 @@ krb5_ktkdb_get_entry(in_context, id, principal, kvno, enctype, entry)
 
     /* Close database */
   error:
-    krb5_dbe_free_contents(context, &db_entry);
-    krb5_db_close_database(context);
+    krb5_db_free_principal(context, &db_entry, 1);
+    /*    krb5_db_close_database(context); */
     return(kerror);
 }
 
index 47e1f0e7b43ef8c1c935eef4e3b29f723cc277f0..c9d53fb3d49ebc0d67fc736b345c8e4cc1e2b3b2 100644 (file)
@@ -97,6 +97,11 @@ kdb2_mpool_put
 kdb2_mpool_sync
 kdb2_nextkey
 kdb2_store
+krb5_db_open
+krb5_db_inited
+krb5_db_clr_error
+krb5_db_alloc
+krb5_db_free
 krb5_db_close_database
 krb5_db_create
 krb5_db_delete_principal
@@ -120,6 +125,7 @@ krb5_db_set_name
 krb5_db_setup_mkey_name
 krb5_db_store_mkey
 krb5_db_unlock
+krb5_db_store_master_key
 krb5_db_verify_master_key
 krb5_dbe_apw
 krb5_dbe_ark
@@ -150,3 +156,10 @@ krb5_ktkdb_set_context
 krb5_mkey_pwd_prompt1
 krb5_mkey_pwd_prompt2
 krb5_ser_db_context_init
+krb5_db_create_policy
+krb5_db_get_policy
+krb5_db_put_policy
+krb5_db_iter_policy
+krb5_db_delete_policy
+krb5_db_free_policy
+krb5_db_vftabl_kdb_db2
diff --git a/src/lib/kdb/setup_mkey.c b/src/lib/kdb/setup_mkey.c
deleted file mode 100644 (file)
index 61f1ef3..0000000
+++ /dev/null
@@ -1,74 +0,0 @@
-/*
- * lib/kdb/setup_mkey.c
- *
- * Copyright 1990 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- *   require a specific license from the United States Government.
- *   It is the responsibility of any person or organization contemplating
- *   export to obtain such a license before exporting.
- * 
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission.  Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose.  It is provided "as is" without express
- * or implied warranty.
- * 
- *
- * krb5_kdb_setup_mkey()
- */
-
-#include "k5-int.h"
-
-/*
- * Given a key name and a realm name, construct a principal which can be used
- * to fetch the master key from the database.
- * 
- * If the key name is NULL, the default key name will be used.
- */
-
-#define        REALM_SEP_STRING        "@"
-
-krb5_error_code
-krb5_db_setup_mkey_name(context, keyname, realm, fullname, principal)
-    krb5_context context;
-    const char *keyname;
-    const char *realm;
-    char **fullname;
-    krb5_principal *principal;
-{
-    krb5_error_code retval;
-    size_t keylen;
-    size_t rlen = strlen(realm);
-    char *fname;
-    
-    if (!keyname)
-       keyname = KRB5_KDB_M_NAME;      /* XXX external? */
-
-    keylen = strlen(keyname);
-        
-    fname = malloc(keylen+rlen+strlen(REALM_SEP_STRING)+1);
-    if (!fname)
-       return ENOMEM;
-
-    strcpy(fname, keyname);
-    strcat(fname, REALM_SEP_STRING);
-    strcat(fname, realm);
-
-    if ((retval = krb5_parse_name(context, fname, principal)))
-       return retval;
-    if (fullname)
-       *fullname = fname;
-    else
-       free(fname);
-    return 0;
-}
diff --git a/src/lib/kdb/store_mkey.c b/src/lib/kdb/store_mkey.c
deleted file mode 100644 (file)
index 587850e..0000000
+++ /dev/null
@@ -1,106 +0,0 @@
-/*
- * lib/kdb/store_mkey.c
- *
- * Copyright 1990 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- *   require a specific license from the United States Government.
- *   It is the responsibility of any person or organization contemplating
- *   export to obtain such a license before exporting.
- * 
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission.  Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose.  It is provided "as is" without express
- * or implied warranty.
- * 
- *
- * krb5_db_store_mkey():
- * Store a database master key in a file.
- */
-
-
-#include <errno.h>
-#include "k5-int.h"
-
-/* Just in case sysincl.h didn't get it */
-
-#ifndef MAXPATHLEN
-#define MAXPATHLEN 1024
-#endif
-
-/*
- * Put the KDC database master key into a file.  If keyfile is NULL,
- * then a default name derived from the principal name mname is used.
- */
-
-#ifndef min
-#define min(a,b) (((a) < (b)) ? (a) : (b))
-#endif
-
-krb5_error_code
-krb5_db_store_mkey(context, keyfile, mname, key)
-    krb5_context context;
-    char *keyfile;
-    krb5_principal mname;
-    krb5_keyblock *key;
-{
-    FILE *kf;
-    krb5_error_code retval = 0;
-    krb5_ui_2 enctype;
-    char defkeyfile[MAXPATHLEN+1];
-    krb5_data *realm = krb5_princ_realm(context, mname);
-#if HAVE_UMASK
-    mode_t oumask;
-#endif
-
-    if (!keyfile) {
-       (void) strcpy(defkeyfile, DEFAULT_KEYFILE_STUB);
-       (void) strncat(defkeyfile, realm->data,
-                      min(sizeof(defkeyfile)-sizeof(DEFAULT_KEYFILE_STUB)-1,
-                          realm->length));
-       defkeyfile[sizeof(defkeyfile) - 1] = '\0';
-       keyfile = defkeyfile;
-    }
-
-#if HAVE_UMASK
-    oumask = umask(077);
-#endif
-#ifdef ANSI_STDIO
-    if (!(kf = fopen(keyfile, "wb")))
-#else
-    if (!(kf = fopen(keyfile, "w")))
-#endif
-    {
-#if HAVE_UMASK
-       (void) umask(oumask);
-#endif
-       return errno;
-    }
-    enctype = key->enctype;
-    if ((fwrite((krb5_pointer) &enctype,
-               2, 1, kf) != 1) ||
-       (fwrite((krb5_pointer) &key->length,
-               sizeof(key->length), 1, kf) != 1) ||
-       (fwrite((krb5_pointer) key->contents,
-               sizeof(key->contents[0]), (unsigned) key->length, 
-               kf) != key->length)) {
-       retval = errno;
-       (void) fclose(kf);
-    }
-    if (fclose(kf) == EOF)
-       retval = errno;
-#if HAVE_UMASK
-    (void) umask(oumask);
-#endif
-    return retval;
-}
diff --git a/src/lib/kdb/t_kdb.c b/src/lib/kdb/t_kdb.c
deleted file mode 100644 (file)
index 769d3e6..0000000
+++ /dev/null
@@ -1,1091 +0,0 @@
-/*
- * lib/kdb/t_kdb.c
- *
- * Copyright 1995 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- *   require a specific license from the United States Government.
- *   It is the responsibility of any person or organization contemplating
- *   export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission.  Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose.  It is provided "as is" without express
- * or implied warranty.
- *
- */
-
-/*
- * t_kdb.c     - Test [and optionally obtain timing information about] the
- *               Kerberos database functions.
- */
-
-#define        KDB5_DISPATCH
-#include "k5-int.h"
-#include <ctype.h>
-#include <sys/time.h>
-#include <sys/wait.h>
-#include "com_err.h"
-
-#if    HAVE_SRAND48
-#define        RAND()          lrand48()
-#define        SRAND(a)        srand48(a)
-#define        RAND_TYPE       long
-#elif  HAVE_SRAND
-#define        RAND()          rand()
-#define        SRAND(a)        srand(a)
-#define        RAND_TYPE       int
-#elif  HAVE_SRANDOM
-#define        RAND()          random()
-#define        SRAND(a)        srandom(a)
-#define        RAND_TYPE       long
-#else  /* no random */
-need a random number generator
-#endif /* no random */
-
-#define        T_KDB_N_PASSES  100
-#define        T_KDB_DEF_DB    "test_db"
-#define        MAX_PNAME_LEN   1024
-#define        MAX_PRINC_COMPS 8
-#define        MAX_COMP_SIZE   32
-
-#define        RANDOM(a,b)     (a + (RAND() % (b-a)))
-
-enum dbtype { DB_UFO, DB_DEFAULT, DB_BERKELEY, DB_DBM };
-
-char                   *programname = (char *) NULL;
-krb5_data              mprinc_data_entries[] = {
-    { 0, sizeof("master")-1, "master"},
-    { 0, sizeof("key")-1, "key"}
-};
-
-krb5_principal_data    master_princ_data = {
-    0,                                         /* Magic number         */
-    { 0, sizeof("test.realm")-1, "test.realm"},        /* Realm                */
-    mprinc_data_entries,                       /* Name/instance        */
-    sizeof(mprinc_data_entries)/
-       sizeof(mprinc_data_entries[0]),         /* Number               */
