From f72c3ffaca4600d4e75282857ce4dda11106d5e7 Mon Sep 17 00:00:00 2001 From: Ken Raeburn Date: Tue, 21 Jun 2005 01:36:03 +0000 Subject: [PATCH] Novell Database Abstraction Layer merge. Will probably break things. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17258 dc483132-0cff-0310-8789-dd5450dbe970 --- src/ChangeLog | 4 + src/aclocal.m4 | 1 + src/include/krb5/ChangeLog | 8 + src/include/krb5/Makefile.in | 5 +- src/include/krb5/adm.h | 5 - src/include/krb5/adm_proto.h | 4 +- src/include/krb5/kdb.h | 428 ++-- src/include/krb5/stock/ChangeLog | 5 + src/include/krb5/stock/osconf.h | 1 + src/kadmin/cli/ChangeLog | 6 + src/kadmin/cli/Makefile.in | 3 +- src/kadmin/cli/kadmin.c | 192 +- src/kadmin/dbutil/ChangeLog | 13 + src/kadmin/dbutil/Makefile.in | 12 +- src/kadmin/dbutil/dump.c | 245 +- src/kadmin/dbutil/kadm5_create.c | 9 +- src/kadmin/dbutil/kdb5_create.c | 66 +- src/kadmin/dbutil/kdb5_destroy.c | 29 +- src/kadmin/dbutil/kdb5_stash.c | 27 +- src/kadmin/dbutil/kdb5_util.c | 107 +- src/kadmin/dbutil/kdb5_util.h | 5 +- src/kadmin/dbutil/ovload.c | 12 +- src/kadmin/passwd/ChangeLog | 5 + src/kadmin/passwd/kpasswd.c | 1 + src/kadmin/server/ChangeLog | 8 + src/kadmin/server/Makefile.in | 3 +- src/kadmin/server/misc.c | 6 +- src/kadmin/server/ovsec_kadmd.c | 75 +- src/kadmin/server/server_stubs.c | 637 ++++- src/kadmin/testing/util/ChangeLog | 7 + src/kadmin/testing/util/Makefile.in | 15 +- src/kadmin/testing/util/tcl_kadm5.c | 5 +- src/kadmin/testing/util/tcl_ovsec_kadm.c | 3 +- src/kdc/ChangeLog | 6 + src/kdc/Makefile.in | 5 +- src/kdc/main.c | 111 +- src/krb524/ChangeLog | 6 + src/krb524/Makefile.in | 14 +- src/krb524/krb524d.c | 2 +- src/lib/ChangeLog | 7 + src/lib/Makefile.in | 2 +- src/lib/kadm5/ChangeLog | 13 + src/lib/kadm5/Makefile.in | 40 +- src/lib/kadm5/admin.h | 13 +- src/lib/kadm5/admin_xdr.h | 3 + src/lib/kadm5/clnt/ChangeLog | 11 + src/lib/kadm5/clnt/Makefile.in | 47 +- src/lib/kadm5/clnt/client_init.c | 16 +- src/lib/kadm5/clnt/client_principal.c | 20 + src/lib/kadm5/clnt/clnt_policy.c | 24 + src/lib/kadm5/clnt/clnt_privs.c | 15 + src/lib/kadm5/clnt/err_handle.c | 185 ++ src/lib/kadm5/clnt/err_handle.h | 32 + src/lib/kadm5/kadm_err.et | 1 + src/lib/kadm5/kadm_rpc.h | 7 + src/lib/kadm5/kadm_rpc_xdr.c | 92 +- src/lib/kadm5/ovsec_glue.c | 9 +- src/lib/kadm5/server_internal.h | 26 +- src/lib/kadm5/srv/ChangeLog | 15 + src/lib/kadm5/srv/Makefile.in | 140 +- src/lib/kadm5/srv/adb_free.c | 85 - src/lib/kadm5/srv/adb_xdr.c | 44 +- src/lib/kadm5/srv/server_init.c | 131 +- src/lib/kadm5/srv/server_kdb.c | 14 +- src/lib/kadm5/srv/server_misc.c | 19 +- src/lib/kadm5/srv/svr_iters.c | 9 +- src/lib/kadm5/srv/svr_policy.c | 80 +- src/lib/kadm5/srv/svr_principal.c | 300 ++- src/lib/kadm5/unit-test/ChangeLog | 12 + src/lib/kadm5/unit-test/Makefile.in | 11 +- src/lib/kadm5/unit-test/destroy-test.c | 2 +- src/lib/kadm5/unit-test/handle-test.c | 2 +- src/lib/kadm5/unit-test/init-test.c | 2 +- src/lib/kadm5/unit-test/iter-test.c | 2 +- src/lib/kadm5/unit-test/lock-test.c | 38 +- src/lib/kadm5/unit-test/randkey-test.c | 2 +- src/lib/kadm5/unit-test/setkey-test.c | 2 +- src/lib/kdb/ChangeLog | 27 + src/lib/kdb/Makefile.in | 100 +- src/lib/{kadm5 => kdb}/adb_err.et | 0 src/lib/kdb/configure.in | 4 +- src/lib/kdb/decrypt_key.c | 11 +- src/lib/kdb/encrypt_key.c | 13 +- src/lib/kdb/err_handle.c | 193 ++ src/lib/kdb/err_handle.h | 32 + src/lib/kdb/fetch_mkey.c | 182 -- src/lib/kdb/kdb5.c | 2051 +++++++++++++++++ src/lib/kdb/kdb5.h | 219 ++ src/lib/kdb/kdb_cpw.c | 126 +- src/lib/kdb/kdb_db2/ChangeLog | 17 + src/lib/kdb/kdb_db2/Makefile.in | 150 ++ .../srv => kdb/kdb_db2}/adb_openclose.c | 46 +- .../{kadm5/srv => kdb/kdb_db2}/adb_policy.c | 83 +- src/lib/kdb/kdb_db2/configure.in | 22 + src/lib/kdb/kdb_db2/db2_exp.c | 64 + src/lib/kdb/{ => kdb_db2}/kdb_compat.h | 0 src/lib/kdb/{ => kdb_db2}/kdb_db2.c | 672 +++++- src/lib/kdb/{ => kdb_db2}/kdb_db2.h | 138 +- src/lib/kdb/{ => kdb_db2}/kdb_xdr.c | 2 + src/lib/kdb/kdb_db2/kdb_xdr.h | 32 + src/lib/kdb/kdb_db2/libkdb_db2.exports | 1 + src/lib/kdb/kdb_db2/pol_xdr.c | 88 + src/lib/kdb/kdb_db2/policy_db.h | 87 + src/lib/kdb/kdb_default.c | 329 +++ src/lib/kdb/keytab.c | 13 +- src/lib/kdb/libkdb5.exports | 13 + src/lib/kdb/setup_mkey.c | 74 - src/lib/kdb/store_mkey.c | 106 - src/lib/kdb/t_kdb.c | 1091 --------- src/lib/kdb/t_krb5.conf | 29 - src/lib/kdb/verify_mky.c | 81 - src/lib/krb5.saber.source | 18 - src/tests/create/ChangeLog | 6 + src/tests/create/Makefile.in | 3 +- src/tests/create/kdb5_mkdums.c | 8 + src/tests/verify/ChangeLog | 6 + src/tests/verify/Makefile.in | 3 +- src/tests/verify/kdb5_verify.c | 5 +- 118 files changed, 6793 insertions(+), 2921 deletions(-) create mode 100644 src/lib/kadm5/clnt/err_handle.c create mode 100644 src/lib/kadm5/clnt/err_handle.h delete mode 100644 src/lib/kadm5/srv/adb_free.c rename src/lib/{kadm5 => kdb}/adb_err.et (100%) create mode 100644 src/lib/kdb/err_handle.c create mode 100644 src/lib/kdb/err_handle.h delete mode 100644 src/lib/kdb/fetch_mkey.c create mode 100644 src/lib/kdb/kdb5.c create mode 100644 src/lib/kdb/kdb5.h create mode 100644 src/lib/kdb/kdb_db2/ChangeLog create mode 100644 src/lib/kdb/kdb_db2/Makefile.in rename src/lib/{kadm5/srv => kdb/kdb_db2}/adb_openclose.c (89%) rename src/lib/{kadm5/srv => kdb/kdb_db2}/adb_policy.c (82%) create mode 100644 src/lib/kdb/kdb_db2/configure.in create mode 100644 src/lib/kdb/kdb_db2/db2_exp.c rename src/lib/kdb/{ => kdb_db2}/kdb_compat.h (100%) rename src/lib/kdb/{ => kdb_db2}/kdb_db2.c (68%) rename src/lib/kdb/{ => kdb_db2}/kdb_db2.h (58%) rename src/lib/kdb/{ => kdb_db2}/kdb_xdr.c (99%) create mode 100644 src/lib/kdb/kdb_db2/kdb_xdr.h create mode 100644 src/lib/kdb/kdb_db2/libkdb_db2.exports create mode 100644 src/lib/kdb/kdb_db2/pol_xdr.c create mode 100644 src/lib/kdb/kdb_db2/policy_db.h create mode 100644 src/lib/kdb/kdb_default.c delete mode 100644 src/lib/kdb/setup_mkey.c delete mode 100644 src/lib/kdb/store_mkey.c delete mode 100644 src/lib/kdb/t_kdb.c delete mode 100644 src/lib/kdb/t_krb5.conf delete mode 100644 src/lib/kdb/verify_mky.c delete mode 100644 src/lib/krb5.saber.source diff --git a/src/ChangeLog b/src/ChangeLog index 77a2e7d79..3731851e3 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,3 +1,7 @@ +2005-06-20 Ken Raeburn + + * aclocal.m4: Novell merge. + 2005-06-14 Ken Raeburn * configure.in: Check for endian.h. diff --git a/src/aclocal.m4 b/src/aclocal.m4 index cc31641b8..f3491d220 100644 --- a/src/aclocal.m4 +++ b/src/aclocal.m4 @@ -1229,6 +1229,7 @@ else OBJLISTS=OBJS.ST LIBINSTLIST=install-static DEPLIBEXT=$STLIBEXT + CFLAGS="$CFLAGS -D_KDB5_STATIC_LINK" fi # Check whether to build shared libraries. diff --git a/src/include/krb5/ChangeLog b/src/include/krb5/ChangeLog index 8983c767a..c53c92bbf 100644 --- a/src/include/krb5/ChangeLog +++ b/src/include/krb5/ChangeLog @@ -1,3 +1,11 @@ +2005-06-20 Ken Raeburn + + Novell merge. + * Makefile.in: + * adm.h: + * adm_proto.h: + * kdb.h: + 2005-05-13 Ken Raeburn * Makefile.in (thisconfigdir, mydir): Updated for configure diff --git a/src/include/krb5/Makefile.in b/src/include/krb5/Makefile.in index d45d9bfbc..1b8490091 100644 --- a/src/include/krb5/Makefile.in +++ b/src/include/krb5/Makefile.in @@ -41,10 +41,13 @@ SYSCONFDIR = @sysconfdir@ LOCALSTATEDIR = @localstatedir@ BINDIR = @bindir@ SBINDIR = @sbindir@ +LIBDIR = @libdir@ + PROCESS_REPLACE = -e "s+@KRB5RCTMPDIR+$(KRB5RCTMPDIR)+" \ -e "s+@PREFIX+$(INSTALL_PREFIX)+" \ -e "s+@EXEC_PREFIX+$(INSTALL_EXEC_PREFIX)+" \ -e "s+@BINDIR+$(BINDIR)+" \ + -e "s+@LIBDIR+$(LIBDIR)+" \ -e "s+@SBINDIR+$(SBINDIR)+" \ -e 's+@LOCALSTATEDIR+$(LOCALSTATEDIR)+' \ -e 's+@SYSCONFDIR+$(SYSCONFDIR)+' @@ -66,6 +69,6 @@ clean:: $(RM) osconf.new $(BUILT_HEADERS) clean-unix:: - $(RM) $(ET_HEADERS) autoconf.h autoconf.stamp + $(RM) $(ET_HEADERS) autoconf.stamp clean-windows:: $(RM) osconf.h autoconf.h autoconf.stamp diff --git a/src/include/krb5/adm.h b/src/include/krb5/adm.h index d7238ace5..86798a830 100644 --- a/src/include/krb5/adm.h +++ b/src/include/krb5/adm.h @@ -186,11 +186,6 @@ #define KRB5_ADM_KT_KEY_KEY 4 #define KRB5_ADM_KT_NCOMPS 5 -typedef struct __krb5_key_salt_tuple { - krb5_enctype ks_enctype; - krb5_int32 ks_salttype; -} krb5_key_salt_tuple; - /* * Data structure returned by krb5_read_realm_params() */ diff --git a/src/include/krb5/adm_proto.h b/src/include/krb5/adm_proto.h index 76e5effaf..511547903 100644 --- a/src/include/krb5/adm_proto.h +++ b/src/include/krb5/adm_proto.h @@ -44,10 +44,12 @@ typedef struct _krb5_db_entry krb5_db_entry; #if !defined(KRB5_ADM_H__) && !defined(__KADM5_ADMIN_H__) struct ___krb5_realm_params; typedef struct ___krb5_realm_params krb5_realm_params; +#endif /* KRB5_ADM_H__ */ +#ifndef KRB5_KDB5__ struct ___krb5_key_salt_tuple; typedef struct ___krb5_key_salt_tuple krb5_key_salt_tuple; -#endif /* KRB5_ADM_H__ */ +#endif /* KRB5_KDB5__ */ /* * Function prototypes. diff --git a/src/include/krb5/kdb.h b/src/include/krb5/kdb.h index fbe2d21ba..c93ac96c4 100644 --- a/src/include/krb5/kdb.h +++ b/src/include/krb5/kdb.h @@ -140,6 +140,25 @@ typedef struct _krb5_db_entry_new { krb5_key_data * key_data; /* Array */ } krb5_db_entry; +typedef struct _osa_policy_ent_t { + int version; + char *name; + krb5_ui_4 pw_min_life; + krb5_ui_4 pw_max_life; + krb5_ui_4 pw_min_length; + krb5_ui_4 pw_min_classes; + krb5_ui_4 pw_history_num; + krb5_ui_4 policy_refcnt; +} osa_policy_ent_rec, *osa_policy_ent_t; + +typedef void (*osa_adb_iter_policy_func) (void *, osa_policy_ent_t); + +typedef struct __krb5_key_salt_tuple { + krb5_enctype ks_enctype; + krb5_int32 ks_salttype; +} krb5_key_salt_tuple; + + #define KRB5_KDB_MAGIC_NUMBER 0xdbdbdbdb #define KRB5_KDB_V1_BASE_LENGTH 38 @@ -150,6 +169,7 @@ typedef struct _krb5_db_entry_new { #define KRB5_TL_RB1_CHALLENGE 0x0005 #ifdef SECURID #define KRB5_TL_SECURID_STATE 0x0006 +#define KRB5_TL_DB_ARGS 0x7fff #endif /* SECURID */ /* @@ -165,6 +185,7 @@ typedef struct _krb5_db_entry_new { #define KRB5_KDC_MKEY_1 "Enter KDC database master key" #define KRB5_KDC_MKEY_2 "Re-enter KDC database master key to verify" + extern char *krb5_mkey_pwd_prompt1; extern char *krb5_mkey_pwd_prompt2; @@ -194,140 +215,283 @@ extern char *krb5_mkey_pwd_prompt2; (cp)[3] = (unsigned char) (((i32) >> 24) & 0xff); \ } +#define KRB5_KDB_OPEN_RW 0 +#define KRB5_KDB_OPEN_RO 1 + +#define KRB5_KDB_OPT_SET_DB_NAME 0 +#define KRB5_KDB_OPT_SET_LOCK_MODE 1 + +#define KRB5_DB_LOCKMODE_SHARED 0x0001 +#define KRB5_DB_LOCKMODE_EXCLUSIVE 0x0002 +#define KRB5_DB_LOCKMODE_DONTBLOCK 0x0004 +#define KRB5_DB_LOCKMODE_PERMANENT 0x0008 + /* libkdb.spec */ -krb5_error_code krb5_db_set_name (krb5_context, char * ); -krb5_error_code krb5_db_init (krb5_context); -krb5_error_code krb5_db_fini (krb5_context); -krb5_error_code krb5_db_get_age (krb5_context, char *, time_t * ); -krb5_error_code krb5_db_create (krb5_context, char *, krb5_int32 ); -krb5_error_code krb5_db_rename (krb5_context, char *, char * ); -krb5_error_code krb5_db_get_principal (krb5_context, krb5_const_principal , - krb5_db_entry *, int *, - krb5_boolean * ); -void krb5_db_free_principal (krb5_context, krb5_db_entry *, int ); -krb5_error_code krb5_db_put_principal (krb5_context, krb5_db_entry *, int * ); -krb5_error_code krb5_db_delete_principal (krb5_context, krb5_const_principal, - int * ); -krb5_error_code krb5_db_iterate (krb5_context, - krb5_error_code (* ) (krb5_pointer, - krb5_db_entry *), - krb5_pointer); -krb5_error_code krb5_db_iterate_ext (krb5_context, - krb5_error_code (* ) (krb5_pointer, - krb5_db_entry *), - krb5_pointer, int, int); -krb5_error_code krb5_db_verify_master_key (krb5_context, krb5_principal, - krb5_keyblock *); -krb5_error_code krb5_db_store_mkey (krb5_context, char *, krb5_principal, - krb5_keyblock *); - -krb5_error_code krb5_db_setup_mkey_name (krb5_context, const char *, - const char *, char **, - krb5_principal *); - -krb5_error_code krb5_db_set_mkey (krb5_context, krb5_keyblock *); - -krb5_error_code krb5_db_get_mkey (krb5_context, krb5_keyblock **); -krb5_error_code krb5_db_destroy (krb5_context, char * ); -krb5_error_code krb5_db_lock (krb5_context, int ); -krb5_error_code krb5_db_unlock (krb5_context); -krb5_error_code krb5_db_set_nonblocking (krb5_context, krb5_boolean, - krb5_boolean * ); -krb5_boolean krb5_db_set_lockmode (krb5_context, krb5_boolean); -krb5_error_code krb5_db_fetch_mkey (krb5_context, krb5_principal, krb5_enctype, - krb5_boolean, krb5_boolean, char *, - krb5_data *, - krb5_keyblock * ); - -krb5_error_code krb5_db_open_database (krb5_context); -krb5_error_code krb5_db_close_database (krb5_context); - -krb5_error_code krb5_dbekd_encrypt_key_data (krb5_context, - const krb5_keyblock *, - const krb5_keyblock *, - const krb5_keysalt *, - int, - krb5_key_data *); -krb5_error_code krb5_dbekd_decrypt_key_data (krb5_context, - const krb5_keyblock *, - const krb5_key_data *, - krb5_keyblock *, - krb5_keysalt *); -krb5_error_code krb5_dbe_create_key_data (krb5_context, - krb5_db_entry *); -krb5_error_code krb5_dbe_update_tl_data (krb5_context, - krb5_db_entry *, - krb5_tl_data *); -krb5_error_code krb5_dbe_lookup_tl_data (krb5_context, - krb5_db_entry *, - krb5_tl_data *); -krb5_error_code krb5_dbe_update_last_pwd_change (krb5_context, - krb5_db_entry *, - krb5_timestamp); -krb5_error_code krb5_dbe_lookup_last_pwd_change (krb5_context, - krb5_db_entry *, - krb5_timestamp *); -krb5_error_code krb5_dbe_update_mod_princ_data (krb5_context, - krb5_db_entry *, - krb5_timestamp, - krb5_const_principal); -krb5_error_code krb5_dbe_lookup_mod_princ_data (krb5_context, - krb5_db_entry *, - krb5_timestamp *, - krb5_principal *); -int krb5_encode_princ_dbkey (krb5_context, krb5_data *, krb5_const_principal); -void krb5_free_princ_dbkey (krb5_context, krb5_data *); -krb5_error_code krb5_encode_princ_contents (krb5_context, krb5_data *, - krb5_db_entry *); -void krb5_free_princ_contents (krb5_context, krb5_data *); -krb5_error_code krb5_decode_princ_contents (krb5_context, krb5_data *, - krb5_db_entry *); -void krb5_dbe_free_contents (krb5_context, krb5_db_entry *); - -krb5_error_code krb5_dbe_find_enctype (krb5_context, krb5_db_entry *, - krb5_int32, - krb5_int32, - krb5_int32, - krb5_key_data **); - -krb5_error_code krb5_dbe_search_enctype (krb5_context, - krb5_db_entry *, - krb5_int32 *, - krb5_int32, - krb5_int32, - krb5_int32, - krb5_key_data **); - -struct __krb5_key_salt_tuple; - -krb5_error_code krb5_dbe_cpw (krb5_context, - krb5_keyblock *, - struct __krb5_key_salt_tuple *, - int, - char *, - int, - krb5_boolean, - krb5_db_entry *); -krb5_error_code krb5_dbe_apw (krb5_context, - krb5_keyblock *, - struct __krb5_key_salt_tuple *, - int, - char *, - krb5_db_entry *); -krb5_error_code krb5_dbe_crk (krb5_context, - krb5_keyblock *, - struct __krb5_key_salt_tuple *, - int, - krb5_boolean, - krb5_db_entry *); -krb5_error_code krb5_dbe_ark (krb5_context, - krb5_keyblock *, - struct __krb5_key_salt_tuple *, - int, - krb5_db_entry *); - -krb5_error_code krb5_ser_db_context_init (krb5_context); +krb5_error_code krb5_db_open( krb5_context kcontext, char **db_args, int mode ); +krb5_error_code krb5_db_init ( krb5_context kcontext ); +krb5_error_code krb5_db_create ( krb5_context kcontext, char **db_args ); +krb5_error_code krb5_db_inited ( krb5_context kcontext ); +krb5_error_code kdb5_db_create ( krb5_context kcontext, char **db_args ); +krb5_error_code krb5_db_fini ( krb5_context kcontext ); +const char * krb5_db_errcode2string ( krb5_context kcontext, long err_code ); +krb5_error_code krb5_db_destroy ( krb5_context kcontext, char **db_args ); +krb5_error_code krb5_db_get_age ( krb5_context kcontext, char *db_name, time_t *t ); +krb5_error_code krb5_db_set_option ( krb5_context kcontext, int option, void *value ); +krb5_error_code krb5_db_lock ( krb5_context kcontext, int lock_mode ); +krb5_error_code krb5_db_unlock ( krb5_context kcontext ); +krb5_error_code krb5_db_get_principal ( krb5_context kcontext, + krb5_const_principal search_for, + krb5_db_entry *entries, + int *nentries, + krb5_boolean *more ); +krb5_error_code krb5_db_free_principal ( krb5_context kcontext, + krb5_db_entry *entry, + int count ); +krb5_error_code krb5_db_put_principal ( krb5_context kcontext, + krb5_db_entry *entries, + int *nentries); +krb5_error_code krb5_db_delete_principal ( krb5_context kcontext, + krb5_principal search_for, + int *nentries ); +krb5_error_code krb5_db_iterate ( krb5_context kcontext, + char *match_entry, + int (*func) (krb5_pointer, krb5_db_entry *), + krb5_pointer func_arg ); +krb5_error_code krb5_supported_realms ( krb5_context kcontext, + char **realms ); +krb5_error_code krb5_free_supported_realms ( krb5_context kcontext, + char **realms ); +krb5_error_code krb5_db_set_master_key_ext ( krb5_context kcontext, + char *pwd, + krb5_keyblock *key ); +krb5_error_code krb5_db_set_mkey ( krb5_context context, + krb5_keyblock *key); +krb5_error_code krb5_db_get_mkey ( krb5_context kcontext, + krb5_keyblock **key ); +krb5_error_code krb5_db_free_master_key ( krb5_context kcontext, + krb5_keyblock *key ); +krb5_error_code krb5_db_store_master_key ( krb5_context kcontext, + char *db_arg, + krb5_principal mname, + krb5_keyblock *key, + char *master_pwd); +krb5_error_code krb5_db_fetch_mkey ( krb5_context context, + krb5_principal mname, + krb5_enctype etype, + krb5_boolean fromkeyboard, + krb5_boolean twice, + char *db_args, + krb5_data *salt, + krb5_keyblock *key); +krb5_error_code krb5_db_verify_master_key ( krb5_context kcontext, + krb5_principal mprinc, + krb5_keyblock *mkey ); +krb5_error_code +krb5_dbe_find_enctype( krb5_context kcontext, + krb5_db_entry *dbentp, + krb5_int32 ktype, + krb5_int32 stype, + krb5_int32 kvno, + krb5_key_data **kdatap); + + +krb5_error_code krb5_dbe_search_enctype ( krb5_context kcontext, + krb5_db_entry *dbentp, + krb5_int32 *start, + krb5_int32 ktype, + krb5_int32 stype, + krb5_int32 kvno, + krb5_key_data **kdatap); + +krb5_error_code +krb5_db_setup_mkey_name ( krb5_context context, + const char *keyname, + const char *realm, + char **fullname, + krb5_principal *principal); + +krb5_error_code +krb5_dbekd_decrypt_key_data( krb5_context context, + const krb5_keyblock * mkey, + const krb5_key_data * key_data, + krb5_keyblock * dbkey, + krb5_keysalt * keysalt); + +krb5_error_code +krb5_dbekd_encrypt_key_data( krb5_context context, + const krb5_keyblock * mkey, + const krb5_keyblock * dbkey, + const krb5_keysalt * keysalt, + int keyver, + krb5_key_data * key_data); + +krb5_error_code +krb5_dbe_lookup_mod_princ_data( krb5_context context, + krb5_db_entry * entry, + krb5_timestamp * mod_time, + krb5_principal * mod_princ); + +krb5_error_code +krb5_dbe_update_last_pwd_change( krb5_context context, + krb5_db_entry * entry, + krb5_timestamp stamp); + +krb5_error_code +krb5_dbe_lookup_tl_data( krb5_context context, + krb5_db_entry * entry, + krb5_tl_data * ret_tl_data); + +krb5_error_code +krb5_dbe_create_key_data( krb5_context context, + krb5_db_entry * entry); + + +krb5_error_code +krb5_dbe_update_mod_princ_data( krb5_context context, + krb5_db_entry * entry, + krb5_timestamp mod_date, + krb5_const_principal mod_princ); + +krb5_error_code +krb5_dbe_update_last_pwd_change( krb5_context context, + krb5_db_entry * entry, + krb5_timestamp stamp); + +void *krb5_db_alloc( krb5_context kcontext, + void *ptr, + size_t size ); + +void krb5_db_free( krb5_context kcontext, + void *ptr); + + +krb5_error_code +krb5_dbe_lookup_last_pwd_change( krb5_context context, + krb5_db_entry * entry, + krb5_timestamp * stamp); + +krb5_error_code +krb5_dbe_update_tl_data( krb5_context context, + krb5_db_entry * entry, + krb5_tl_data * new_tl_data); + +krb5_error_code +krb5_dbe_cpw( krb5_context kcontext, + krb5_keyblock * master_key, + krb5_key_salt_tuple * ks_tuple, + int ks_tuple_count, + char * passwd, + int new_kvno, + krb5_boolean keepold, + krb5_db_entry * db_entry); + +krb5_error_code +krb5_dbe_ark( krb5_context context, + krb5_keyblock * master_key, + krb5_key_salt_tuple * ks_tuple, + int ks_tuple_count, + krb5_db_entry * db_entry); + +krb5_error_code +krb5_dbe_crk( krb5_context context, + krb5_keyblock * master_key, + krb5_key_salt_tuple * ks_tuple, + int ks_tuple_count, + krb5_boolean keepold, + krb5_db_entry * db_entry); + +krb5_error_code +krb5_dbe_apw( krb5_context context, + krb5_keyblock * master_key, + krb5_key_salt_tuple * ks_tuple, + int ks_tuple_count, + char * passwd, + krb5_db_entry * db_entry); + + +/* default functions. Should not be directly called */ +/* + * Default functions prototype + */ + +krb5_error_code +krb5_dbe_def_search_enctype( krb5_context kcontext, + krb5_db_entry *dbentp, + krb5_int32 *start, + krb5_int32 ktype, + krb5_int32 stype, + krb5_int32 kvno, + krb5_key_data **kdatap); + +krb5_error_code +krb5_def_store_mkey( krb5_context context, + char *keyfile, + krb5_principal mname, + krb5_keyblock *key, + char *master_pwd); + + +krb5_error_code +krb5_db_def_fetch_mkey( krb5_context context, + krb5_principal mname, + krb5_keyblock *key, + int *kvno, + char *db_args); + +krb5_error_code +krb5_def_verify_master_key( krb5_context context, + krb5_principal mprinc, + krb5_keyblock *mkey); + +krb5_error_code kdb_def_set_mkey ( krb5_context kcontext, + char *pwd, + krb5_keyblock *key ); + +krb5_error_code kdb_def_get_mkey ( krb5_context kcontext, + krb5_keyblock **key ); + +krb5_error_code +krb5_dbe_def_cpw( krb5_context context, + krb5_keyblock * master_key, + krb5_key_salt_tuple * ks_tuple, + int ks_tuple_count, + char * passwd, + int new_kvno, + krb5_boolean keepold, + krb5_db_entry * db_entry); + + +krb5_error_code +krb5_db_create_policy( krb5_context kcontext, + osa_policy_ent_t policy); + +krb5_error_code +krb5_db_get_policy ( krb5_context kcontext, + char *name, + osa_policy_ent_t *policy, + int *nentries); + +krb5_error_code +krb5_db_put_policy( krb5_context kcontext, + osa_policy_ent_t policy); + +krb5_error_code +krb5_db_iter_policy( krb5_context kcontext, + char *match_entry, + osa_adb_iter_policy_func func, + void *data); + +krb5_error_code +krb5_db_delete_policy( krb5_context kcontext, + char *policy); + +void +krb5_db_free_policy( krb5_context kcontext, + osa_policy_ent_t policy); + +void krb5_db_clr_error(void); + #define KRB5_KDB_DEF_FLAGS 0 #endif /* !defined(_WIN32) */ diff --git a/src/include/krb5/stock/ChangeLog b/src/include/krb5/stock/ChangeLog index b4fb69db6..34c37656d 100644 --- a/src/include/krb5/stock/ChangeLog +++ b/src/include/krb5/stock/ChangeLog @@ -1,3 +1,8 @@ +2005-06-20 Ken Raeburn + + Novell merge. + * osconf.h: + 2004-07-09 Jeffrey Altman * osconf.h: !!define -> !define diff --git a/src/include/krb5/stock/osconf.h b/src/include/krb5/stock/osconf.h index 6c6c6cd3a..7fff64b96 100644 --- a/src/include/krb5/stock/osconf.h +++ b/src/include/krb5/stock/osconf.h @@ -63,6 +63,7 @@ /* Location of KDC profile */ #define DEFAULT_KDC_PROFILE "@LOCALSTATEDIR/krb5kdc/kdc.conf" #define KDC_PROFILE_ENV "KRB5_KDC_PROFILE" +#define DEFAULT_KDB_LIB_PATH { "/usr/lib/kerbdb", "@LIBDIR/kerbdb", NULL } #define DEFAULT_KDC_ENCTYPE ENCTYPE_DES3_CBC_SHA1 #define KDCRCACHE "dfl:krb5kdc_rcache" diff --git a/src/kadmin/cli/ChangeLog b/src/kadmin/cli/ChangeLog index 1e2ef44f0..d94a55835 100644 --- a/src/kadmin/cli/ChangeLog +++ b/src/kadmin/cli/ChangeLog @@ -1,3 +1,9 @@ +2005-06-20 Ken Raeburn + + Novell merge. + * Makefile.in: + * kadmin.c: + 2005-02-11 Tom Yu * kadmin.c (kadmin_startup): New flag "-N" to prevent fallback to diff --git a/src/kadmin/cli/Makefile.in b/src/kadmin/cli/Makefile.in index d1b9b9bf0..992f6ef73 100644 --- a/src/kadmin/cli/Makefile.in +++ b/src/kadmin/cli/Makefile.in @@ -4,6 +4,7 @@ mydir=cli BUILDTOP=$(REL)..