From: Ken Raeburn Date: Thu, 12 Oct 2006 02:39:14 +0000 (+0000) Subject: Another patch from Will Fiveash, to make "kdb5_util load " X-Git-Tag: krb5-1.6-alpha1~72 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=1701b402682dea7f3d943f2d3e2727b449b0e4a7;p=krb5.git Another patch from Will Fiveash, to make "kdb5_util load " work with the LDAP KDB back end, in simple cases (all entries stored under the krbcontainer entry). git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18690 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/src/kadmin/dbutil/dump.c b/src/kadmin/dbutil/dump.c index 2f7c4bc37..12b6a46ef 100644 --- a/src/kadmin/dbutil/dump.c +++ b/src/kadmin/dbutil/dump.c @@ -1603,6 +1603,12 @@ process_k5beta_record(fname, kcontext, filep, verbose, linenop) && (akey->key_data_type[1] == 0) && (akey->key_data_length[1] == 0)) dbent.n_key_data--; + + dbent.mask = KADM5_PRINCIPAL | KADM5_ATTRIBUTES | + KADM5_MAX_LIFE | KADM5_MAX_RLIFE | KADM5_KEY_DATA | + KADM5_PRINC_EXPIRE_TIME | KADM5_LAST_SUCCESS | + KADM5_LAST_FAILED | KADM5_FAIL_AUTH_COUNT; + if ((kret = krb5_db_put_principal(kcontext, &dbent, &one)) || @@ -1752,6 +1758,10 @@ process_k5beta6_record(fname, kcontext, filep, verbose, linenop) dbentry.last_success = (krb5_timestamp) t7; dbentry.last_failed = (krb5_timestamp) t8; dbentry.fail_auth_count = (krb5_kvno) t9; + dbentry.mask = KADM5_PRINCIPAL | KADM5_ATTRIBUTES | + KADM5_MAX_LIFE | KADM5_MAX_RLIFE | + KADM5_PRINC_EXPIRE_TIME | KADM5_LAST_SUCCESS | + KADM5_LAST_FAILED | KADM5_FAIL_AUTH_COUNT; } else { try2read = read_nint_data; error++; @@ -1783,6 +1793,30 @@ process_k5beta6_record(fname, kcontext, filep, verbose, linenop) error++; break; } + /* test to set mask fields */ + if (t1 == KRB5_TL_KADM_DATA) { + XDR xdrs; + osa_princ_ent_rec osa_princ_ent; + + /* + * Assuming aux_attributes will always be + * there + */ + dbentry.mask |= KADM5_AUX_ATTRIBUTES; + + /* test for an actual policy reference */ + memset(&osa_princ_ent, 0, sizeof(osa_princ_ent)); + xdrmem_create(&xdrs, (char *)tl->tl_data_contents, + tl->tl_data_length, XDR_DECODE); + if (xdr_osa_princ_ent_rec(&xdrs, &osa_princ_ent) && + (osa_princ_ent.aux_attributes & KADM5_POLICY) && + osa_princ_ent.policy != NULL) { + + dbentry.mask |= KADM5_POLICY; + kdb_free_entry(NULL, NULL, &osa_princ_ent); + } + xdr_destroy(&xdrs); + } } else { /* Should be a null field */ @@ -1800,6 +1834,8 @@ process_k5beta6_record(fname, kcontext, filep, verbose, linenop) break; } } + if (!error) + dbentry.mask |= KADM5_TL_DATA; } /* Get the key data */ @@ -1846,6 +1882,8 @@ process_k5beta6_record(fname, kcontext, filep, verbose, linenop) } } } + if (!error) + dbentry.mask |= KADM5_KEY_DATA; } /* Get the extra data */ @@ -2093,6 +2131,7 @@ load_db(argc, argv) int update, verbose; krb5_int32 crflags; int aindex; + int db_locked = 0; /* * Parse the arguments. @@ -2259,16 +2298,17 @@ load_db(argc, argv) return; } } - else - /* - * Initialize the database. - */ - if ((kret = krb5_db_open(kcontext, db5util_db_args, - KRB5_KDB_OPEN_RW | KRB5_KDB_SRV_TYPE_OTHER))) { - fprintf(stderr, dbinit_err_fmt, - programname, error_message(kret)); - exit_status++; - goto error; + else { + /* + * Initialize the database. + */ + if ((kret = krb5_db_open(kcontext, db5util_db_args, + KRB5_KDB_OPEN_RW | KRB5_KDB_SRV_TYPE_OTHER))) { + fprintf(stderr, dbinit_err_fmt, + programname, error_message(kret)); + exit_status++; + goto error; + } } @@ -2277,11 +2317,19 @@ load_db(argc, argv) * the update fails. */ if ((kret = krb5_db_lock(kcontext, update?KRB5_DB_LOCKMODE_PERMANENT: KRB5_DB_LOCKMODE_EXCLUSIVE))) { - fprintf(stderr, "%s: %s while permanently locking database\n", - programname, error_message(kret)); - exit_status++; - goto error; + /* + * Ignore a not supported error since there is nothing to do about it + * anyway. + */ + if (kret != KRB5_PLUGIN_OP_NOTSUPP) { + fprintf(stderr, "%s: %s while permanently locking database\n", + programname, error_message(kret)); + exit_status++; + goto error; + } } + else + db_locked = 1; if (restore_dump(programname, kcontext, (dumpfile) ? dumpfile : stdin_name, f, verbose, load)) { @@ -2296,7 +2344,7 @@ load_db(argc, argv) exit_status++; } - if ((kret = krb5_db_unlock(kcontext))) { + if (db_locked && (kret = krb5_db_unlock(kcontext))) { /* change this error? */ fprintf(stderr, dbunlockerr_fmt, programname, dbname, error_message(kret)); @@ -2313,12 +2361,17 @@ load_db(argc, argv) /* close policy db below */ - if (exit_status == 0 - && !update - && (kret = krb5_db_promote(kcontext, db5util_db_args))) { - fprintf(stderr, "%s: cannot make newly loaded database live (%s)\n", - programname, error_message(kret)); - exit_status++; + if (exit_status == 0 && !update) { + kret = krb5_db_promote(kcontext, db5util_db_args); + /* + * Ignore a not supported error since there is nothing to do about it + * anyway. + */ + if (kret != 0 && kret != KRB5_PLUGIN_OP_NOTSUPP) { + fprintf(stderr, "%s: cannot make newly loaded database live (%s)\n", + programname, error_message(kret)); + exit_status++; + } } error: @@ -2330,7 +2383,12 @@ error: */ if (!update) { if (exit_status) { - if ((kret = krb5_db_destroy(kcontext, db5util_db_args))) { + kret = krb5_db_destroy(kcontext, db5util_db_args); + /* + * Ignore a not supported error since there is nothing to do about + * it anyway. + */ + if (kret != 0 && kret != KRB5_PLUGIN_OP_NOTSUPP) { fprintf(stderr, dbdelerr_fmt, programname, dbname, error_message(kret)); exit_status++; diff --git a/src/lib/kdb/kdb_default.c b/src/lib/kdb/kdb_default.c index 9c74fb005..34e8dc047 100644 --- a/src/lib/kdb/kdb_default.c +++ b/src/lib/kdb/kdb_default.c @@ -321,20 +321,20 @@ krb5_error_code kdb_def_set_mkey ( krb5_context kcontext, char *pwd, krb5_keyblock *key ) { - printf("default set master key\n"); + /* printf("default set master key\n"); */ return 0; } krb5_error_code kdb_def_get_mkey ( krb5_context kcontext, krb5_keyblock **key ) { - printf("default get master key\n"); + /* printf("default get master key\n"); */ return 0; } krb5_error_code krb5_def_promote_db (krb5_context kcontext, char *s, char **args) { - printf("default promote_db\n"); - return EINVAL; + /* printf("default promote_db\n"); */ + return KRB5_PLUGIN_OP_NOTSUPP; } diff --git a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c index 236ff190b..5aed96237 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c +++ b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c @@ -374,9 +374,10 @@ krb5_error_code krb5_ldap_open(krb5_context context, sprintf(ldap_context->root_certificate_file,"%s %s", oldstr, val); free (oldstr); } - } - /* ignore hash argument. Might have been passed from create */ - else { + } else if (opt && !strcmp(opt, "temporary")) { + /* ignore temporary argument, it is a kdb5_util arg meant for db2 */ + } else { + /* ignore hash argument. Might have been passed from create */ status = EINVAL; krb5_set_error_message (context, status, "unknown option \'%s\'", opt?opt:val); diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c index d4b73c37b..54f0576ae 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c +++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c @@ -218,9 +218,10 @@ krb5_ldap_create (krb5_context context, char *conf_section, char **db_args) sprintf(ldap_context->root_certificate_file,"%s %s", oldstr, val); free (oldstr); } - } + } else if (opt && !strcmp(opt, "temporary")) { + /* ignore temporary argument, it is a kdb5_util arg meant for db2 */ + } else { /* ignore hash argument. Might have been passed from create */ - else { status = EINVAL; krb5_set_error_message (context, status, "unknown option \'%s\'", opt?opt:val);