-    KRB5_NT_SRV_INST                           /* Type                 */
-};
-
-struct timeval tstart_time, tend_time;
-struct timezone        dontcare;
-krb5_principal *recorded_principals = (krb5_principal *) NULL;
-char           **recorded_names = (char **) NULL;
-
-#ifdef BERK_DB_DBM
-extern DBM     *db_dbm_open (char *, int, int);
-extern void     db_dbm_close (DBM *);
-extern datum    db_dbm_fetch (DBM *, datum);
-extern datum    db_dbm_firstkey (DBM *);
-extern datum    db_dbm_nextkey (DBM *);
-extern int      db_dbm_delete (DBM *, datum);
-extern int      db_dbm_store (DBM *, datum, datum, int);
-extern int     db_dbm_error (DBM *);
-extern int     db_dbm_clearerr (DBM *);
-extern int     db_dbm_dirfno (DBM *);
-
-static kdb5_dispatch_table berkeley_dispatch = {
-    "Berkeley Hashed Database",
-    ".db",                     /* Index file name ext  */
-    (char *) NULL,             /* Data file name ext   */
-    ".ok",                     /* Lock file name ext   */
-    db_dbm_open,               /* Open Database        */
-    db_dbm_close,              /* Close Database       */
-    db_dbm_fetch,              /* Fetch Key            */
-    db_dbm_firstkey,           /* Fetch First Key      */
-    db_dbm_nextkey,            /* Fetch Next Key       */
-    db_dbm_delete,             /* Delete Key           */
-    db_dbm_store,              /* Store Key            */
-    db_dbm_error,              /* Get Database Error   */
-    db_dbm_clearerr,           /* Clear Database Error */
-    db_dbm_dirfno,             /* Get Database FD num  */
-    (int (*)()) NULL           /* Get Database FD num  */
-};
-#endif
-
-#if defined(NDBM) || defined(ODBM)
-/*
- * The following prototypes are necessary in case dbm_error and
- * dbm_clearerr are in the library but not prototyped
- * (e.g. NetBSD-1.0)
- */
-#ifdef MISSING_ERROR_PROTO
-int dbm_error (DBM *);
-#endif
-#ifdef MISSING_CLEARERR_PROTO
-int dbm_clearerr (DBM *);
-#endif
-
-static kdb5_dispatch_table dbm_dispatch = {
-    "Stock [N]DBM Database",
-    ".dir",                    /* Index file name ext  */
-    ".pag",                    /* Data file name ext   */
-    ".ok",                     /* Lock file name ext   */
-    dbm_open,                  /* Open Database        */
-    dbm_close,                 /* Close Database       */
-    dbm_fetch,                 /* Fetch Key            */
-    dbm_firstkey,              /* Fetch First Key      */
-    dbm_nextkey,               /* Fetch Next Key       */
-    dbm_delete,                        /* Delete Key           */
-    dbm_store,                 /* Store Key            */
-    /*
-     * The following are #ifdef'd because they have the potential to be
-     * macros rather than functions.
-     */
-#ifdef dbm_error
-    (int (*)()) NULL,          /* Get Database Error   */
-#else  /* dbm_error */
-#ifdef HAVE_DBM_ERROR
-    dbm_error,                 /* Get Database Error   */
-#else
-    (int (*)()) NULL,          /* Get Database Error   */
-#endif
-#endif /* dbm_error */
-#ifdef dbm_clearerr
-    (int (*)()) NULL,          /* Clear Database Error */
-#else  /* dbm_clearerr */
-#ifdef HAVE_DBM_CLEARERR
-    dbm_clearerr,              /* Clear Database Error */
-#else
-    (int (*)()) NULL,          /* Clear Database Error */
-#endif
-#endif /* dbm_clearerr */
-#ifdef dbm_dirfno
-    (int (*)()) NULL,          /* Get Database FD num  */
-#else  /* dbm_dirfno */
-    dbm_dirfno,                        /* Get Database FD num  */
-#endif /* dbm_dirfno */
-#ifdef dbm_pagfno
-    (int (*)()) NULL,          /* Get Database FD num  */
-#else  /* dbm_pagfno */
-    dbm_pagfno,                        /* Get Database FD num  */
-#endif /* dbm_pagfno */
-};
-#endif /* NDBM || ODBM */
-
-\f
-/*
- * Timer macros.
- */
-#define        swatch_on()     ((void) gettimeofday(&tstart_time, &dontcare))
-#define        swatch_eltime() ((gettimeofday(&tend_time, &dontcare)) ? -1.0 : \
-                        (((float) (tend_time.tv_sec -                  \
-                                   tstart_time.tv_sec)) +              \
-                         (((float) (tend_time.tv_usec -                \
-                                    tstart_time.tv_usec))/1000000.0)))
-\f
-/*
- * Free all principals and names in the recorded names list.
- */
-static void
-free_principals(kcontext, nentries)
-    krb5_context       kcontext;
-    int                nentries;
-{
-    int i;
-    if (recorded_principals) {
-       for (i=0; i<nentries; i++) {
-           if (recorded_principals[i])
-               krb5_free_principal(kcontext, recorded_principals[i]);
-       }
-       free(recorded_principals);
-    }
-    recorded_principals = (krb5_principal *) NULL;
-
-    if (recorded_names) {
-       for (i=0; i<nentries; i++) {
-           if (recorded_names[i])
-               free(recorded_names[i]);
-       }
-       free(recorded_names);
-    }
-    recorded_names = (char **) NULL;
-}
-
-/*
- * Initialize the recorded names list.
- */
-static void
-init_princ_recording(kcontext, nentries)
-    krb5_context       kcontext;
-    int                nentries;
-{
-    recorded_principals = (krb5_principal *)
-           malloc(nentries * sizeof(krb5_principal));
-    if (!recorded_principals)
-           abort();
-    memset((char *) recorded_principals, 0,
-          nentries * sizeof(krb5_principal));
-    recorded_names = (char **) malloc(nentries * sizeof(char *));
-    if (!recorded_names)
-           abort();
-    memset((char *) recorded_names, 0, nentries * sizeof(char *));
-}
-
-/*
- * Record a principal and name.
- */
-static void
-record_principal(slotno, princ, pname)
-    int                        slotno;
-    krb5_principal     princ;
-    char               *pname;
-{
-    recorded_principals[slotno] = princ;
-    recorded_names[slotno] = (char *) malloc(strlen(pname)+1);
-    if (recorded_names[slotno])
-       strcpy(recorded_names[slotno], pname);
-}
-
-#define        playback_principal(slotno)      (recorded_principals[slotno])
-#define        playback_name(slotno)           (recorded_names[slotno])
-
-/*
- * See if a principal already exists.
- */
-static krb5_boolean
-principal_found(nvalid, pname)
-    int                nvalid;
-    char       *pname;
-{
-    krb5_boolean       found;
-    int                        i;
-
-    found = 0;
-    for (i=0; i<nvalid; i++) {
-       if (!strcmp(recorded_names[i], pname)) {
-           found = 1;
-           break;
-       }
-    }
-    return(found);
-}
-
-/*
- * Add a principal to the database.
- */
-static krb5_error_code
-add_principal(kcontext, principal, mkey, key)
-    krb5_context         kcontext;
-    krb5_principal       principal;
-    krb5_keyblock      * mkey;
-    krb5_keyblock      * key;
-{
-    krb5_error_code      kret;
-    krb5_db_entry        dbent;
-    krb5_keyblock      * rkey = NULL, lkey;
-    krb5_timestamp       timenow;
-    int                          nentries = 1;
-
-    memset((char *) &dbent, 0, sizeof(dbent));
-    dbent.len                  = KRB5_KDB_V1_BASE_LENGTH;
-
-    dbent.attributes           = KRB5_KDB_DEF_FLAGS;
-    dbent.max_life             = KRB5_KDB_MAX_LIFE;
-    dbent.expiration           = KRB5_KDB_EXPIRATION;
-    dbent.max_renewable_life   = KRB5_KDB_MAX_RLIFE;
-
-    if ((kret = krb5_copy_principal(kcontext, principal, &dbent.princ)))
-       goto out;
-
-    if ((kret = krb5_timeofday(kcontext, &timenow)))
-       goto out;
-    if ((kret = krb5_dbe_update_mod_princ_data(kcontext, &dbent,
-                                              timenow, principal)))
-           goto out;
-
-    if (!key) {