$(S).. PROG_LIBPATH=-L$(TOPLIBD) PROG_RPATH=$(KRB5_LIBDIR) +KDB_DEP_LIB=-ldl -lpthread PROG = kadmin OBJS = kadmin.o kadmin_ct.o ss_wrapper.o getdate.o keytab.o @@ -13,7 +14,7 @@ LOCALINCLUDES=-I$(srcdir) all:: $(PROG).local $(PROG) $(PROG).local: $(OBJS) $(SS_DEPLIB) $(KADMSRV_DEPLIBS) $(KRB5_BASE_DEPLIBS) - $(CC_LINK) -o $(PROG).local $(OBJS) $(SS_LIB) $(KADMSRV_LIBS) $(KRB5_BASE_LIBS) + $(CC_LINK) -o $(PROG).local $(OBJS) $(SS_LIB) $(KADMSRV_LIBS) $(KDB_DEP_LIB) $(KRB5_BASE_LIBS) $(PROG): $(OBJS) $(SS_DEPLIB) $(KADMCLNT_DEPLIBS) $(KRB5_BASE_DEPLIBS) $(CC_LINK) -o $(PROG) $(OBJS) $(SS_LIB) $(KADMCLNT_LIBS) $(KRB5_BASE_LIBS) diff --git a/src/kadmin/cli/kadmin.c b/src/kadmin/cli/kadmin.c index 957659dad..b4a0ee708 100644 --- a/src/kadmin/cli/kadmin.c +++ b/src/kadmin/cli/kadmin.c @@ -26,6 +26,7 @@ */ #include +#include #include #include #include @@ -96,9 +97,12 @@ int locked = 0; static void usage() { fprintf(stderr, - "Usage: %s [-r realm] [-p principal] [-q query] [clnt|local args]\n" - "\tclnt args: [-s admin_server[:port]] [[-c ccache]|[-k [-t keytab]]]\n" - "\tlocal args: [-d dbname] [-e \"enc:salt ...\"] [-m]\n", whoami); + "Usage: %s [-r realm] [-p principal] [-q query] [clnt|local args]\n" + "\tclnt args: [-s admin_server[:port]] [[-c ccache]|[-k [-t keytab]]]\n" + "\tlocal args: [-x db_args]* [-d dbname] [-e \"enc:salt ...\"] [-m]\n" + "where,\n\t[-x db_args]* - any number of database specific arguments.\n" + "\t\t\tLook at each database documentation for supported arguments\n", + whoami); exit(1); } @@ -183,6 +187,9 @@ char *kadmin_startup(argc, argv) krb5_ccache cc; krb5_principal princ; kadm5_config_params params; + char **db_args = NULL; + int db_args_size = 0; + char *db_name = NULL; char *svcname; memset((char *) ¶ms, 0, sizeof(params)); @@ -193,8 +200,25 @@ char *kadmin_startup(argc, argv) exit(1); } - while ((optchar = getopt(argc, argv, "r:p:kq:w:d:s:mc:t:e:ON")) != EOF) { + while ((optchar = getopt(argc, argv, "x:r:p:kq:w:d:s:mc:t:e:ON")) != EOF) { switch (optchar) { + case 'x': + db_args_size++; + { + char **temp = realloc( db_args, sizeof(char*) * (db_args_size+1)); /* one for NULL */ + if( temp == NULL ) + { + fprintf(stderr,"%s: Cannot initialize. Not enough memory\n", + argv[0]); + exit(1); + } + + db_args = temp; + } + db_args[db_args_size-1] = optarg; + db_args[db_args_size] = NULL; + break; + case 'r': def_realm = optarg; break; @@ -217,8 +241,33 @@ char *kadmin_startup(argc, argv) query = optarg; break; case 'd': - params.dbname = optarg; - params.mask |= KADM5_CONFIG_DBNAME; + /* now db_name is not a seperate argument. It has to be passed as part of the db_args */ + if( !db_name ) + { + db_name = malloc( strlen(optarg) + sizeof("dbname=")); + } + else + { + db_name = realloc( db_name, strlen(optarg) + sizeof("dbname=")); + } + + strcpy( db_name, "dbname="); + strcat( db_name, optarg ); + + db_args_size++; + { + char **temp = realloc( db_args, sizeof(char*) * (db_args_size+1)); /* one for NULL */ + if( temp == NULL ) + { + fprintf(stderr,"%s: Cannot initialize. Not enough memory\n", + argv[0]); + exit(1); + } + + db_args = temp; + } + db_args[db_args_size-1] = db_name; + db_args[db_args_size] = NULL; break; case 's': params.admin_server = optarg; @@ -417,6 +466,7 @@ char *kadmin_startup(argc, argv) ¶ms, KADM5_STRUCT_VERSION, KADM5_API_VERSION_2, + db_args, &handle); } else if (use_keytab) { if (keytab_name) @@ -430,6 +480,7 @@ char *kadmin_startup(argc, argv) ¶ms, KADM5_STRUCT_VERSION, KADM5_API_VERSION_2, + db_args, &handle); } else { printf("Authenticating as principal %s with password.\n", @@ -439,6 +490,7 @@ char *kadmin_startup(argc, argv) ¶ms, KADM5_STRUCT_VERSION, KADM5_API_VERSION_2, + db_args, &handle); } if (retval) { @@ -451,6 +503,12 @@ char *kadmin_startup(argc, argv) if (freeprinc) free(princstr); + if( db_name ) + free(db_name), db_name=NULL; + + if( db_args ) + free(db_args), db_args=NULL; + if ((retval = krb5_cc_close(context, cc))) { com_err(whoami, retval, "while closing ccache %s", ccache_name); @@ -588,11 +646,36 @@ void kadmin_cpw(argc, argv) krb5_boolean keepold = FALSE; krb5_key_salt_tuple *ks_tuple = NULL; krb5_principal princ; + char **db_args = NULL; + int db_args_size = 0; + if (argc < 2) { goto usage; } for (argv++, argc--; argc > 1; argc--, argv++) { + if (!strcmp("-x", *argv)) { + argc--; + if( argc < 1 ) { + fprintf( stderr, "change_password: missing db argument\n"); + goto usage; + } + db_args_size++; + { + char **temp = realloc( db_args, sizeof(char*) * (db_args_size+1)); /* one for NULL */ + if( temp == NULL ) + { + fprintf(stderr,"change_password: Not enough memory\n"); + free( db_args ), db_args = NULL; + exit(1); + } + + db_args = temp; + } + db_args[db_args_size-1] = *++argv; + db_args[db_args_size] = NULL; + continue; + } if (!strcmp("-pw", *argv)) { argc--; if (argc < 1) { @@ -633,6 +716,7 @@ void kadmin_cpw(argc, argv) com_err("change_password", retval, "while parsing principal name"); if (ks_tuple != NULL) free(ks_tuple); + if( db_args ) free(db_args); return; } retval = krb5_unparse_name(context, princ, &canon); @@ -641,6 +725,7 @@ void kadmin_cpw(argc, argv) krb5_free_principal(context, princ); if (ks_tuple != NULL) free(ks_tuple); + if( db_args ) free(db_args); return; } if (pwarg != NULL) { @@ -657,10 +742,12 @@ void kadmin_cpw(argc, argv) com_err("change_password", retval, "while changing password for \"%s\".", canon); free(canon); + if( db_args ) free(db_args); return; } printf("Password for \"%s\" changed.\n", canon); free(canon); + if( db_args ) free(db_args); return; } else if (randkey) { if (keepold || ks_tuple != NULL) { @@ -677,10 +764,12 @@ void kadmin_cpw(argc, argv) com_err("change_password", retval, "while randomizing key for \"%s\".", canon); free(canon); + if( db_args ) free(db_args); return; } printf("Key for \"%s\" randomized.\n", canon); free(canon); + if( db_args ) free(db_args); return; } else if (argc == 1) { unsigned int i = sizeof (newpw) - 1; @@ -699,6 +788,7 @@ void kadmin_cpw(argc, argv) if (ks_tuple != NULL) free(ks_tuple); krb5_free_principal(context, princ); + if( db_args ) free(db_args); return; } if (keepold || ks_tuple != NULL) { @@ -716,15 +806,18 @@ void kadmin_cpw(argc, argv) com_err("change_password", retval, "while changing password for \"%s\".", canon); free(canon); + if( db_args ) free(db_args); return; } printf("Password for \"%s\" changed.\n", canon); free(canon); + if( db_args ) free(db_args); return; } else { free(canon); krb5_free_principal(context, princ); usage: + if( db_args ) free(db_args); if (ks_tuple != NULL) free(ks_tuple); fprintf(stderr, @@ -735,6 +828,27 @@ void kadmin_cpw(argc, argv) } } +static void +kadmin_free_tl_data( kadm5_principal_ent_t princ ) +{ + krb5_tl_data *tl_data = princ->tl_data; + int n_tl_data = princ->n_tl_data; + int i; + + princ->n_tl_data = 0; + princ->tl_data = NULL; + + for( i = 0; tl_data && (i < n_tl_data); i++ ) + { + krb5_tl_data *next = tl_data->tl_data_next; + if( tl_data->tl_data_contents ) + free( tl_data->tl_data_contents ); + free( tl_data ); + tl_data = next; + } +} + +#define KRB5_TL_DB_ARGS 0x7fff static int kadmin_parse_princ_args(argc, argv, oprinc, mask, pass, randkey, ks_tuple, n_ks_tuple, caller) @@ -752,6 +866,7 @@ kadmin_parse_princ_args(argc, argv, oprinc, mask, pass, randkey, time_t date; time_t now; krb5_error_code retval; + krb5_tl_data *tl_data, *tail = NULL; *mask = 0; *pass = NULL; @@ -761,6 +876,42 @@ kadmin_parse_princ_args(argc, argv, oprinc, mask, pass, randkey, *randkey = 0; for (i = 1; i < argc - 1; i++) { attrib_set = 0; + if (strlen(argv[i]) == 2 && + !strcmp("-x",argv[i])) { + if (++i > argc - 2) + return -1; + + tl_data = malloc( sizeof(krb5_tl_data) ); + if( tl_data == NULL ) + { + fprintf(stderr, "Not enough memory\n"); + return ENOMEM; + } + + memset( tl_data, 0, sizeof(krb5_tl_data)); + tl_data->tl_data_type = KRB5_TL_DB_ARGS; + tl_data->tl_data_length = strlen(argv[i])+1; + tl_data->tl_data_contents = strdup(argv[i]); + + if( tail ) + { + tail->tl_data_next = tl_data; + } + else + { + oprinc->tl_data = tl_data; + } + tail = tl_data; + oprinc->n_tl_data++; + + if( tl_data->tl_data_contents == NULL ) + { + fprintf(stderr, "Not enough memory\n"); + return ENOMEM; + } + *mask |= KADM5_TL_DATA; + continue; + } if (strlen(argv[i]) == 7 && !strcmp("-expire", argv[i])) { if (++i > argc - 2) @@ -920,12 +1071,14 @@ kadmin_addprinc_usage(func) { fprintf(stderr, "usage: %s [options] principal\n", func); fprintf(stderr, "\toptions are:\n"); - fprintf(stderr, "\t\t[-expire expdate] [-pwexpire pwexpdate] [-maxlife maxtixlife]\n\t\t[-kvno kvno] [-policy policy] [-randkey] [-pw password]\n\t\t[-maxrenewlife maxrenewlife]\n\t\t[-e keysaltlist]\n\t\t[{+|-}attribute]\n"); + fprintf(stderr, "\t\t[-x db_princ_args]* [-expire expdate] [-pwexpire pwexpdate] [-maxlife maxtixlife]\n\t\t[-kvno kvno] [-policy policy] [-randkey] [-pw password]\n\t\t[-maxrenewlife maxrenewlife]\n\t\t[-e keysaltlist]\n\t\t[{+|-}attribute]\n"); fprintf(stderr, "\tattributes are:\n"); fprintf(stderr, "%s%s%s", "\t\tallow_postdated allow_forwardable allow_tgs_req allow_renewable\n", "\t\tallow_proxiable allow_dup_skey allow_tix requires_preauth\n", - "\t\trequires_hwauth needchange allow_svr password_changing_service\n"); + "\t\trequires_hwauth needchange allow_svr password_changing_service\n" + "\nwhere,\n\t[-x db_princ_args]* - any number of database specific arguments.