-       kret = krb5_c_make_random_key (kcontext, mkey->enctype, &lkey);
-       if (kret)
-           goto out;
-       rkey = &lkey;
-    } else
-       rkey = key;
-
-    if ((kret = krb5_dbe_create_key_data(kcontext, &dbent)))
-       goto out;
-    if ((kret = krb5_dbekd_encrypt_key_data(kcontext, mkey, rkey, NULL, 1,
-                                           &dbent.key_data[0])))
-       goto out;
-
-    if (!key)
-       krb5_free_keyblock_contents(kcontext, rkey);
-
-    kret = krb5_db_put_principal(kcontext, &dbent, &nentries);
-    if ((!kret) && (nentries != 1))
-       kret = KRB5_KDB_UK_SERROR;
- out:
-    krb5_dbe_free_contents(kcontext, &dbent);
-    return(kret);
-}
-
-/*
- * Generate a principal name.
- */
-static krb5_error_code
-gen_principal(kcontext, realm, do_rand, n, princp, namep)
-    krb5_context       kcontext;
-    char               *realm;
-    int                        do_rand;
-    int                        n;
-    krb5_principal     *princp;
-    char               **namep;
-{
-    static char pnamebuf[MAX_PNAME_LEN];
-    static char *instnames[] = {
-       "instance1", "xxx2", "whereami3", "ABCDEFG4", "foofoo5" };
-    static char *princnames[] = {
-       "princ1", "user2", "service3" };
-
-    krb5_error_code    kret;
-    char               *instname;
-    char               *princbase;
-    int                        ncomps;
-    int                        i, complen, j;
-    char               *cp;
-
-    if (do_rand) {
-       ncomps = RANDOM(1,MAX_PRINC_COMPS);
-       cp = pnamebuf;
-       for (i=0; i<ncomps; i++) {
-           complen = RANDOM(1,MAX_COMP_SIZE);
-           for (j=0; j<complen; j++) {
-               *cp = (char) RANDOM(0,256);
-               while (!isalnum(*cp & 0xff))
-                   *cp = (char) RANDOM(0,256);
-               cp++;
-               if(cp + strlen(realm) >= pnamebuf + sizeof(pnamebuf))
-                   break;
-           }
-           if(cp + strlen(realm) >= pnamebuf + sizeof(pnamebuf))
-               break;
-           *cp = '/';
-           cp++;
-       }
-       if(cp + strlen(realm) < pnamebuf + sizeof(pnamebuf)) {
-           cp[-1] = '@';
-           strcpy(cp, realm);
-       } else {
-            strcpy(cp , "");
-       }
-    }
-    else {
-       instname = instnames[n % (sizeof(instnames)/sizeof(instnames[0]))];
-       princbase = princnames[n % (sizeof(princnames)/sizeof(princnames[0]))];
-       sprintf(pnamebuf, "%s%d/%s@%s", princbase, n, instname, realm);
-    }
-    kret = krb5_parse_name(kcontext, pnamebuf, princp);
-    *namep = (!kret) ? pnamebuf : (char *) NULL;
-    return(kret);
-}
-
-/*
- * Find a principal in the database.
- */
-static krb5_error_code
-find_principal(kcontext, principal, docompare)
-    krb5_context       kcontext;
-    krb5_principal     principal;
-    krb5_boolean       docompare;
-{
-    krb5_error_code    kret;
-    krb5_db_entry      dbent;
-    krb5_principal     mod_princ;
-    krb5_timestamp     mod_time;
-    int                        how_many;
-    krb5_boolean       more;
-
-    more = 0;
-    how_many = 1;
-    if ((kret = krb5_db_get_principal(kcontext, principal, &dbent,
-                                     &how_many, &more)))
-       return(kret);
-    if (how_many == 0) 
-       return(KRB5_KDB_NOENTRY);
-
-    if ((kret = krb5_dbe_lookup_mod_princ_data(kcontext, &dbent,
-                                              &mod_time, &mod_princ)))
-
-       return(kret);
-    
-    if (docompare) {
-       if ((dbent.max_life != KRB5_KDB_MAX_LIFE) ||
-           (dbent.max_renewable_life != KRB5_KDB_MAX_RLIFE) ||
-           (dbent.expiration != KRB5_KDB_EXPIRATION) ||
-           (dbent.attributes != KRB5_KDB_DEF_FLAGS) ||
-           !krb5_principal_compare(kcontext, principal, dbent.princ) ||
-           !krb5_principal_compare(kcontext, principal, mod_princ))
-           kret = KRB5_PRINC_NOMATCH;
-    }
-
-    krb5_db_free_principal(kcontext, &dbent, how_many);
-    krb5_free_principal(kcontext, mod_princ);
-    if (!kret) 
-        return(((how_many == 1) && (more == 0)) ? 0 : KRB5KRB_ERR_GENERIC);
-    else
-        return(kret);
-
-}
-
-/*
- * Delete a principal.
- */
-static krb5_error_code
-delete_principal(kcontext, principal)
-    krb5_context       kcontext;
-    krb5_principal     principal;
-{
-    krb5_error_code    kret;
-    int                        num2delete;
-
-    num2delete = 1;
-    if ((kret = krb5_db_delete_principal(kcontext, principal, &num2delete)))
-       return(kret);
-    return((num2delete == 1) ? 0 : KRB5KRB_ERR_GENERIC);
-}
-
-static int
-do_testing(db, passes, verbose, timing, rcases, check, save_db, dontclean,
-          ptest, hash)
-    char       *db;
-    int                passes;
-    int                verbose;
-    int                timing;
-    int                rcases;
-    int                check;
-    int                save_db;
-    int                dontclean;
-    int                ptest;
-    int                hash;
-{
-    krb5_error_code    kret;
-    krb5_context       kcontext;
-    char               *op, *linkage, *oparg;
-    krb5_principal     master_princ;
-    int                 master_princ_set = 0;
-    char               *mkey_name;
-    char               *realm;
-    char               *mkey_fullname;
-    char               *master_passwd;
-    krb5_data          salt_data;
-    krb5_encrypt_block master_encblock;
-    krb5_keyblock      master_keyblock;
-    krb5_data          passwd;
-    krb5_pointer       rseed;
-    krb5_boolean       db_open, db_created;
-    int                        passno;
-    krb5_principal     principal;
-    char               *pname;
-    float              elapsed;
-    krb5_keyblock      stat_kb;
-    krb5_int32         crflags;
-
-    mkey_name = "master/key";
-    realm = master_princ_data.realm.data;
-    mkey_fullname = (char *) NULL;
-    master_princ = (krb5_principal) NULL;
-    master_passwd = "master_password";
-    db_open = 0;
-    db_created = 0;
-    linkage = "";
-    oparg = "";
-    crflags = hash ? KRB5_KDB_CREATE_HASH : KRB5_KDB_CREATE_BTREE;
-
-    memset(&master_keyblock, 0, sizeof(master_keyblock));
-
-    /* Set up some initial context */
-    op = "initializing krb5";
-    kret = krb5_init_context(&kcontext);
-    if (kret)
-           goto goodbye;
-
-    /* 
-     * The database had better not exist.
-     */
-    op = "making sure database doesn't exist";
-    if (!(kret = krb5_db_set_name(kcontext, db))) {
-       kret = EEXIST;
-       goto goodbye;
-    }
-
-    /* Set up the master key name */
-    op = "setting up master key name";
-    if ((kret = krb5_db_setup_mkey_name(kcontext, mkey_name, realm,
-                                       &mkey_fullname, &master_princ)))
-       goto goodbye;
-
-    master_princ_set = 1;
-    if (verbose)
-       fprintf(stdout, "%s: Initializing '%s', master key is '%s'\n",
-               programname, db, mkey_fullname);
-
-    free(mkey_fullname);
-    mkey_fullname = 0;
-
-    op = "salting master key";
-    if ((kret = krb5_principal2salt(kcontext, master_princ, &salt_data)))
-       goto goodbye;
-
-    op = "converting master key";
-    krb5_use_enctype(kcontext, &master_encblock, DEFAULT_KDC_ENCTYPE);
-    master_keyblock.enctype = DEFAULT_KDC_ENCTYPE;
-    passwd.length = strlen(master_passwd);
-    passwd.data = master_passwd;
-    if ((kret = krb5_string_to_key(kcontext, &master_encblock,
-                                  &master_keyblock, &passwd, &salt_data)))
-       goto goodbye;
-    /* Clean up */
-    free(salt_data.data);
-
-    /* Process master key */
-    op = "processing master key";
-    if ((kret = krb5_process_key(kcontext, &master_encblock,
-                                &master_keyblock)))
-       goto goodbye;
-
-    /* Initialize random key generator */
-    op = "initializing random key generator";
-    if ((kret = krb5_init_random_key(kcontext,
-                                    &master_encblock,
-                                    &master_keyblock,
-                                    &rseed)))
-       goto goodbye;
-
-    /* Create database */
-    op = "creating database";
-    if ((kret = krb5_db_create(kcontext, db, crflags)))
-       goto goodbye;
-
-    db_created = 1;
-
-    /* Set this database as active. */
-    op = "setting active database";
-    if ((kret = krb5_db_set_name(kcontext, db)))
-       goto goodbye;
-
-    /* Initialize database */
-    op = "initializing database";
-    if ((kret = krb5_db_init(kcontext)))
-       goto goodbye;
-
-    db_open = 1;
-    op = "adding master principal";
-    if ((kret = add_principal(kcontext,
-                             master_princ,
-                             &master_keyblock,
-                             &master_keyblock)))
-       goto goodbye;
-
-
-    stat_kb.enctype = DEFAULT_KDC_ENCTYPE;
-    stat_kb.length = 8;
-    stat_kb.contents = (krb5_octet *) "helpmeee";
-
-    /* We are now ready to proceed to test. */
-    if (verbose)
-       fprintf(stdout, "%s: Beginning %stest\n",
-               programname, (rcases) ? "random " : "");
-    init_princ_recording(kcontext, passes);
-    if (rcases) {
-       struct tacc {
-           float       t_time;
-           int         t_number;
-       } accumulated[3];
-       int             i, nvalid, discrim, highwater, coinflip;
-       krb5_keyblock   *kbp;
-
-       /* Generate random cases */
-       for (i=0; i<3; i++) {
-           accumulated[i].t_time = 0.0;
-           accumulated[i].t_number = 0;
-       }
-
-       /*
-        * Generate principal names.
-        */
-       if (verbose > 1)
-           fprintf(stdout, "%s: generating %d names\n",
-                   programname, passes);
-       for (passno=0; passno<passes; passno++) {
-           op = "generating principal name";
-           do {
-               if ((kret = gen_principal(kcontext, realm, rcases,
-                                         passno, &principal, &pname)))
-                       goto goodbye;
-           } while (principal_found(passno-1, pname));
-           record_principal(passno, principal, pname);
-       }
-
-       /* Prime the database with some number of entries */
-       nvalid = passes/4;
-       if (nvalid < 10)
-           nvalid = 10;
-       if (nvalid > passes)
-           nvalid = passes;
-
-       if (verbose > 1)
-           fprintf(stdout, "%s: priming database with %d principals\n",
-                   programname, nvalid);
-       highwater = 0;
-       for (passno=0; passno<nvalid; passno++) {
-           op = "adding principal";
-           coinflip = RANDOM(0,2);
-           kbp = (coinflip) ? &stat_kb : (krb5_keyblock *) NULL;
-           if (timing) {
-               swatch_on();
-           }
-           if ((kret = add_principal(kcontext, playback_principal(passno),
-                                     &master_keyblock, kbp))) {
-               linkage = "initially ";
-               oparg = playback_name(passno);
-               goto cya;
-           }
-           if (timing) {
-               elapsed = swatch_eltime();
-               accumulated[0].t_time += elapsed;
-               accumulated[0].t_number++;
-           }
-           if (verbose > 4)
-               fprintf(stderr, "*A(%s)\n", playback_name(passno));
-           highwater++;
-       }
-
-       if (verbose > 1)
-           fprintf(stderr, "%s: beginning random loop\n", programname);
-       /* Loop through some number of times and pick random operations */
-       for (i=0; i<3*passes; i++) {
-           discrim = RANDOM(0,100);
-
-           /* Add a principal 25% of the time, if possible */
-           if ((discrim < 25) && (nvalid < passes)) {
-               op = "adding principal";
-               coinflip = RANDOM(0,2);
-               kbp = (coinflip) ? &stat_kb : (krb5_keyblock *) NULL;
-               if (timing) {
-                   swatch_on();
-               }
-               if ((kret = add_principal(kcontext,
-                                         playback_principal(nvalid),
-                                         &master_keyblock, kbp))) {
-                   oparg = playback_name(nvalid);
-                   goto cya;
-               }
-               if (timing) {
-                   elapsed = swatch_eltime();
-                   accumulated[0].t_time += elapsed;
-                   accumulated[0].t_number++;
-               }
-               if (verbose > 4)
-                   fprintf(stderr, "*A(%s)\n", playback_name(nvalid));
-               nvalid++;
-               if (nvalid > highwater)
-                   highwater = nvalid;
-           }
-           /* Delete a principal 15% of the time, if possible */
-           else if ((discrim > 85) && (nvalid > 10)) {
-               op = "deleting principal";
-               if (timing) {
-                   swatch_on();
-               }
-               if ((kret = delete_principal(kcontext,
-                                            playback_principal(nvalid-1)))) {
-                   oparg = playback_name(nvalid-1);
-                   goto cya;
-               }
-               if (timing) {
-                   elapsed = swatch_eltime();
-                   accumulated[2].t_time += elapsed;
-                   accumulated[2].t_number++;
-               }
-               if (verbose > 4)
-                   fprintf(stderr, "XD(%s)\n", playback_name(nvalid-1));
-               nvalid--;
-           }
-           /* Otherwise, find a principal */
-           else {
-               op = "looking up principal";
-               passno = RANDOM(0, nvalid);
-               if (timing) {
-                   swatch_on();
-               }
-               if ((kret = find_principal(kcontext,
-                                          playback_principal(passno),
-                                          check))) {
-                   oparg = playback_name(passno);
-                   goto cya;
-               }
-               if (timing) {
-                   elapsed = swatch_eltime();
-                   accumulated[1].t_time += elapsed;
-                   accumulated[1].t_number++;
-               }
-               if (verbose > 4)
-                   fprintf(stderr, "-S(%s)\n", playback_name(passno));
-           }
-       }
-
-       if (!dontclean) {
-           /* Clean up the remaining principals */
-           if (verbose > 1)
-               fprintf(stdout, "%s: deleting remaining %d principals\n",
-                       programname, nvalid);
-           for (passno=0; passno<nvalid; passno++) {
-               op = "deleting principal";
-               if (timing) {
-                   swatch_on();
-               }
-               if ((kret = delete_principal(kcontext,
-                                            playback_principal(passno)))) {
-                   linkage = "finally ";
-                   oparg = playback_name(passno);
-                   goto cya;
-               }
-               if (timing) {
-                   elapsed = swatch_eltime();
-                   accumulated[2].t_time += elapsed;
-                   accumulated[2].t_number++;
-               }
-               if (verbose > 4)
-                   fprintf(stderr, "XD(%s)\n", playback_name(passno));
-           }
-       }
-    cya:
-       if (verbose)
-           fprintf(stdout,
-                   "%s: highwater mark was %d principals\n",