\n" + "\t\t\tLook at each database documentation for supported arguments\n"); } static void @@ -934,12 +1087,15 @@ kadmin_modprinc_usage(func) { fprintf(stderr, "usage: %s [options] principal\n", func); fprintf(stderr, "\toptions are:\n"); - fprintf(stderr, "\t\t[-expire expdate] [-pwexpire pwexpdate] [-maxlife maxtixlife]\n\t\t[-kvno kvno] [-policy policy] [-clearpolicy]\n\t\t[-maxrenewlife maxrenewlife] [{+|-}attribute]\n"); + fprintf(stderr, "\t\t[-x db_princ_args]* [-expire expdate] [-pwexpire pwexpdate] [-maxlife maxtixlife]\n\t\t[-kvno kvno] [-policy policy] [-clearpolicy]\n\t\t[-maxrenewlife maxrenewlife] [{+|-}attribute]\n"); fprintf(stderr, "\tattributes are:\n"); fprintf(stderr, "%s%s%s", "\t\tallow_postdated allow_forwardable allow_tgs_req allow_renewable\n", "\t\tallow_proxiable allow_dup_skey allow_tix requires_preauth\n", - "\t\trequires_hwauth needchange allow_svr password_changing_service\n"); + "\t\trequires_hwauth needchange allow_svr password_changing_service\n" + "\nwhere,\n\t[-x db_princ_args]* - any number of database specific arguments.\n" + "\t\t\tLook at each database documentation for supported arguments\n" + ); } void kadmin_addprinc(argc, argv) @@ -970,7 +1126,8 @@ void kadmin_addprinc(argc, argv) &princ, &mask, &pass, &randkey, &ks_tuple, &n_ks_tuple, "add_principal")) { - kadmin_addprinc_usage("add_principal"); + kadmin_addprinc_usage("add_principal"); + kadmin_free_tl_data( &princ ); /* need to free ks_tuple also??? */ return; } @@ -981,6 +1138,7 @@ void kadmin_addprinc(argc, argv) krb5_free_principal(context, princ.principal); if (ks_tuple != NULL) free(ks_tuple); + kadmin_free_tl_data( &princ ); return; } @@ -1025,6 +1183,7 @@ void kadmin_addprinc(argc, argv) "while reading password for \"%s\".", canon); free(canon); krb5_free_principal(context, princ.principal); + kadmin_free_tl_data( &princ ); return; } pass = newpw; @@ -1043,6 +1202,7 @@ void kadmin_addprinc(argc, argv) free(canon); if (ks_tuple != NULL) free(ks_tuple); + kadmin_free_tl_data( &princ ); return; } if (randkey) { /* more special stuff for -randkey */ @@ -1062,6 +1222,7 @@ void kadmin_addprinc(argc, argv) free(canon); if (ks_tuple != NULL) free(ks_tuple); + kadmin_free_tl_data( &princ ); return; } princ.attributes &= ~KRB5_KDB_DISALLOW_ALL_TIX; /* clear notix */ @@ -1074,6 +1235,7 @@ void kadmin_addprinc(argc, argv) free(canon); if (ks_tuple != NULL) free(ks_tuple); + kadmin_free_tl_data( &princ ); return; } } @@ -1082,6 +1244,8 @@ void kadmin_addprinc(argc, argv) if (ks_tuple != NULL) free(ks_tuple); free(canon); + kadmin_free_tl_data( &princ ); + } void kadmin_modprinc(argc, argv) @@ -1137,17 +1301,20 @@ void kadmin_modprinc(argc, argv) free(ks_tuple); kadmin_modprinc_usage("modify_principal"); free(canon); + kadmin_free_tl_data(&princ); return; } if (retval) { kadmin_modprinc_usage("modify_principal"); free(canon); + kadmin_free_tl_data(&princ); return; } if (randkey) { fprintf(stderr, "modify_principal: -randkey not allowed\n"); krb5_free_principal(context, princ.principal); free(canon); + kadmin_free_tl_data(&princ); return; } if (pass) { @@ -1155,6 +1322,7 @@ void kadmin_modprinc(argc, argv) "modify_principal: -pw not allowed; use change_password\n"); krb5_free_principal(context, princ.principal); free(canon); + kadmin_free_tl_data(&princ); return; } retval = kadm5_modify_principal(handle, &princ, mask); @@ -1163,9 +1331,11 @@ void kadmin_modprinc(argc, argv) com_err("modify_principal", retval, "while modifying \"%s\".", canon); free(canon); + kadmin_free_tl_data(&princ); return; } printf("Principal \"%s\" modified.\n", canon); + kadmin_free_tl_data(&princ); free(canon); } diff --git a/src/kadmin/dbutil/ChangeLog b/src/kadmin/dbutil/ChangeLog index 374052d4f..dae3be477 100644 --- a/src/kadmin/dbutil/ChangeLog +++ b/src/kadmin/dbutil/ChangeLog @@ -1,3 +1,16 @@ +2005-06-20 Ken Raeburn + + Novell merge. + * Makefile.in: + * dump.c: + * kadm5_create.c: + * kdb5_create.c: + * kdb5_destroy.c: + * kdb5_stash.c: + * kdb5_util.c: + * kdb5_util.h: + * ovload.c: + 2004-08-27 Ken Raeburn * loadv4.c (enter_in_v5_db): Terminate argument list of diff --git a/src/kadmin/dbutil/Makefile.in b/src/kadmin/dbutil/Makefile.in index 34569f23d..6f1fae627 100644 --- a/src/kadmin/dbutil/Makefile.in +++ b/src/kadmin/dbutil/Makefile.in @@ -6,16 +6,20 @@ DEFINES = -DKDB4_DISABLE LOCALINCLUDES = -I. @KRB4_INCLUDES@ PROG_LIBPATH=-L$(TOPLIBD) $(KRB4_LIBPATH) PROG_RPATH=$(KRB5_LIBDIR) +KDB_DEP_LIB=-ldl -lpthread PROG = kdb5_util -OBJS = kdb5_util.o dump.o dumpv4.o loadv4.o \ - kdb5_create.o kadm5_create.o string_table.o kdb5_stash.o \ - kdb5_destroy.o ovload.o import_err.o strtok.o +###OBJS = kdb5_util.o dump.o dumpv4.o loadv4.o \ +### kdb5_create.o kadm5_create.o string_table.o kdb5_stash.o \ +### kdb5_destroy.o ovload.o import_err.o strtok.o +### + +OBJS = kdb5_util.o kdb5_create.o kadm5_create.o string_table.o kdb5_destroy.o kdb5_stash.o import_err.o strtok.o dump.o ovload.o all:: $(PROG) $(PROG): $(OBJS) $(KADMSRV_DEPLIBS) $(KRB4COMPAT_DEPLIBS) - $(CC_LINK) -o $(PROG) $(OBJS) $(KADMSRV_LIBS) $(KRB4COMPAT_LIBS) + $(CC_LINK) -o $(PROG) $(OBJS) $(KADMSRV_LIBS) $(KDB_DEP_LIB) $(KRB4COMPAT_LIBS) import_err.c import_err.h: $(srcdir)/import_err.et diff --git a/src/kadmin/dbutil/dump.c b/src/kadmin/dbutil/dump.c index 8dee427c7..74f2cde68 100644 --- a/src/kadmin/dbutil/dump.c +++ b/src/kadmin/dbutil/dump.c @@ -30,7 +30,8 @@ #include #include #include -#include +#include +#include #include #include "kdb5_util.h" #if defined(HAVE_REGEX_H) && defined(HAVE_REGCOMP) @@ -91,15 +92,15 @@ typedef krb5_error_code (*dump_func)(krb5_pointer, krb5_db_entry *); static int process_k5beta_record (char *, krb5_context, - FILE *, int, int *, void *); + FILE *, int, int *); static int process_k5beta6_record (char *, krb5_context, - FILE *, int, int *, void *); + FILE *, int, int *); static int process_k5beta7_record (char *, krb5_context, - FILE *, int, int *, void *); + FILE *, int, int *); static int process_ov_record (char *, krb5_context, - FILE *, int, int *, void *); + FILE *, int, int *); typedef krb5_error_code (*load_func)(char *, krb5_context, - FILE *, int, int *, void *); + FILE *, int, int *); typedef struct _dump_version { char *name; @@ -145,7 +146,7 @@ dump_version ov_version = { 1, dump_ov_princ, dump_k5beta7_policy, - process_ov_record, + process_ov_record }; dump_version r1_3_version = { @@ -960,7 +961,7 @@ static krb5_error_code dump_ov_princ(krb5_pointer ptr, krb5_db_entry *kdb) tl_data.tl_data_length, XDR_DECODE); if (! xdr_osa_princ_ent_rec(&xdrs, &adb)) { xdr_destroy(&xdrs); - return(OSA_ADB_XDR_FAILURE); + return(KADM5_XDR_FAILURE); } xdr_destroy(&xdrs); @@ -1021,7 +1022,6 @@ dump_db(argc, argv) dump_version *dump; int aindex; krb5_boolean locked; - extern osa_adb_policy_t policy_db; char *new_mkey_file = 0; /* @@ -1080,7 +1080,7 @@ dump_db(argc, argv) * Make sure the database is open. The policy database only has * to be opened if we try a dump that uses it. */ - if (!dbactive || (dump->dump_policy != NULL && policy_db == NULL)) { + if (!dbactive) { com_err(argv[0], 0, Err_no_database); exit_status++; return; @@ -1174,17 +1174,17 @@ dump_db(argc, argv) if (dump->header[strlen(dump->header)-1] != '\n') fputc('\n', arglist.ofile); - if ((kret = krb5_db_iterate_ext(util_context, - dump->dump_princ, - (krb5_pointer) &arglist, - backwards, recursive))) { + if ((kret = krb5_db_iterate(util_context, + NULL, + dump->dump_princ, + (krb5_pointer) &arglist))) { /* TBD: backwards and recursive not supported */ fprintf(stderr, dumprec_err, programname, dump->name, error_message(kret)); exit_status++; } if (dump->dump_policy && - (kret = osa_adb_iter_policy(policy_db, dump->dump_policy, - &arglist))) { + (kret = krb5_db_iter_policy( util_context, "*", dump->dump_policy, + &arglist))) { fprintf(stderr, dumprec_err, programname, dump->name, error_message(kret)); exit_status++; @@ -1363,13 +1363,12 @@ update_tl_data(kcontext, dbentp, mod_name, mod_date, last_pwd_change) * Returns -1 for end of file, 0 for success and 1 for failure. */ static int -process_k5beta_record(fname, kcontext, filep, verbose, linenop, pol_db) +process_k5beta_record(fname, kcontext, filep, verbose, linenop) char *fname; krb5_context kcontext; FILE *filep; int verbose; int *linenop; - void *pol_db; { int nmatched; int retval; @@ -1664,13 +1663,12 @@ process_k5beta_record(fname, kcontext, filep, verbose, linenop, pol_db) * Returns -1 for end of file, 0 for success and 1 for failure. */ static int -process_k5beta6_record(fname, kcontext, filep, verbose, linenop, pol_db) +process_k5beta6_record(fname, kcontext, filep, verbose, linenop) char *fname; krb5_context kcontext; FILE *filep; int verbose; int *linenop; - void *pol_db; { int retval; krb5_db_entry dbentry; @@ -1948,9 +1946,9 @@ process_k5beta7_policy(fname, kcontext, filep, verbose, linenop, pol_db) return 1; } - if ((ret = osa_adb_create_policy(pol_db, &rec))) { - if (ret == OSA_ADB_DUP && - ((ret = osa_adb_put_policy(pol_db, &rec)))) { + if ((ret = krb5_db_create_policy(kcontext, &rec))) { + if (ret && + ((ret = krb5_db_put_policy(kcontext, &rec)))) { fprintf(stderr, "cannot create policy on line %d: %s\n", *linenop, error_message(ret)); return 1; @@ -1968,13 +1966,12 @@ process_k5beta7_policy(fname, kcontext, filep, verbose, linenop, pol_db) * Returns -1 for end of file, 0 for success and 1 for failure. */ static int -process_k5beta7_record(fname, kcontext, filep, verbose, linenop, pol_db) +process_k5beta7_record(fname, kcontext, filep, verbose, linenop) char *fname; krb5_context kcontext; FILE *filep; int verbose; int *linenop; - void *pol_db; { int nread; char rectype[100]; @@ -1986,10 +1983,10 @@ process_k5beta7_record(fname, kcontext, filep, verbose, linenop, pol_db) return 1; if (strcmp(rectype, "princ") == 0) process_k5beta6_record(fname, kcontext, filep, verbose, - linenop, pol_db); + linenop); else if (strcmp(rectype, "policy") == 0) process_k5beta7_policy(fname, kcontext, filep, verbose, - linenop, pol_db); + linenop); else { fprintf(stderr, "unknown record type \"%s\" on line %d\n", rectype, *linenop); @@ -2005,13 +2002,12 @@ process_k5beta7_record(fname, kcontext, filep, verbose, linenop, pol_db) * Returns -1 for end of file, 0 for success and 1 for failure. */ static int -process_ov_record(fname, kcontext, filep, verbose, linenop, pol_db) +process_ov_record(fname, kcontext, filep, verbose, linenop) char *fname; krb5_context kcontext; FILE *filep; int verbose; int *linenop; - void *pol_db; { int nread; char rectype[100]; @@ -2023,10 +2019,10 @@ process_ov_record(fname, kcontext, filep, verbose, linenop, pol_db) return 1; if (strcmp(rectype, "princ") == 0) process_ov_principal(fname, kcontext, filep, verbose, - linenop, pol_db); + linenop); else if (strcmp(rectype, "policy") == 0) process_k5beta7_policy(fname, kcontext, filep, verbose, - linenop, pol_db); + linenop); else if (strcmp(rectype, "End") == 0) return -1; else { @@ -2042,14 +2038,13 @@ process_ov_record(fname, kcontext, filep, verbose, linenop, pol_db) * restore_dump() - Restore the database from any version dump file. */ static int -restore_dump(programname, kcontext, dumpfile, f, verbose, dump, pol_db) +restore_dump(programname, kcontext, dumpfile, f, verbose, dump) char *programname; krb5_context kcontext; char *dumpfile; FILE *f; int verbose; dump_version *dump; - osa_adb_policy_t pol_db; { int error; int lineno; @@ -2064,8 +2059,7 @@ restore_dump(programname, kcontext, dumpfile, f, verbose, dump, pol_db) kcontext, f, verbose, - &lineno, - pol_db))) + &lineno))) ; if (error != -1) fprintf(stderr, err_line_fmt, programname, lineno, dumpfile); @@ -2085,7 +2079,6 @@ load_db(argc, argv) char **argv; { kadm5_config_params