-                   programname, highwater);
-       if (accumulated[0].t_number && timing)
-           fprintf(stdout,
-                   "%s: performed %8d additions in %9.4f seconds (%9.4f/add)\n",
-                   programname, accumulated[0].t_number,
-                   accumulated[0].t_time, 
-                   accumulated[0].t_time / (float) accumulated[0].t_number);
-       if (accumulated[1].t_number && timing)
-           fprintf(stdout,
-                   "%s: performed %8d lookups   in %9.4f seconds (%9.4f/search)\n",
-                   programname, accumulated[1].t_number,
-                   accumulated[1].t_time, 
-                   accumulated[1].t_time / (float) accumulated[1].t_number);
-       if (accumulated[2].t_number && timing)
-           fprintf(stdout,
-                   "%s: performed %8d deletions in %9.4f seconds (%9.4f/delete)\n",
-                   programname, accumulated[2].t_number,
-                   accumulated[2].t_time, 
-                   accumulated[2].t_time / (float) accumulated[2].t_number);
-       if (kret)
-           goto goodbye;
-    }
-    else {
-       /*
-        * Generate principal names.
-        */
-       for (passno=0; passno<passes; passno++) {
-           op = "generating principal name";
-           if ((kret = gen_principal(kcontext, realm, rcases,
-                                    passno, &principal, &pname)))
-               goto goodbye;
-           record_principal(passno, principal, pname);
-       }
-       /*
-        * Add principals.
-        */
-       if (timing) {
-           swatch_on();
-       }
-       for (passno=0; passno<passes; passno++) {
-           op = "adding principal";
-           if ((kret = add_principal(kcontext, playback_principal(passno),
-                                    &master_keyblock, &stat_kb)))
-               goto goodbye;
-           if (verbose > 4)
-               fprintf(stderr, "*A(%s)\n", playback_name(passno));
-       }
-       if (timing) {
-           elapsed = swatch_eltime();
-           fprintf(stdout,
-                   "%s:   added %d principals in %9.4f seconds (%9.4f/add)\n",
-                   programname, passes, elapsed, elapsed/((float) passes));
-       }
-
-       /*
-        * Lookup principals.
-        */
-       if (timing) {
-           swatch_on();
-       }
-       for (passno=0; passno<passes; passno++) {
-           op = "looking up principal";
-           if ((kret = find_principal(kcontext, playback_principal(passno),
-                                      check)))
-               goto goodbye;
-           if (verbose > 4)
-               fprintf(stderr, "-S(%s)\n", playback_name(passno));
-       }
-       if (timing) {
-           elapsed = swatch_eltime();
-           fprintf(stdout,
-                   "%s:   found %d principals in %9.4f seconds (%9.4f/search)\n",
-                   programname, passes, elapsed, elapsed/((float) passes));
-       }
-
-       /*
-        * Delete principals.
-        */
-       if (!dontclean) {
-           if (timing) {
-               swatch_on();
-           }
-           for (passno=passes-1; passno>=0; passno--) {
-               op = "deleting principal";
-               if ((kret = delete_principal(kcontext,
-                                            playback_principal(passno))))
-                   goto goodbye;
-               if (verbose > 4)
-                   fprintf(stderr, "XD(%s)\n", playback_name(passno));
-           }
-           if (timing) {
-               elapsed = swatch_eltime();
-               fprintf(stdout,
-                       "%s: deleted %d principals in %9.4f seconds (%9.4f/delete)\n",
-                       programname, passes, elapsed,
-                       elapsed/((float) passes));
-           }
-       }
-
-    }
-
- goodbye:
-    if(master_princ_set) {
-       krb5_free_principal(kcontext, master_princ);
-    }
-    if (kret)
-       fprintf(stderr, "%s: error while %s %s%s(%s)\n",
-               programname, op, linkage, oparg, error_message(kret));
-
-    if (!kret && ptest) {
-       int     nper;
-       pid_t   children[32], child;
-       int     nprocs, existat, i, j, fd;
-
-       nprocs = ptest + 1;
-       if (nprocs > 32)
-           nprocs = 32;
-
-       nper = passes / nprocs;
-       unlink("./test.lock");
-       for (i=0; i<nprocs; i++) {
-           child = fork();
-           if (child == 0) {
-               /* Child */
-               int base;
-               krb5_context    ccontext;
-               struct stat stbuf;
-
-               while (stat("./test.lock", &stbuf) == -1)
-               kret = krb5_init_context(&ccontext);
-               if (kret) {
-                   com_err(programname, kret, "while initializing krb5");
-                   exit(1);
-               }
-               if ((kret = krb5_db_set_name(ccontext, db)) ||
-                   (kret = krb5_db_init(ccontext)))
-                   exit(1);
-               base = i*nper;
-               for (j=0; j<nper; j++) {
-                   if ((kret = add_principal(ccontext,
-                                             playback_principal(base+j),
-                                             &master_keyblock,
-                                             &stat_kb))) {
-                       fprintf(stderr,
-                               "%ld: (%d,%d) Failed add of %s with %s\n",
-                               (long) getpid(), i, j, playback_name(base+j),
-                               error_message(kret));
-                       break;
-                   }
-                   if (verbose > 4)
-                       fprintf(stderr, "*A[%ld](%s)\n", (long) getpid(),
-                               playback_name(base+j));
-               }   
-               for (j=0; (j<nper) && (!kret); j++) {
-                   if ((kret = find_principal(ccontext,
-                                              playback_principal(base+j),
-                                              check))) {
-                       fprintf(stderr,
-                               "%ld: (%d,%d) Failed lookup of %s with %s\n",
-                               (long) getpid(), i, j, playback_name(base+j),
-                               error_message(kret));
-                       break;
-                   }
-                   if (verbose > 4)
-                       fprintf(stderr, "-S[%ld](%s)\n", (long) getpid(),
-                               playback_name(base+j));
-               }   
-               for (j=0; (j<nper) && (!kret); j++) {
-                   if ((kret = delete_principal(ccontext,
-                                              playback_principal(base+j)))) {
-                       fprintf(stderr,
-                               "%ld: (%d,%d) Failed delete of %s with %s\n",
-                               (long) getpid(), i, j, playback_name(base+j),
-                               error_message(kret));
-                       break;
-                   }
-                   if (verbose > 4)
-                       fprintf(stderr, "XD[%ld](%s)\n", (long) getpid(),
-                               playback_name(base+j));
-               }
-               krb5_db_fini(ccontext);
-               krb5_free_context(ccontext);
-               exit((kret) ? 1 : 0);
-           }
-           else
-               children[i] = child;
-       }
-       fd = open("./test.lock", O_CREAT|O_RDWR|O_EXCL, 0666);
-       close(fd);
-       sleep(1);
-       unlink("./test.lock");
-       for (i=0; i<nprocs; i++) {
-           if (waitpid(children[i], &existat, 0) == children[i]) {
-               if (verbose) 
-                   fprintf(stderr, "%ld finished with %d\n",
-                           (long) children[i], existat);
-               if (existat)
-                   kret = KRB5KRB_ERR_GENERIC;
-           }
-           else
-               fprintf(stderr, "Wait for %ld failed\n", (long) children[i]);
-       }
-    }
-
-    free_principals(kcontext, passes);
-    if (db_open)
-       (void) krb5_db_fini(kcontext);
-    if (db_created) {
-       if (!kret && !save_db) {
-           krb5_db_destroy(kcontext, db);
-           krb5_db_fini(kcontext);
-       } else {
-           if (kret && verbose)
-               fprintf(stderr, "%s: database not deleted because of error\n",
-                       programname);
-       }
-    }
-
-    krb5_free_keyblock_contents(kcontext, &master_keyblock);
-    krb5_free_context(kcontext);
-
-    return((kret) ? 1 : 0);
-}
-
-/*
- * usage:
- *     t_kdb   [-t]            - Get timing information.
- *             [-r]            - Generate random cases.
- *             [-n <num>]      - Use <num> as the number of passes.
- *             [-c]            - Check contents.
- *             [-v]            - Verbose output.
- *             [-d <dbname>]   - Database name.
- *             [-s]            - Save database even on successful completion.
- *             [-D]            - Leave database dirty.
- */
-int
-main(argc, argv)
-    int                argc;
-    char       *argv[];
-{
-    int        option;
-    extern char        *optarg;
-
-    int                do_time, do_random, num_passes, check_cont, verbose, error;
-    int                save_db, dont_clean, do_ptest, hash;
-    char       *db_name;
-
-    programname = argv[0];
-    if (strrchr(programname, (int) '/'))
-       programname = strrchr(programname, (int) '/') + 1;
-    SRAND((RAND_TYPE)time((void *) NULL));
-
-    /* Default values. */
-    do_time = 0;
-    do_random = 0;
-    num_passes = T_KDB_N_PASSES;
-    check_cont = 0;
-    verbose = 0;
-    db_name = T_KDB_DEF_DB;
-    save_db = 0;
-    dont_clean = 0;
-    error = 0;
-    do_ptest = 0;
-    hash = 0;
-
-    /* Parse argument list */
-    while ((option = getopt(argc, argv, "cd:n:prstvDh")) != -1) {
-       switch (option) {
-       case 'c':
-           check_cont = 1;
-           break;
-       case 'd':
-           db_name = optarg;
-           break;
-       case 'n':
-           if (sscanf(optarg, "%d", &num_passes) != 1) {
-               fprintf(stderr, "%s: %s is not a valid number for %c option\n",
-                       programname, optarg, option);
-               error++;
-           }
-           break;
-       case 'p':
-           do_ptest++;
-           break;
-       case 'r':
-           do_random = 1;
-           break;
-       case 's':
-           save_db = 1;
-           break;
-       case 't':
-           do_time = 1;
-           break;
-       case 'v':
-           verbose++;
-           break;
-       case 'D':
-           dont_clean = 1;
-           break;
-       case 'h':
-           hash = 1;
-           break;
-       default:
-           error++;
-           break;
-       }
-    }
-    if (error)
-       fprintf(stderr, "%s: usage is %s [-cprstv] [-d <dbname>] [-n <num>]\n",
-               programname, programname);
-    else
-       error = do_testing(db_name,
-                          num_passes,
-                          verbose,
-                          do_time,
-                          do_random,
-                          check_cont,
-                          save_db,
-                          dont_clean,
-                          do_ptest,
-                          hash);
-    return(error);
-}
-
-
diff --git a/src/lib/kdb/t_krb5.conf b/src/lib/kdb/t_krb5.conf
deleted file mode 100644 (file)
index 5882d97..0000000
+++ /dev/null
@@ -1,29 +0,0 @@
-[libdefaults]
-       ticket_lifetime = 600
-       default_realm = ATHENA.MIT.EDU
-
-[realms]
-       ATHENA.MIT.EDU = {
-               kdc = KERBEROS-2.MIT.EDU:88
-               kdc = KERBEROS.MIT.EDU
-               kdc = KERBEROS-1.MIT.EDU
-               admin_server = KERBEROS.MIT.EDU
-               default_domain = MIT.EDU
-               v4_instance_convert = {
-                       mit = mit.edu
-                       lithium = lithium.lcs.mit.edu
-               }
-       }
-       CYGNUS.COM = {
-               kdc = KERBEROS-1.CYGNUS.COM
-               kdc = KERBEROS.CYGNUS.COM
-               admin_server = KERBEROS.MIT.EDU
-       }
-
-[domain_realm]
-       .mit.edu = ATHENA.MIT.EDU
-       mit.edu = ATHENA.MIT.EDU
-       .media.mit.edu = MEDIA-LAB.MIT.EDU
-       media.mit.edu = MEDIA-LAB.MIT.EDU
-       .ucsc.edu = CATS.UCSC.EDU
-
diff --git a/src/lib/kdb/verify_mky.c b/src/lib/kdb/verify_mky.c
deleted file mode 100644 (file)
index 452dc45..0000000
+++ /dev/null
@@ -1,81 +0,0 @@
-/*
- * lib/kdb/verify_mky.c
- *
- * Copyright 1990,1991 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- *   require a specific license from the United States Government.
- *   It is the responsibility of any person or organization contemplating
- *   export to obtain such a license before exporting.
- * 
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission.  Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose.  It is provided "as is" without express
- * or implied warranty.
- * 
- * 
- * krb5_db_verify_master_key();
- */
-
-#include "k5-int.h"
-
-/*
- * Verify that the master key in *mkey matches the database entry
- * for mprinc.
- */
-
-krb5_error_code
-krb5_db_verify_master_key(context, mprinc, mkey)
-    krb5_context context;
-    krb5_principal mprinc;
-    krb5_keyblock *mkey;
-{
-    krb5_error_code retval;
-    krb5_db_entry master_entry;
-    int nprinc;
-    krb5_boolean more;
-    krb5_keyblock tempkey;
-
-    nprinc = 1;
-    if ((retval = krb5_db_get_principal(context, mprinc,
-                                       &master_entry, &nprinc, &more)))
-       return(retval);
-       
-    if (nprinc != 1) {
-       if (nprinc)
-           krb5_db_free_principal(context, &master_entry, nprinc);
-       return(KRB5_KDB_NOMASTERKEY);
-    } else if (more) {
-       krb5_db_free_principal(context, &master_entry, nprinc);
-       return(KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE);
-    }  
-
-    if ((retval = krb5_dbekd_decrypt_key_data(context, mkey, 
-                                             &master_entry.key_data[0],
-                                             &tempkey, NULL))) {
-       krb5_db_free_principal(context, &master_entry, nprinc);
-       return retval;
-    }
-
-    if (mkey->length != tempkey.length ||
-       memcmp((char *)mkey->contents,
-              (char *)tempkey.contents,mkey->length)) {
-       retval = KRB5_KDB_BADMASTERKEY;
-    }
-
-    memset((char *)tempkey.contents, 0, tempkey.length);
-    krb5_xfree(tempkey.contents);
-    krb5_db_free_principal(context, &master_entry, nprinc);
-    
-    return retval;
-}
diff --git a/src/lib/krb5.saber.source b/src/lib/krb5.saber.source
deleted file mode 100644 (file)
index a4c374a..0000000
+++ /dev/null
@@ -1,18 +0,0 @@
-setopt load_flags  -I/usr/athena/include -I/u2/krb5/include -I/mit/krb5/src/include -DNARROW_PROTOTYPES
-load  /mit/krb5/src/lib/cryptoconf.c   /mit/krb5/src/lib/syslog.c  /mit/krb5/src/lib/strdup.c
-