newparams; - osa_adb_policy_t tmppol_db; krb5_error_code kret; krb5_context kcontext; FILE *f; @@ -2115,7 +2108,6 @@ load_db(argc, argv) crflags = KRB5_KDB_CREATE_BTREE; exit_status = 0; dbname_tmp = (char *) NULL; - tmppol_db = NULL; for (aindex = 1; aindex < argc; aindex++) { if (!strcmp(argv[aindex], oldoption)) load = &old_version; @@ -2130,7 +2122,21 @@ load_db(argc, argv) else if (!strcmp(argv[aindex], updateoption)) update = 1; else if (!strcmp(argv[aindex], hashoption)) - crflags = KRB5_KDB_CREATE_HASH; + { + db5util_db_args_size++; + { + char **temp = realloc( db5util_db_args, sizeof(char*) * (db5util_db_args_size+1)); /* one for NULL */ + if( temp == NULL ) + { + com_err(progname, ENOMEM, "while parsing command arguments\n"); + exit(1); + } + + db5util_db_args = temp; + } + db5util_db_args[db5util_db_args_size-1] = "hash=true"; + db5util_db_args[db5util_db_args_size] = NULL; + } else break; } @@ -2159,6 +2165,14 @@ load_db(argc, argv) return; } + if( (kret = krb5_set_default_realm(kcontext, util_context->default_realm)) ) + { + fprintf(stderr, "%s: Unable to set the default realm\n", programname); + free(dbname_tmp); + exit_status++; + return; + } + /* * Open the dumpfile */ @@ -2221,7 +2235,7 @@ load_db(argc, argv) /* * Cons up params for the new databases. If we are not in update - * mode use a temp name that we'll rename later. + * mode, we dont create tmp file and then move it to final place. As it is dependent on DB type, this is not done */ newparams = global_params; if (! update) { @@ -2238,105 +2252,67 @@ load_db(argc, argv) } /* - * If not an update restoration, create the temp database. Always - * create a temp policy db, even if we are not loading a dump file - * with policy info, because they may be loading an old dump - * intending to use it with the new kadm5 system. + * If not an update restoration, create the database. otherwise open */ - if (!update && ((kret = krb5_db_create(kcontext, dbname_tmp, crflags)))) { - fprintf(stderr, dbcreaterr_fmt, - programname, dbname_tmp, error_message(kret)); - exit_status++; - kadm5_free_config_params(kcontext, &newparams); - if (dumpfile) fclose(f); - return; - } - if (!update && (kret = osa_adb_create_policy_db(&newparams))) { - fprintf(stderr, "%s: %s while creating policy database\n", - programname, error_message(kret)); - exit_status++; - kadm5_free_config_params(kcontext, &newparams); - if (dumpfile) fclose(f); - return; + if (!update) { + if((kret = krb5_db_create(kcontext, db5util_db_args))) { + fprintf(stderr, dbcreaterr_fmt, + programname, dbname, error_message(kret)); + exit_status++; + kadm5_free_config_params(kcontext, &newparams); + if (dumpfile) fclose(f); + return; + } } - + else /* - * Point ourselves at the new databases. + * Initialize the database. */ - if ((kret = krb5_db_set_name(kcontext, - (update) ? dbname : dbname_tmp))) { - fprintf(stderr, dbname_err_fmt, - programname, - (update) ? dbname : dbname_tmp, error_message(kret)); - exit_status++; - goto error; - } - if ((kret = osa_adb_open_policy(&tmppol_db, &newparams))) { - fprintf(stderr, "%s: %s while opening policy database\n", - programname, error_message(kret)); - exit_status++; - goto error; + if ((kret = krb5_db_open(kcontext, db5util_db_args, KRB5_KDB_OPEN_RW))) { + fprintf(stderr, dbinit_err_fmt, + programname, error_message(kret)); + exit_status++; + goto error; } + + /* * If an update restoration, make sure the db is left unusable if * the update fails. */ - if (update) { - if ((kret = osa_adb_get_lock(tmppol_db, OSA_ADB_PERMANENT))) { - fprintf(stderr, "%s: %s while permanently locking database\n", - programname, error_message(kret)); - exit_status++; - goto error; - } - } - - /* - * Initialize the database. - */ - if ((kret = krb5_db_init(kcontext))) { - fprintf(stderr, dbinit_err_fmt, - programname, error_message(kret)); - exit_status++; - goto error; - } - /* - * grab an extra lock, since there are no other users - */ - if (!update) { - kret = krb5_db_lock(kcontext, KRB5_LOCKMODE_EXCLUSIVE); - if (kret) { - fprintf(stderr, dblock_err_fmt, - programname, error_message(kret)); - exit_status++; - goto error; - } + if ((kret = krb5_db_lock(kcontext, update?KRB5_DB_LOCKMODE_PERMANENT: KRB5_DB_LOCKMODE_EXCLUSIVE))) { + fprintf(stderr, "%s: %s while permanently locking database\n", + programname, error_message(kret)); + exit_status++; + goto error; } if (restore_dump(programname, kcontext, (dumpfile) ? dumpfile : stdin_name, - f, verbose, load, tmppol_db)) { + f, verbose, load)) { fprintf(stderr, restfail_fmt, programname, load->name); exit_status++; } - if (!update && (kret = krb5_db_unlock(kcontext))) { + if (!update && load->create_kadm5 && + ((kret = kadm5_create_magic_princs(&newparams, kcontext)))) { + /* error message printed by create_magic_princs */ + exit_status++; + } + + if ((kret = krb5_db_unlock(kcontext))) { /* change this error? */ fprintf(stderr, dbunlockerr_fmt, - programname, dbname_tmp, error_message(kret)); + programname, dbname, error_message(kret)); exit_status++; } + if ((kret = krb5_db_fini(kcontext))) { fprintf(stderr, close_err_fmt, programname, error_message(kret)); exit_status++; } - if (!update && load->create_kadm5 && - ((kret = kadm5_create_magic_princs(&newparams, kcontext)))) { - /* error message printed by create_magic_princs */ - exit_status++; - } - /* close policy db below */ error: @@ -2348,54 +2324,11 @@ error: */ if (!update) { if (exit_status) { - if ((kret = krb5_db_destroy(kcontext, dbname_tmp))) { + if ((kret = krb5_db_destroy(kcontext, db5util_db_args))) { fprintf(stderr, dbdelerr_fmt, - programname, dbname_tmp, error_message(kret)); - exit_status++; - } - if ((kret = osa_adb_destroy_policy_db(&newparams))) { - fprintf(stderr, "%s: %s while destroying policy database\n", - programname, error_message(kret)); - exit_status++; - } - } - else { - if ((kret = krb5_db_rename(kcontext, - dbname_tmp, - dbname))) { - fprintf(stderr, dbrenerr_fmt, - programname, dbname_tmp, dbname, - error_message(kret)); - exit_status++; - } - - if ((kret = osa_adb_close_policy(tmppol_db))) { - fprintf(stderr, close_err_fmt, - programname, error_message(kret)); + programname, dbname, error_message(kret)); exit_status++; } - - if ((kret = osa_adb_rename_policy_db(&newparams, - &global_params))) { - fprintf(stderr, - "%s: %s while renaming policy db %s to %s\n", - programname, error_message(kret), - newparams.admin_dbname, - global_params.admin_dbname); - exit_status++; - } - } - } else /* update */ { - if (! exit_status && ((kret = osa_adb_release_lock(tmppol_db)))) { - fprintf(stderr, "%s: %s while releasing permanent lock\n", - programname, error_message(kret)); - exit_status++; - } - - if (tmppol_db && ((kret = osa_adb_close_policy(tmppol_db)))) { - fprintf(stderr, close_err_fmt, - programname, error_message(kret)); - exit_status++; } } diff --git a/src/kadmin/dbutil/kadm5_create.c b/src/kadmin/dbutil/kadm5_create.c index 9ed6459e0..a9a9df0cd 100644 --- a/src/kadmin/dbutil/kadm5_create.c +++ b/src/kadmin/dbutil/kadm5_create.c @@ -35,7 +35,8 @@ #include #include #include -#include +#include +#include #include #include @@ -85,11 +86,6 @@ int kadm5_create(kadm5_config_params *params) return 1; } - if ((retval = osa_adb_create_policy_db(&lparams))) { - com_err(progname, retval, str_CREATING_POLICY_DB); - return 1; - } - retval = kadm5_create_magic_princs(&lparams, context); kadm5_free_config_params(context, &lparams); @@ -110,6 +106,7 @@ int kadm5_create_magic_princs(kadm5_config_params *params, if ((retval = kadm5_init(progname, NULL, NULL, params, KADM5_STRUCT_VERSION, KADM5_API_VERSION_2, + db5util_db_args, &handle))) { com_err(progname, retval, "while initializing the Kerberos admin interface"); return retval; diff --git a/src/kadmin/dbutil/kdb5_create.c b/src/kadmin/dbutil/kdb5_create.c index 2c05c2744..5bd337e47 100644 --- a/src/kadmin/dbutil/kdb5_create.c +++ b/src/kadmin/dbutil/kdb5_create.c @@ -55,8 +55,9 @@ #include #include +#include +#include #include -#include #include #include "kdb5_util.h" @@ -145,7 +146,6 @@ extern char *mkey_password; extern char *progname; extern int exit_status; -extern osa_adb_policy_t policy_db; extern kadm5_config_params global_params; extern krb5_context util_context; @@ -160,7 +160,6 @@ void kdb5_create(argc, argv) char *pw_str = 0; unsigned int pw_size = 0; int do_stash = 0; - krb5_int32 crflags = KRB5_KDB_CREATE_BTREE; krb5_data pwd, seed; if (strrchr(argv[0], '/')) @@ -172,7 +171,19 @@ void kdb5_create(argc, argv) do_stash++; break; case 'h': - crflags = KRB5_KDB_CREATE_HASH; + db5util_db_args_size++; + { + char **temp = realloc( db5util_db_args, sizeof(char*) * (db5util_db_args_size+1)); /* one for NULL */ + if( temp == NULL ) + { + com_err(progname, ENOMEM, "while parsing command arguments\n"); + exit(1); + } + + db5util_db_args = temp; + } + db5util_db_args[db5util_db_args_size-1] = "hash=true"; + db5util_db_args[db5util_db_args_size] = NULL; case '?': default: usage(); @@ -187,16 +198,6 @@ void kdb5_create(argc, argv) rblock.nkslist = global_params.num_keysalts; rblock.kslist = global_params.keysalts; - retval = krb5_db_set_name(util_context, global_params.dbname); - if (!retval) retval = EEXIST; - - if (retval == EEXIST || retval == EACCES || retval == EPERM) { - /* it exists ! */ - com_err(argv[0], 0, "The database '%s' appears to already exist", - global_params.dbname); - exit_status++; return; - } - printf ("Loading random data\n"); retval = krb5_c_random_os_entropy (util_context, 1, NULL); if (retval) { @@ -267,26 +268,20 @@ master key name '%s'\n", exit_status++; return; } if ((retval = krb5_db_create(util_context, - global_params.dbname, crflags))) { + db5util_db_args))) { com_err(argv[0], retval, "while creating database '%s'", global_params.dbname); exit_status++; return; } - if ((retval = krb5_db_fini(util_context))) { - com_err(argv[0], retval, "while closing current database"); - exit_status++; return; - } - if ((retval = krb5_db_set_name(util_context, global_params.dbname))) { - com_err(argv[0], retval, "while setting active database to '%s'", - global_params.dbname); - exit_status++; return; - } - if ((retval = krb5_db_init(util_context))) { - com_err(argv[0], retval, "while initializing the database '%s'", - global_params.dbname); - exit_status++; return; - } - +/* if ((retval = krb5_db_fini(util_context))) { */ +/* com_err(argv[0], retval, "while closing current database"); */ +/* exit_status++; return; */ +/* } */ +/* if ((retval = krb5_db_open(util_context, db5util_db_args, KRB5_KDB_OPEN_RW))) { */ +/* com_err(argv[0], retval, "while initializing the database '%s'", */ +/* global_params.dbname); */ +/* exit_status++; return; */ +/* } */ if ((retval = add_principal(util_context, master_princ, MASTER_KEY, &rblock)) || (retval = add_principal(util_context, &tgt_princ, TGT_KEY, &rblock))) { (void) krb5_db_fini(util_context); @@ -298,10 +293,11 @@ master key name '%s'\n", * it; delete the file below if it was not requested. DO NOT EXIT * BEFORE DELETING THE KEYFILE if do_stash is not set. */ - retval = krb5_db_store_mkey(util_context, - global_params.stash_file, - master_princ, - &master_keyblock); + retval = krb5_db_store_master_key(util_context, + global_params.stash_file, + master_princ, + &master_keyblock, + mkey_password); if (retval) { com_err(argv[0], errno, "while storing key"); printf("Warning: couldn't stash master key.