-load         /mit/krb5/src/lib/krb/addr_comp.c  /mit/krb5/src/lib/krb/addr_order.c      /mit/krb5/src/lib/krb/addr_srch.c       /u2/krb5/lib/krb/bld_pr_ext.o /u2/krb5/lib/krb/bld_princ.o      /mit/krb5/src/lib/krb/conv_princ.c      /mit/krb5/src/lib/krb/copy_addrs.c      /mit/krb5/src/lib/krb/copy_auth.c       /mit/krb5/src/lib/krb/copy_athctr.c     /mit/krb5/src/lib/krb/copy_checksum.c  /mit/krb5/src/lib/krb/copy_creds.c       /mit/krb5/src/lib/krb/copy_data.c       /mit/krb5/src/lib/krb/copy_key.c        /mit/krb5/src/lib/krb/copy_princ.c      /mit/krb5/src/lib/krb/copy_tick.c       /mit/krb5/src/lib/krb/cp_key_cnt.c      /mit/krb5/src/lib/krb/decode_kdc.c      /mit/krb5/src/lib/krb/decrypt_tk.c      /mit/krb5/src/lib/krb/encode_kdc.c      /mit/krb5/src/lib/krb/encrypt_tk.c      /mit/krb5/src/lib/krb/free_rtree.c      /mit/krb5/src/lib/krb/faddr_ordr.c      /mit/krb5/src/lib/krb/gc_frm_kdc.c      /mit/krb5/src/lib/krb/gc_via_tgt.c      /mit/krb5/src/lib/krb/gc_2tgt.c         /mit/krb5/src/lib/krb/gen_seqnum.c      /mit/krb5/src/lib/krb/gen_subkey.c      /mit/krb5/src/lib/krb/get_creds.c       /mit/krb5/src/lib/krb/get_in_tkt.c      /mit/krb5/src/lib/krb/in_tkt_pwd.c      /mit/krb5/src/lib/krb/in_tkt_sky.c      /mit/krb5/src/lib/krb/kdc_rep_dc.c      /mit/krb5/src/lib/krb/krbconfig.c       /mit/krb5/src/lib/krb/mk_error.c        /mit/krb5/src/lib/krb/mk_priv.c         /mit/krb5/src/lib/krb/mk_rep.c  /mit/krb5/src/lib/krb/mk_req.c  /mit/krb5/src/lib/krb/mk_req_ext.c      /mit/krb5/src/lib/krb/mk_safe.c         /mit/krb5/src/lib/krb/parse.c   /mit/krb5/src/lib/krb/pr_to_salt.c      /mit/krb5/src/lib/krb/princ_comp.c      /mit/krb5/src/lib/krb/rd_error.c        /mit/krb5/src/lib/krb/rd_priv.c         /mit/krb5/src/lib/krb/rd_rep.c  /mit/krb5/src/lib/krb/rd_req.c  /mit/krb5/src/lib/krb/rd_req_sim.c      /mit/krb5/src/lib/krb/rd_req_dec.c      /mit/krb5/src/lib/krb/rd_safe.c         /mit/krb5/src/lib/krb/recvauth.c        /mit/krb5/src/lib/krb/sendauth.c        /mit/krb5/src/lib/krb/send_tgs.c        /mit/krb5/src/lib/krb/srv_rcache.c      /mit/krb5/src/lib/krb/tgtname.c         /mit/krb5/src/lib/krb/unparse.c         /mit/krb5/src/lib/krb/walk_rtree.c
-
-load -DPEPSY_LINKABLE_FUNCS   -I/usr/athena/include -I/u2/krb5/include -I/mit/krb5/src/include -DNARROW_PROTOTYPES  /u2/krb5/src/lib/asn.1/KRB5_tables.c        /mit/krb5/src/lib/asn.1/encode.c        /mit/krb5/src/lib/asn.1/decode.c        /mit/krb5/src/lib/asn.1/adat2kadat.c    /mit/krb5/src/lib/asn.1/addr2kaddr.c    /mit/krb5/src/lib/asn.1/adr2kadr.c      /mit/krb5/src/lib/asn.1/aprp2kaprp.c    /mit/krb5/src/lib/asn.1/aprq2kaprq.c    /mit/krb5/src/lib/asn.1/arep2karep.c    /mit/krb5/src/lib/asn.1/auth2kauth.c    /mit/krb5/src/lib/asn.1/cvt_flags.c     /mit/krb5/src/lib/asn.1/ck2kck.c        /mit/krb5/src/lib/asn.1/edat2kedat.c    /mit/krb5/src/lib/asn.1/ekrp2kekrp.c    /mit/krb5/src/lib/asn.1/enck2kkey.c     /mit/krb5/src/lib/asn.1/err2kerr.c      /mit/krb5/src/lib/asn.1/etpt2ketpt.c    /mit/krb5/src/lib/asn.1/g2unix.c        /mit/krb5/src/lib/asn.1/kadat2adat.c    /mit/krb5/src/lib/asn.1/kaddr2addr.c    /mit/krb5/src/lib/asn.1/kadr2adr.c      /mit/krb5/src/lib/asn.1/kaprp2aprp.c    /mit/krb5/src/lib/asn.1/kaprq2aprq.c    /mit/krb5/src/lib/asn.1/karep2arep.c    /mit/krb5/src/lib/asn.1/kauth2auth.c    /mit/krb5/src/lib/asn.1/kck2ck.c        /mit/krb5/src/lib/asn.1/kdcr2kkdcr.c    /mit/krb5/src/lib/asn.1/kdcr2ktgsr.c    /mit/krb5/src/lib/asn.1/kedat2edat.c    /mit/krb5/src/lib/asn.1/kekrp2ekrp.c    /mit/krb5/src/lib/asn.1/kerr2err.c      /mit/krb5/src/lib/asn.1/ketpt2etpt.c    /mit/krb5/src/lib/asn.1/kkdcr2kdcr.c    /mit/krb5/src/lib/asn.1/kkey2enck.c     /mit/krb5/src/lib/asn.1/klsrq2lsrq.c    /mit/krb5/src/lib/asn.1/kprep2prep.c    /mit/krb5/src/lib/asn.1/kprin2prin.c    /mit/krb5/src/lib/asn.1/kpriv2priv.c    /mit/krb5/src/lib/asn.1/ksafe2safe.c    /mit/krb5/src/lib/asn.1/ktran2tran.c    /mit/krb5/src/lib/asn.1/ktgrq2tgrq.c    /mit/krb5/src/lib/asn.1/ktgsr2kdcr.c    /mit/krb5/src/lib/asn.1/ktkt2tkt.c      /mit/krb5/src/lib/asn.1/lsrq2klsrq.c    /mit/krb5/src/lib/asn.1/prep2kprep.c    /mit/krb5/src/lib/asn.1/prin2kprin.c    /mit/krb5/src/lib/asn.1/priv2kpriv.c    /mit/krb5/src/lib/asn.1/qbuf2data.c     /mit/krb5/src/lib/asn.1/safe2ksafe.c    /mit/krb5/src/lib/asn.1/tran2ktran.c    /mit/krb5/src/lib/asn.1/tgrq2ktgrq.c    /mit/krb5/src/lib/asn.1/tkt2ktkt.c      /mit/krb5/src/lib/asn.1/u2gen.c         /mit/krb5/src/lib/asn.1/kasrp2kdcr.c    /mit/krb5/src/lib/asn.1/kpwd2pwd.c      /mit/krb5/src/lib/asn.1/kpwds2pwds.c    /mit/krb5/src/lib/asn.1/pwd2kpwd.c      /mit/krb5/src/lib/asn.1/pwds2kpwds.c
-
-load        /mit/krb5/src/lib/free/f_addr.c     /mit/krb5/src/lib/free/f_address.c      /mit/krb5/src/lib/free/f_arep_enc.c     /mit/krb5/src/lib/free/f_ap_rep.c       /mit/krb5/src/lib/free/f_ap_req.c       /mit/krb5/src/lib/free/f_authdata.c     /mit/krb5/src/lib/free/f_authent.c      /mit/krb5/src/lib/free/f_cksum.c        /mit/krb5/src/lib/free/f_creds.c        /mit/krb5/src/lib/free/f_cred_cnt.c     /mit/krb5/src/lib/free/f_enc_kdc.c      /mit/krb5/src/lib/free/f_enc_tkt.c      /mit/krb5/src/lib/free/f_error.c        /mit/krb5/src/lib/free/f_kdc_rep.c      /mit/krb5/src/lib/free/f_kdc_req.c      /mit/krb5/src/lib/free/f_keyblock.c     /mit/krb5/src/lib/free/f_last_req.c     /mit/krb5/src/lib/free/f_padata.c       /mit/krb5/src/lib/free/f_princ.c        /mit/krb5/src/lib/free/f_priv.c         /mit/krb5/src/lib/free/f_priv_enc.c     /mit/krb5/src/lib/free/f_safe.c         /mit/krb5/src/lib/free/f_ticket.c       /mit/krb5/src/lib/free/f_tickets.c      /mit/krb5/src/lib/free/f_tgt_cred.c     /mit/krb5/src/lib/free/f_tkt_auth.c
-
-load        /mit/krb5/src/lib/keytab/ktadd.c    /mit/krb5/src/lib/keytab/ktbase.c       /mit/krb5/src/lib/keytab/ktdefault.c    /mit/krb5/src/lib/keytab/ktfr_entry.c   /mit/krb5/src/lib/keytab/ktremove.c     /mit/krb5/src/lib/keytab/read_servi.c
-
-load   /mit/krb5/src/lib/keytab/file/ktf_add.c  /mit/krb5/src/lib/keytab/file/ktf_endget.c  /mit/krb5/src/lib/keytab/file/ktf_next.c  /mit/krb5/src/lib/keytab/file/ktf_resolv.c  /mit/krb5/src/lib/keytab/file/ktf_wops.c  /mit/krb5/src/lib/keytab/file/ktf_close.c  /mit/krb5/src/lib/keytab/file/ktf_get_en.c  /mit/krb5/src/lib/keytab/file/ktf_ops.c  /mit/krb5/src/lib/keytab/file/ktf_ssget.c  /mit/krb5/src/lib/keytab/file/ktf_wreslv.c  /mit/krb5/src/lib/keytab/file/ktf_defops.c  /mit/krb5/src/lib/keytab/file/ktf_get_na.c  /mit/krb5/src/lib/keytab/file/ktf_remove.c  /mit/krb5/src/lib/keytab/file/ktf_util.c
-
-load  /mit/krb5/src/lib/ccache/ccbase.c  /mit/krb5/src/lib/ccache/ccdefault.c  /mit/krb5/src/lib/ccache/ccdefops.c
-
-load     /mit/krb5/src/lib/ccache/file/fcc_close.c /mit/krb5/src/lib/ccache/file/fcc_destry.c /mit/krb5/src/lib/ccache/file/fcc_eseq.c  /mit/krb5/src/lib/ccache/file/fcc_gennew.c /mit/krb5/src/lib/ccache/file/fcc_getnam.c /mit/krb5/src/lib/ccache/file/fcc_gprin.c  /mit/krb5/src/lib/ccache/file/fcc_init.c /mit/krb5/src/lib/ccache/file/fcc_nseq.c /mit/krb5/src/lib/ccache/file/fcc_read.c       /mit/krb5/src/lib/ccache/file/fcc_reslv.c /mit/krb5/src/lib/ccache/file/fcc_retrv.c /mit/krb5/src/lib/ccache/file/fcc_sseq.c     /mit/krb5/src/lib/ccache/file/fcc_store.c /mit/krb5/src/lib/ccache/file/fcc_skip.c /mit/krb5/src/lib/ccache/file/fcc_ops.c       /mit/krb5/src/lib/ccache/file/fcc_write.c /mit/krb5/src/lib/ccache/file/fcc_sflags.c /mit/krb5/src/lib/ccache/file/fcc_defops.c  /mit/krb5/src/lib/ccache/file/fcc_errs.c /mit/krb5/src/lib/ccache/file/fcc_maybe.c
-
-load -I.    -I/usr/athena/include -I/u2/krb5/include -I/mit/krb5/src/include -DNARROW_PROTOTYPES      /mit/krb5/src/lib/rcache/rc_base.c        /mit/krb5/src/lib/rcache/rc_dfl.c       /mit/krb5/src/lib/rcache/rc_io.c        /mit/krb5/src/lib/rcache/rcdef.c        /mit/krb5/src/lib/rcache/rc_conv.c
index 8d2b01aa6aebda74dbc53c628560e3a6ccdabf50..2078bcab3bf5ba58c61149dcce594d3b604c380d 100644 (file)
@@ -1,3 +1,9 @@
+2005-06-20  Ken Raeburn  <raeburn@mit.edu>
+
+       Novell merge.
+       * Makefile.in:
+       * kdb5_mkdums.c:
+
 2004-05-24  Ezra Peisach  <epeisach@mit.edu>
 
        * kdb5_mkdums.c (main): Fix memory leak of master principal at exit. 
index c9042bd67950947b71b68b697bd0e8e8bb4a7963..6a566b827b71ca3cc081dbcc56a1692d32671f0f 100644 (file)
@@ -5,11 +5,12 @@ BUILDTOP=$(REL)..$(S)..
 PROG_LIBPATH=-L$(TOPLIBD)
 PROG_RPATH=$(KRB5_LIBDIR)
 SRCS=$(srcdir)/kdb5_mkdums.c
+KDB5_DEP_LIBS=-lpthread -ldl
 
 all:: kdb5_mkdums
 
 kdb5_mkdums: kdb5_mkdums.o $(KDB5_DEPLIBS) $(KRB5_BASE_DEPLIBS)
-       $(CC_LINK) -o kdb5_mkdums kdb5_mkdums.o $(KDB5_LIBS) $(KRB5_BASE_LIBS)
+       $(CC_LINK) -o kdb5_mkdums kdb5_mkdums.o $(KDB5_DEP_LIBS) $(KDB5_LIBS) $(KRB5_BASE_LIBS)
 
 all:: kdb5_mkdums
 
index 024664c8032d4a02875419438b57fadba83d3d4d..9d1799cfcd7227f0c087cfcbf91aebc9da5813aa 100644 (file)
@@ -323,7 +323,10 @@ add_princ(context, str_newprinc)
     fprintf(stdout, "Added %s to database\n", princ_name);
 
 error: /* Do cleanup of newentry regardless of error */
+#if 0
     krb5_dbe_free_contents(context, &newentry);
+#endif
+    krb5_db_free_principal(context, &newentry, 1);
     return;
 }
 
@@ -337,11 +340,13 @@ char *dbname;
     krb5_boolean more;
     krb5_data pwd, scratch;
 
+#if 0
     if ((retval = krb5_db_set_name(test_context, dbname))) {
        com_err(pname, retval, "while setting active database to '%s'",
                dbname);
        return(1);
     }
+#endif
     /* assemble & parse the master key name */
 
     if ((retval = krb5_db_setup_mkey_name(test_context, mkey_name, cur_realm, 
@@ -375,7 +380,10 @@ char *dbname;
            return(1);
        }
     }
+#if 0
     if ((retval = krb5_db_init(test_context))) {
+#endif
+    if ((retval = krb5_db_open(test_context, NULL, KRB5_KDB_OPEN_RO))) {
        com_err(pname, retval, "while initializing database");
        return(1);
     }
index c978b272d01f5249696fe76f62638f83dead5260..61b7357aa29b0090125e80c449a4f8615f114a70 100644 (file)
@@ -1,3 +1,9 @@
+2005-06-20  Ken Raeburn  <raeburn@mit.edu>
+
+       Novell merge.
+       * Makefile.in:
+       * kdb5_verify.c:
+
 2002-08-29  Ken Raeburn  <raeburn@mit.edu>
 
        * Makefile.in: Revert $(S)=>/ change, for Windows support.
index 249e70e6be85842a180517613982ecec61b19a83..0444803c04548811b550d26be1d05a61ddfe7d3c 100644 (file)
@@ -4,13 +4,14 @@ mydir=verify
 BUILDTOP=$(REL)..$(S)..
 PROG_LIBPATH=-L$(TOPLIBD)
 PROG_RPATH=$(KRB5_LIBDIR)
+KDB5_DEP_LIB=-lpthread -ldl
 
 SRCS=$(srcdir)/kdb5_verify.c
 
 all:: kdb5_verify
 
 kdb5_verify: kdb5_verify.o $(KDB5_DEPLIBS) $(KRB5_BASE_DEPLIBS)
-       $(CC_LINK) -o kdb5_verify kdb5_verify.o $(KDB5_LIBS) $(KRB5_BASE_LIBS)
+       $(CC_LINK) -o kdb5_verify kdb5_verify.o $(KDB5_LIBS) $(KDB5_DEP_LIB) $(KRB5_BASE_LIBS)
 
 install::
 
index 878104d0a7fd7cf615690f9d8745ca7990b9c0d7..60c082f4663f132518fc0a037afec3f3c3b21218 100644 (file)
@@ -361,11 +361,14 @@ set_dbname_help(context, pname, dbname)
     krb5_boolean more;
     krb5_data pwd, scratch;
 
+#if 0
     if ((retval = krb5_db_set_name(context, dbname))) {
        com_err(pname, retval, "while setting active database to '%s'",
                dbname);
        return(1);
     }
+#endif
+
     /* assemble & parse the master key name */
 
     if ((retval = krb5_db_setup_mkey_name(context, mkey_name, cur_realm, 0,
@@ -397,7 +400,7 @@ set_dbname_help(context, pname, dbname)
            return(1);
        }
     }
-    if ((retval = krb5_db_init(context ))) {
+    if ((retval = krb5_db_open(context, NULL, KRB5_KDB_OPEN_RO))) {
        com_err(pname, retval, "while initializing database");
        return(1);
     }