\n"); @@ -440,6 +436,6 @@ add_principal(context, princ, op, pblock) retval = krb5_db_put_principal(context, &entry, &nentries); error_out:; - krb5_dbe_free_contents(context, &entry); + krb5_db_free_principal(context, &entry, 1); return retval; } diff --git a/src/kadmin/dbutil/kdb5_destroy.c b/src/kadmin/dbutil/kdb5_destroy.c index 2545bdb5d..ea1011b40 100644 --- a/src/kadmin/dbutil/kdb5_destroy.c +++ b/src/kadmin/dbutil/kdb5_destroy.c @@ -33,7 +33,7 @@ #include #include "com_err.h" #include -#include +#include #include "kdb5_util.h" extern int exit_status; @@ -53,12 +53,23 @@ kdb5_destroy(argc, argv) int optchar; char *dbname; char buf[5]; - krb5_error_code retval, retval1, retval2; + krb5_error_code retval1; krb5_context context; int force = 0; - krb5_init_context(&context); + retval1 = krb5_init_context(&context); + if( retval1 ) + { + com_err(argv[0], retval1, "while initializing krb5_context"); + exit(1); + } + if ((retval1 = krb5_set_default_realm(context, + util_context->default_realm))) { + com_err(argv[0], retval1, "while setting default realm name"); + exit(1); + } + if (strrchr(argv[0], '/')) argv[0] = strrchr(argv[0], '/')+1; @@ -89,21 +100,11 @@ kdb5_destroy(argc, argv) printf("OK, deleting database '%s'...\n", dbname); } - retval = krb5_db_set_name(context, dbname); - if (retval) { - com_err(argv[0], retval, "'%s'",dbname); - exit_status++; return; - } - retval1 = krb5_db_destroy(context, dbname); - retval2 = osa_adb_destroy_policy_db(&global_params); + retval1 = krb5_db_destroy(context, db5util_db_args); if (retval1) { com_err(argv[0], retval1, "deleting database '%s'",dbname); exit_status++; return; } - if (retval2) { - com_err(argv[0], retval2, "destroying policy database"); - exit_status++; return; - } dbactive = FALSE; printf("** Database '%s' destroyed.\n", dbname); diff --git a/src/kadmin/dbutil/kdb5_stash.c b/src/kadmin/dbutil/kdb5_stash.c index 6d7251541..09bea2151 100644 --- a/src/kadmin/dbutil/kdb5_stash.c +++ b/src/kadmin/dbutil/kdb5_stash.c @@ -85,10 +85,18 @@ kdb5_stash(argc, argv) if (strrchr(argv[0], '/')) argv[0] = strrchr(argv[0], '/')+1; - /* Tell upwards to close the policy db cause we don't */ - close_policy_db = 1; + retval = krb5_init_context(&context); + if( retval ) + { + com_err(argv[0], retval, "while initializing krb5_context"); + exit(1); + } - krb5_init_context(&context); + if ((retval = krb5_set_default_realm(context, + util_context->default_realm))) { + com_err(argv[0], retval, "while setting default realm name"); + exit(1); + } dbname = global_params.dbname; realm = global_params.realm; @@ -118,13 +126,6 @@ kdb5_stash(argc, argv) exit_status++; return; } - retval = krb5_db_set_name(context, dbname); - if (retval) { - com_err(argv[0], retval, "while setting active database to '%s'", - dbname); - exit_status++; return; - } - /* assemble & parse the master key name */ retval = krb5_db_setup_mkey_name(context, mkey_name, realm, &mkey_fullname, &master_princ); @@ -133,7 +134,7 @@ kdb5_stash(argc, argv) exit_status++; return; } - retval = krb5_db_init(context); + retval = krb5_db_open(context, db5util_db_args, KRB5_KDB_OPEN_RW); if (retval) { com_err(argv[0], retval, "while initializing the database '%s'", dbname); @@ -159,8 +160,8 @@ kdb5_stash(argc, argv) exit_status++; return; } - retval = krb5_db_store_mkey(context, keyfile, master_princ, - &master_keyblock); + retval = krb5_db_store_master_key(context, keyfile, master_princ, + &master_keyblock, NULL); if (retval) { com_err(argv[0], errno, "while storing key"); memset((char *)master_keyblock.contents, 0, master_keyblock.length); diff --git a/src/kadmin/dbutil/kdb5_util.c b/src/kadmin/dbutil/kdb5_util.c index 524976867..a95dff702 100644 --- a/src/kadmin/dbutil/kdb5_util.c +++ b/src/kadmin/dbutil/kdb5_util.c @@ -57,7 +57,6 @@ #include #include #include -#include #include #include "kdb5_util.h" @@ -76,13 +75,12 @@ char *mkey_password = 0; int exit_status = 0; krb5_context util_context; -osa_adb_policy_t policy_db; kadm5_config_params global_params; void usage() { fprintf(stderr, "Usage: " - "kdb5_util [-r realm] [-d dbname] [-k mkeytype] [-M mkeyname]\n" + "kdb5_util [-x db_args]* [-r realm] [-d dbname] [-k mkeytype] [-M mkeyname]\n" "\t [-sf stashfilename] [-m] cmd [cmd_options]\n" "\tcreate [-s]\n" "\tdestroy [-f]\n" @@ -91,9 +89,9 @@ void usage() "\t [-mkey_convert] [-new_mkey_file mkey_file]\n" "\t [-rev] [-recurse] [filename [princs...]]\n" "\tload [-old] [-ov] [-b6] [-verbose] [-update] filename\n" - "\tdump_v4 [-S] [filename]\n" - "\tload_v4 [-S] [-t] [-n] [-v] [-K] [-s stashfile] inputfile\n" - "\tark [-e etype_list] principal\n"); + "\tark [-e etype_list] principal\n" + "\nwhere,\n\t[-x db_args]* - any number of database specific arguments.\n" + "\t\t\tLook at each database documentation for supported arguments\n"); exit(1); } @@ -101,7 +99,6 @@ extern krb5_keyblock master_keyblock; extern krb5_principal master_princ; krb5_db_entry master_entry; int valid_master_key = 0; -int close_policy_db = 0; char *progname; krb5_boolean manual_mkey = FALSE; @@ -123,8 +120,8 @@ struct _cmd_table { {"stash", kdb5_stash, 1}, {"dump", dump_db, 1}, {"load", load_db, 0}, - {"dump_v4", dump_v4db, 1}, - {"load_v4", load_v4db, 0}, +/* {"dump_v4", dump_v4db, 1}, */ +/* {"load_v4", load_v4db, 0}, */ {"ark", add_random_key, 1}, {NULL, NULL, 0}, }; @@ -144,6 +141,9 @@ static struct _cmd_table *cmd_lookup(name) } #define ARG_VAL (--argc > 0 ? (koptarg = *(++argv)) : (char *)(usage(), NULL)) + +char **db5util_db_args = NULL; +int db5util_db_args_size = 0; int main(argc, argv) int argc; @@ -151,6 +151,7 @@ int main(argc, argv) { struct _cmd_table *cmd = NULL; char *koptarg, **cmd_argv; + char *db_name_tmp = NULL; int cmd_argc; krb5_error_code retval; @@ -159,7 +160,8 @@ int main(argc, argv) com_err (progname, retval, "while initializing Kerberos code"); exit(1); } - initialize_adb_error_table(); + +/* initialize_adb_error_table(); */ progname = (strrchr(argv[0], '/') ? strrchr(argv[0], '/')+1 : argv[0]); @@ -179,6 +181,47 @@ int main(argc, argv) } else if (strcmp(*argv, "-d") == 0 && ARG_VAL) { global_params.dbname = koptarg; global_params.mask |= KADM5_CONFIG_DBNAME; + + db_name_tmp = malloc( strlen(global_params.dbname) + sizeof("dbname=")); + if( db_name_tmp == NULL ) + { + com_err(progname, ENOMEM, "while parsing command arguments"); + exit(1); + } + + strcpy( db_name_tmp, "dbname="); + strcat( db_name_tmp, global_params.dbname ); + + db5util_db_args_size++; + { + char **temp = realloc( db5util_db_args, sizeof(char*) * (db5util_db_args_size+1)); /* one for NULL */ + if( temp == NULL ) + { + com_err(progname, ENOMEM, "while parsing command arguments\n"); + exit(1); + } + + db5util_db_args = temp; + } + db5util_db_args[db5util_db_args_size-1] = db_name_tmp; + db5util_db_args[db5util_db_args_size] = NULL; + + } else if (strcmp(*argv, "-x") == 0 && ARG_VAL) { + db5util_db_args_size++; + { + char **temp = realloc( db5util_db_args, sizeof(char*) * (db5util_db_args_size+1)); /* one for NULL */ + if( temp == NULL ) + { + fprintf(stderr,"%s: Cannot initialize. Not enough memory\n", + argv[0]); + exit(1); + } + + db5util_db_args = temp; + } + db5util_db_args[db5util_db_args_size-1] = koptarg; + db5util_db_args[db5util_db_args_size] = NULL; + } else if (strcmp(*argv, "-r") == 0 && ARG_VAL) { global_params.realm = koptarg; global_params.mask |= KADM5_CONFIG_REALM; @@ -217,6 +260,18 @@ int main(argc, argv) if (cmd_argv[0] == NULL) usage(); + if( !util_context->default_realm ) + { + char *temp = NULL; + retval = krb5_get_default_realm(util_context, &temp); + if( retval ) + { + com_err (progname, retval, "while getting default realm"); + exit(1); + } + util_context->default_realm = temp; + } + retval = kadm5_get_config_params(util_context, NULL, NULL, &global_params, &global_params); if (retval) { @@ -243,9 +298,12 @@ int main(argc, argv) (*cmd->func)(cmd_argc, cmd_argv); - if(close_policy_db) { - (void) osa_adb_close_policy(policy_db); - } + if( db_name_tmp ) + free( db_name_tmp ); + + if( db5util_db_args ) + free(db5util_db_args); + kadm5_free_config_params(util_context, &global_params); krb5_free_context(util_context); return exit_status; @@ -307,22 +365,11 @@ static int open_db_and_mkey() dbactive = FALSE; valid_master_key = 0; - if ((retval = krb5_db_set_name(util_context, global_params.dbname))) { - com_err(progname, retval, "while setting active database to '%s'", - global_params.dbname); - exit_status++; - return(1); - } - if ((retval = krb5_db_init(util_context))) { + if ((retval = krb5_db_open(util_context, db5util_db_args, KRB5_KDB_OPEN_RW))) { com_err(progname, retval, "while initializing database"); exit_status++; return(1); } - if ((retval = osa_adb_open_policy(&policy_db, &global_params))) { - com_err(progname, retval, "opening policy database"); - exit_status++; - return (1); - } /* assemble & parse the master key name */ @@ -497,7 +544,7 @@ add_random_key(argc, argv) } if (more) { fprintf(stderr, "principal %s not unique\n", pr_str); - krb5_dbe_free_contents(util_context, &dbent); + krb5_db_free_principal(util_context, &dbent, 1); exit_status++; return; } @@ -523,7 +570,7 @@ add_random_key(argc, argv) free(keysalts); if (ret) { com_err(me, ret, "while randomizing principal %s", pr_str); - krb5_dbe_free_contents(util_context, &dbent); + krb5_db_free_principal(util_context, &dbent, 1); exit_status++; return; } @@ -531,19 +578,19 @@ add_random_key(argc, argv) ret = krb5_timeofday(util_context, &now); if (ret) { com_err(me, ret, "while getting time"); - krb5_dbe_free_contents(util_context, &dbent); + krb5_db_free_principal(util_context, &dbent, 1); exit_status++; return; } ret = krb5_dbe_update_last_pwd_change(util_context, &dbent, now); if (ret) { com_err(me, ret, "while setting changetime"); - krb5_dbe_free_contents(util_context, &dbent); + krb5_db_free_principal(util_context, &dbent, 1); exit_status++; return; } ret = krb5_db_put_principal(util_context, &dbent, &n); - krb5_dbe_free_contents(util_context, &dbent); + krb5_db_free_principal(util_context, &dbent, 1); if (ret) { com_err(me, ret, "while saving principal %s", pr_str); exit_status++; diff --git a/src/kadmin/dbutil/kdb5_util.h b/src/kadmin/dbutil/kdb5_util.h index c63ca0371..bb6b0ac64 100644 --- a/src/kadmin/dbutil/kdb5_util.h +++ b/src/kadmin/dbutil/kdb5_util.h @@ -40,6 +40,8 @@ extern krb5_context util_context; extern kadm5_config_params global_params; extern int valid_master_key; extern krb5_db_entry master_db; +extern char **db5util_db_args; +extern int db5util_db_args_size; extern void usage(void); @@ -67,8 +69,7 @@ extern int kadm5_create_magic_princs (kadm5_config_params *params, extern int process_ov_principal (char *fname, krb5_context kcontext, FILE *filep, int verbose, - int *linenop, - void *pol_db); + int *linenop); extern void load_db (int argc, char **argv); extern void dump_db (int argc, char **argv); diff --git a/src/kadmin/dbutil/ovload.c b/src/kadmin/dbutil/ovload.c index 15978f8a3..f4338bc90 100644 --- a/src/kadmin/dbutil/ovload.c +++ b/src/kadmin/dbutil/ovload.c @@ -5,7 +5,10 @@ #include #endif -#include +#include +#include +#include +#include #include "import_err.h" #include "kdb5_util.h" #include "nstrtok.h" @@ -92,17 +95,16 @@ done: * [modifies] * */ -int process_ov_principal(fname, kcontext, filep, verbose, linenop, pol_db) +int process_ov_principal(fname, kcontext, filep, verbose, linenop) char *fname; krb5_context kcontext; FILE *filep; int verbose; int *linenop; - void *pol_db; { XDR xdrs; osa_princ_ent_t rec; - osa_adb_ret_t ret; + krb5_error_code ret; krb5_tl_data tl_data; krb5_principal princ; krb5_db_entry kdb; @@ -177,7 +179,7 @@ int process_ov_principal(fname, kcontext, filep, verbose, linenop, pol_db) xdralloc_create(&xdrs, XDR_ENCODE); if (! xdr_osa_princ_ent_rec(&xdrs, rec)) { xdr_destroy(&xdrs); - ret = OSA_ADB_XDR_FAILURE; + ret = KADM5_XDR_FAILURE; goto done; } diff --git a/src/kadmin/passwd/ChangeLog b/src/kadmin/passwd/ChangeLog index 2d6427994..dec816422 100644 --- a/src/kadmin/passwd/ChangeLog +++ b/src/kadmin/passwd/ChangeLog @@ -1,3 +1,8 @@ +2005-06-20 Ken Raeburn + + Novell merge. + * kpasswd.c: + 2003-01-07 Ken Raeburn * Makefile.ov: Deleted. diff --git a/src/kadmin/passwd/kpasswd.c b/src/kadmin/passwd/kpasswd.c index 912990d2d..ca47fca5b 100644 --- a/src/kadmin/passwd/kpasswd.c +++ b/src/kadmin/passwd/kpasswd.c @@ -183,6 +183,7 @@ kpasswd(context, argc, argv) /* someday */, OVSEC_KADM_STRUCT_VERSION, OVSEC_KADM_API_VERSION_1, + NULL, &server_handle); if (code != 0) { if (code == OVSEC_KADM_BAD_PASSWORD) diff --git a/src/kadmin/server/ChangeLog b/src/kadmin/server/ChangeLog index 24694c31c..12c9bce4c 100644 --- a/src/kadmin/server/ChangeLog +++ b/src/kadmin/server/ChangeLog @@ -1,3 +1,11 @@ +2005-06-20 Ken Raeburn + + Novell merge. + * Makefile.in: + * misc.c: + * ovsec_kadmd.c: + * server_stubs.c: + 2005-04-13 Ken Raeburn * schpw.c (NEED_SOCKETS): Don't define. diff --git a/src/kadmin/server/Makefile.in b/src/kadmin/server/Makefile.in index 17406e77a..74a8e1bb3 100644 --- a/src/kadmin/server/Makefile.in +++ b/src/kadmin/server/Makefile.in @@ -2,6 +2,7 @@ thisconfigdir=./.. myfulldir=kadmin/server mydir=server BUILDTOP=$(REL)..$(S).. +KDB_DEP_LIB=-ldl -lpthread LOCALINCLUDES = -I$(SRCTOP)/lib/gssapi/generic -I$(SRCTOP)/lib/gssapi/krb5 \ -I$(BUILDTOP)/lib/gssapi/generic -I$(BUILDTOP)/lib/gssapi/krb5 @@ -15,7 +16,7 @@ OBJS = kadm_rpc_svc.o server_stubs.o ovsec_kadmd.o schpw.o misc.o server_glue_v1 all:: $(PROG) $(PROG): $(OBJS) $(KADMSRV_DEPLIBS) $(KRB5_BASE_DEPLIBS) $(APPUTILS_DEPLIB) - $(CC_LINK) -o $(PROG) $(OBJS) $(KADMSRV_LIBS) $(KRB5_BASE_LIBS) $(APPUTILS_LIB) + $(CC_LINK) -o $(PROG) $(OBJS) $(KADMSRV_LIBS) $(KDB_DEP_LIB) $(KRB5_BASE_LIBS) $(APPUTILS_LIB) install:: $(INSTALL_PROGRAM) $(PROG) ${DESTDIR}$(SERVER_BINDIR)/$(PROG) diff --git a/src/kadmin/server/misc.c b/src/kadmin/server/misc.c index f2afd23af..fb9c3a541 100644 --- a/src/kadmin/server/misc.c +++ b/src/kadmin/server/misc.c @@ -3,9 +3,9 @@ * */ -#include -#include +#include #include +#include #include "misc.h" /* @@ -125,7 +125,7 @@ check_min_life(void *server_handle, krb5_principal principal) ret = kadm5_get_principal(handle->lhandle, principal, &princ, KADM5_PRINCIPAL_NORMAL_MASK); - if(ret != OSA_ADB_OK) + if(ret) return ret; if(princ.aux_attributes & KADM5_POLICY) { if((ret=kadm5_get_policy(handle->lhandle, diff --git a/src/kadmin/server/ovsec_kadmd.c b/src/kadmin/server/ovsec_kadmd.c index 8709198d6..31cc25223 100644 --- a/src/kadmin/server/ovsec_kadmd.c +++ b/src/kadmin/server/ovsec_kadmd.c @@ -41,6 +41,7 @@ #include #include #include /* inet_ntoa */ +#include #include #include #include "gssapiP_krb5.h" /* for kg_get_context */ @@ -130,11 +131,14 @@ void kadm5_set_use_password_server (void); static void usage() { - fprintf(stderr, "Usage: kadmind [-r realm] [-m] [-nofork] " + fprintf(stderr, "Usage: kadmind [-x db_args]* [-r realm] [-m] [-nofork] " #ifdef USE_PASSWORD_SERVER "[-passwordserver] " #endif - "[-port port-number]\n"); + "[-port port-number]\n" + "\nwhere,\n\t[-x db_args]* - any number of database specific arguments.\n" + "\t\t\tLook at each database documentation for supported arguments\n" + ); exit(1); } @@ -210,6 +214,8 @@ int main(int argc, char *argv[]) gss_buffer_desc gssbuf; gss_OID nt_krb5_name_oid; kadm5_config_params params; + char **db_args = NULL; + int db_args_size = 0; setvbuf(stderr, NULL, _IONBF, 0); @@ -238,7 +244,24 @@ int main(int argc, char *argv[]) argc--; argv++; while (argc) { - if (strcmp(*argv, "-r") == 0) { + if (strcmp(*argv, "-x") == 0) { + argc--; argv++; + if (!argc) + usage(); + db_args_size++; + { + char **temp = realloc( db_args, sizeof(char*) * (db_args_size+1)); /* one for NULL */ + if( temp == NULL ) + { + fprintf(stderr,"%s: cannot initialize. Not enough memory\n", + whoami); + exit(1); + } + db_args = temp; + } + db_args[db_args_size-1] = *argv; + db_args[db_args_size] = NULL; + }else if (strcmp(*argv, "-r") == 0) { argc--; argv++; if (!argc) usage(); @@ -290,22 +313,30 @@ int main(int argc, char *argv[]) NULL, ¶ms, KADM5_STRUCT_VERSION, KADM5_API_VERSION_2, + db_args, &global_server_handle)) != KADM5_OK) { + const char *e_txt = error_message(ret); krb5_klog_syslog(LOG_ERR, "%s while initializing, aborting", - error_message(ret)); + e_txt); fprintf(stderr, "%s: %s while initializing, aborting\n", - whoami, error_message(ret)); + whoami, e_txt); krb5_klog_close(context); exit(1); } + + if( db_args ) + { + free(db_args), db_args=NULL; + } if ((ret = kadm5_get_config_params(context, NULL, NULL, ¶ms, ¶ms))) { + const char *e_txt = error_message(ret); krb5_klog_syslog(LOG_ERR, "%s: %s while initializing, aborting", - whoami, error_message(ret)); + whoami, e_txt); fprintf(stderr, "%s: %s while initializing, aborting\n", - whoami, error_message(ret)); + whoami, e_txt); kadm5_destroy(global_server_handle); krb5_klog_close(context); exit(1); @@ -331,21 +362,23 @@ int main(int argc, char *argv[]) addr.sin_port = htons(params.kadmind_port); if ((s = socket(AF_INET, SOCK_STREAM, 0)) < 0) { + const char *e_txt = error_message(errno); krb5_klog_syslog(LOG_ERR, "Cannot create TCP socket: %s", - error_message(errno)); + e_txt); fprintf(stderr, "Cannot create TCP socket: %s", - error_message(errno)); + e_txt); kadm5_destroy(global_server_handle); krb5_klog_close(context); exit(1); } if ((schpw = socket(AF_INET, SOCK_DGRAM, 0)) < 0) { + const char *e_txt = error_message(errno); krb5_klog_syslog(LOG_ERR, "cannot create simple chpw socket: %s", - error_message(errno)); + e_txt); fprintf(stderr, "Cannot create simple chpw socket: %s", - error_message(errno)); + e_txt); kadm5_destroy(global_server_handle); krb5_klog_close(context); exit(1); @@ -369,22 +402,24 @@ int main(int argc, char *argv[]) SO_REUSEADDR, (char *) &allowed, sizeof(allowed)) < 0) { + const char *e_txt = error_message(errno); krb5_klog_syslog(LOG_ERR, "Cannot set SO_REUSEADDR: %s", - error_message(errno)); + e_txt); fprintf(stderr, "Cannot set SO_REUSEADDR: %s", - error_message(errno)); + e_txt); kadm5_destroy(global_server_handle); krb5_klog_close(context); exit(1); } if (setsockopt(schpw, SOL_SOCKET, SO_REUSEADDR, (char *) &allowed, sizeof(allowed)) < 0) { + const char *e_txt = error_message(errno); krb5_klog_syslog(LOG_ERR, "main", "cannot set SO_REUSEADDR on simple chpw socket: %s", - error_message(errno)); + e_txt); fprintf(stderr, "Cannot set SO_REUSEADDR on simple chpw socket: %s", - error_message(errno)); + e_txt); kadm5_destroy(global_server_handle); krb5_klog_close(context); } @@ -398,11 +433,12 @@ int main(int argc, char *argv[]) if (bind(s, (struct sockaddr *)&addr, sizeof(addr)) < 0) { int oerrno = errno; + const char *e_txt = error_message(errno); fprintf(stderr, "%s: Cannot bind socket.\n", whoami); - fprintf(stderr, "bind: %s\n", error_message(oerrno)); + fprintf(stderr, "bind: %s\n", e_txt); errno = oerrno; krb5_klog_syslog(LOG_ERR, "Cannot bind socket: %s", - error_message(errno)); + e_txt); if(oerrno == EADDRINUSE) { char *w = strrchr(whoami, '/'); if (w) { @@ -438,12 +474,13 @@ int main(int argc, char *argv[]) if (bind(schpw, (struct sockaddr *)&addr, sizeof(addr)) < 0) { char portbuf[32]; int oerrno = errno; + const char *e_txt = error_message(errno); fprintf(stderr, "%s: Cannot bind socket.\n", whoami); - fprintf(stderr, "bind: %s\n", error_message(oerrno)); + fprintf(stderr, "bind: %s\n", e_txt); errno = oerrno; sprintf(portbuf, "%d", ntohs(addr.sin_port)); krb5_klog_syslog(LOG_ERR, "cannot bind simple chpw socket: %s", - error_message(oerrno)); + e_txt); if(oerrno == EADDRINUSE) { char *w = strrchr(whoami, '/'); if (w) { diff --git a/src/kadmin/server/server_stubs.c b/src/kadmin/server/server_stubs.c index 579498fc1..016288773 100644 --- a/src/kadmin/server/server_stubs.c +++ b/src/kadmin/server/server_stubs.c @@ -250,22 +250,22 @@ create_principal_1_svc(cprinc_arg *arg, struct svc_req *rqstp) xdr_free(xdr_generic_ret, &ret); if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle))) - return &ret; + goto exit_func; if ((ret.code = check_handle((void *)handle))) { free_server_handle(handle); - return &ret; + goto exit_func; } ret.api_version = handle->api_version; if (setup_gss_names(rqstp, &client_name, &service_name) < 0) { ret.code = KADM5_FAILURE; - return &ret; + goto exit_func; } if (krb5_unparse_name(handle->context, arg->rec.principal, &prime_arg)) { ret.code = KADM5_BAD_PRINCIPAL; - return &ret; + goto exit_func; } if (CHANGEPW_SERVICE(rqstp) @@ -281,16 +281,37 @@ create_principal_1_svc(cprinc_arg *arg, struct svc_req *rqstp) ret.code = kadm5_create_principal((void *)handle, &arg->rec, arg->mask, arg->passwd); + if( ret.code == 0 ) + ret.err_str = "success"; + else + ret.err_str = error_message(ret.code); + krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_create_principal", - prime_arg,((ret.code == 0) ? "success" : - error_message(ret.code)), + prime_arg, ret.err_str, client_name.value, service_name.value, inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + + /* xdr free frees this string. so make a copy */ + ret.err_str = strdup( ret.err_str ); + /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */ } free_server_handle(handle); free(prime_arg); gss_release_buffer(&minor_stat, &client_name); gss_release_buffer(&minor_stat, &service_name); + + exit_func: + if( ret.err_str == NULL ) + { + if( ret.code == 0 ) + ret.err_str = "success"; + else + ret.err_str = error_message(ret.code); + + /* xdr free frees this string. so make a copy */ + ret.err_str = strdup( ret.err_str ); + /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */ + } return &ret; } @@ -307,22 +328,22 @@ create_principal3_1_svc(cprinc3_arg *arg, struct svc_req *rqstp) xdr_free(xdr_generic_ret, &ret); if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle))) - return &ret; + goto exit_func; if ((ret.code = check_handle((void *)handle))) { free_server_handle(handle); - return &ret; + goto exit_func; } ret.api_version = handle->api_version; if (setup_gss_names(rqstp, &client_name, &service_name) < 0) { ret.code = KADM5_FAILURE; - return &ret; + goto exit_func; } if (krb5_unparse_name(handle->context, arg->rec.principal, &prime_arg)) { ret.code = KADM5_BAD_PRINCIPAL; - return &ret; + goto exit_func; } if (CHANGEPW_SERVICE(rqstp) @@ -340,16 +361,36 @@ create_principal3_1_svc(cprinc3_arg *arg, struct svc_req *rqstp) arg->n_ks_tuple, arg->ks_tuple, arg->passwd); + if( ret.code == 0 ) + ret.err_str = "success"; + else + ret.err_str = error_message(ret.code); + krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_create_principal", - prime_arg,((ret.code == 0) ? "success" : - error_message(ret.code)), + prime_arg, ret.err_str, client_name.value, service_name.value, inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + + /* xdr free frees this string. so make a copy */ + ret.err_str = strdup( ret.err_str ); + /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */ } free_server_handle(handle); free(prime_arg); gss_release_buffer(&minor_stat, &client_name); gss_release_buffer(&minor_stat, &service_name); +exit_func: + if( ret.err_str == NULL ) + { + if( ret.code == 0 ) + ret.err_str = "success"; + else + ret.err_str = error_message(ret.code); + + /* xdr free frees this string. so make a copy */ + ret.err_str = strdup( ret.err_str ); + /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */ + } return &ret; } @@ -366,22 +407,22 @@ delete_principal_1_svc(dprinc_arg *arg, struct svc_req *rqstp) xdr_free(xdr_generic_ret, &ret); if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle))) - return &ret; + goto exit_func; if ((ret.code = check_handle((void *)handle))) { free_server_handle(handle); - return &ret; + goto exit_func; } ret.api_version = handle->api_version; if (setup_gss_names(rqstp, &client_name, &service_name) < 0) { ret.code = KADM5_FAILURE; - return &ret; + goto exit_func; } if (krb5_unparse_name(handle->context, arg->princ, &prime_arg)) { ret.code = KADM5_BAD_PRINCIPAL; - return &ret; + goto exit_func; } if (CHANGEPW_SERVICE(rqstp) @@ -393,15 +434,37 @@ delete_principal_1_svc(dprinc_arg *arg, struct svc_req *rqstp) inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); } else { ret.code = kadm5_delete_principal((void *)handle, arg->princ); + if( ret.code == 0 ) + ret.err_str = "success"; + else + ret.err_str = error_message(ret.code); + krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_delete_principal", prime_arg, - ((ret.code == 0) ? "success" : error_message(ret.code)), + ret.err_str, client_name.value, service_name.value, inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + + /* xdr free frees this string. so make a copy */ + ret.err_str = strdup( ret.err_str ); + /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */ } free(prime_arg); free_server_handle(handle); gss_release_buffer(&minor_stat, &client_name); gss_release_buffer(&minor_stat, &service_name); + exit_func: + if( ret.err_str == NULL ) + { + if( ret.code == 0 ) + ret.err_str = "success"; + else + ret.err_str = error_message(ret.code); + + /* xdr free frees this string. so make a copy */ + ret.err_str = strdup( ret.err_str ); + /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */ + } + return &ret; } @@ -419,20 +482,20 @@ modify_principal_1_svc(mprinc_arg *arg, struct svc_req *rqstp) xdr_free(xdr_generic_ret, &ret); if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle))) - return &ret; + goto exit_func; if ((ret.code = check_handle((void *)handle))) { free_server_handle(handle); - return &ret; + goto exit_func; } if (setup_gss_names(rqstp, &client_name, &service_name) < 0) { ret.code = KADM5_FAILURE; - return &ret; + goto exit_func; } if (krb5_unparse_name(handle->context, arg->rec.principal, &prime_arg)) { ret.code = KADM5_BAD_PRINCIPAL; - return &ret; + goto exit_func; } if (CHANGEPW_SERVICE(rqstp) @@ -447,16 +510,36 @@ modify_principal_1_svc(mprinc_arg *arg, struct svc_req *rqstp) } else { ret.code = kadm5_modify_principal((void *)handle, &arg->rec, arg->mask); + if( ret.code == 0 ) + ret.err_str = "success"; + else + ret.err_str = error_message(ret.code); + krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_modify_principal", - prime_arg, ((ret.code == 0) ? "success" : - error_message(ret.code)), + prime_arg, ret.err_str, client_name.value, service_name.value, inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + + /* xdr free frees this string. so make a copy */ + ret.err_str = strdup( ret.err_str ); + /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */ } free_server_handle(handle); free(prime_arg); gss_release_buffer(&minor_stat, &client_name); gss_release_buffer(&minor_stat, &service_name); +exit_func: + if( ret.err_str == NULL ) + { + if( ret.code == 0 ) + ret.err_str = "success"; + else + ret.err_str = error_message(ret.code); + + /* xdr free frees this string. so make a copy */ + ret.err_str = strdup( ret.err_str ); + /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */ + } return &ret; } @@ -476,21 +559,21 @@ rename_principal_1_svc(rprinc_arg *arg, struct svc_req *rqstp) xdr_free(xdr_generic_ret, &ret); if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle))) - return &ret; + goto exit_func; if ((ret.code = check_handle((void *)handle))) { free_server_handle(handle); - return &ret; + goto exit_func; } if (setup_gss_names(rqstp, &client_name, &service_name) < 0) { ret.code = KADM5_FAILURE; - return &ret; + goto exit_func; } if (krb5_unparse_name(handle->context, arg->src, &prime_arg1) || krb5_unparse_name(handle->context, arg->dest, &prime_arg2)) { ret.code = KADM5_BAD_PRINCIPAL; - return &ret; + goto exit_func; } sprintf(prime_arg, "%s to %s", prime_arg1, prime_arg2); @@ -516,17 +599,37 @@ rename_principal_1_svc(rprinc_arg *arg, struct svc_req *rqstp) } else { ret.code = kadm5_rename_principal((void *)handle, arg->src, arg->dest); + if( ret.code == 0 ) + ret.err_str = "success"; + else + ret.err_str = error_message(ret.code); + krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_rename_principal", - prime_arg, ((ret.code == 0) ? "success" : - error_message(ret.code)), + prime_arg, ret.err_str, client_name.value, service_name.value, inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + + /* xdr free frees this string. so make a copy */ + ret.err_str = strdup( ret.err_str ); + /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */ } free_server_handle(handle); free(prime_arg1); free(prime_arg2); gss_release_buffer(&minor_stat, &client_name); gss_release_buffer(&minor_stat, &service_name); +exit_func: + if( ret.err_str == NULL ) + { + if( ret.code == 0 ) + ret.err_str = "success"; + else + ret.err_str = error_message(ret.code); + + /* xdr free frees this string. so make a copy */ + ret.err_str = strdup( ret.err_str ); + /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */ + } return &ret; } @@ -544,11 +647,11 @@ get_principal_1_svc(gprinc_arg *arg, struct svc_req *rqstp) xdr_free(xdr_gprinc_ret, &ret); if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle))) - return &ret; + goto exit_func; if ((ret.code = check_handle((void *)handle))) { free_server_handle(handle); - return &ret; + goto exit_func; } ret.api_version = handle->api_version; @@ -558,11 +661,11 @@ get_principal_1_svc(gprinc_arg *arg, struct svc_req *rqstp) if (setup_gss_names(rqstp, &client_name, &service_name) < 0) { ret.code = KADM5_FAILURE; - return &ret; + goto exit_func; } if (krb5_unparse_name(handle->context, arg->princ, &prime_arg)) { ret.code = KADM5_BAD_PRINCIPAL; - return &ret; + goto exit_func; } if (! cmp_gss_krb5_name(handle, rqst2name(rqstp), arg->princ) && @@ -589,16 +692,37 @@ get_principal_1_svc(gprinc_arg *arg, struct svc_req *rqstp) arg->mask); } + if( ret.code == 0 ) + ret.err_str = "success"; + else + ret.err_str = error_message(ret.code); + krb5_klog_syslog(LOG_NOTICE, LOG_DONE, funcname, prime_arg, - ((ret.code == 0) ? "success" : error_message(ret.code)), + ret.err_str, client_name.value, service_name.value, inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + + /* xdr free frees this string. so make a copy */ + ret.err_str = strdup( ret.err_str ); + /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */ } free_server_handle(handle); free(prime_arg); gss_release_buffer(&minor_stat, &client_name); gss_release_buffer(&minor_stat, &service_name); +exit_func: + if( ret.err_str == NULL ) + { + if( ret.code == 0 ) + ret.err_str = "success"; + else + ret.err_str = error_message(ret.code); + + /* xdr free frees this string. so make a copy */ + ret.err_str = strdup( ret.err_str ); + /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */ + } return &ret; } @@ -615,18 +739,18 @@ get_princs_1_svc(gprincs_arg *arg, struct svc_req *rqstp) xdr_free(xdr_gprincs_ret, &ret); if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle))) - return &ret; + goto exit_func; if ((ret.code = check_handle((void *)handle))) { free_server_handle(handle); - return &ret; + goto exit_func; } ret.api_version = handle->api_version; if (setup_gss_names(rqstp, &client_name, &service_name) < 0) { ret.code = KADM5_FAILURE; - return &ret; + goto exit_func; } prime_arg = arg->exp; if (prime_arg == NULL) @@ -645,15 +769,36 @@ get_princs_1_svc(gprincs_arg *arg, struct svc_req *rqstp) ret.code = kadm5_get_principals((void *)handle, arg->exp, &ret.princs, &ret.count); + if( ret.code == 0 ) + ret.err_str = "success"; + else + ret.err_str = error_message(ret.code); + krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_get_principals", prime_arg, - ((ret.code == 0) ? "success" : error_message(ret.code)), + ret.err_str, client_name.value, service_name.value, inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + + /* xdr free frees this string. so make a copy */ + ret.err_str = strdup( ret.err_str ); + /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */ } free_server_handle(handle); gss_release_buffer(&minor_stat, &client_name); gss_release_buffer(&minor_stat, &service_name); +exit_func: + if( ret.err_str == NULL ) + { + if( ret.code == 0 ) + ret.err_str = "success"; + else + ret.err_str = error_message(ret.code); + + /* xdr free frees this string. so make a copy */ + ret.err_str = strdup( ret.err_str ); + /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */ + } return &ret; } @@ -670,22 +815,22 @@ chpass_principal_1_svc(chpass_arg *arg, struct svc_req *rqstp) xdr_free(xdr_generic_ret, &ret); if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle))) - return &ret; + goto exit_func; if ((ret.code = check_handle((void *)handle))) { free_server_handle(handle); - return &ret; + goto exit_func; } ret.api_version = handle->api_version; if (setup_gss_names(rqstp, &client_name, &service_name) < 0) { ret.code = KADM5_FAILURE; - return &ret; + goto exit_func; } if (krb5_unparse_name(handle->context, arg->princ, &prime_arg)) { ret.code = KADM5_BAD_PRINCIPAL; - return &ret; + goto exit_func; } if (cmp_gss_krb5_name(handle, rqst2name(rqstp), arg->princ)) { @@ -704,17 +849,37 @@ chpass_principal_1_svc(chpass_arg *arg, struct svc_req *rqstp) } if(ret.code != KADM5_AUTH_CHANGEPW) { + if( ret.code == 0 ) + ret.err_str = "success"; + else + ret.err_str = error_message(ret.code); + krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_chpass_principal", - prime_arg, ((ret.code == 0) ? "success" : - error_message(ret.code)), + prime_arg, ret.err_str, client_name.value, service_name.value, inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + + /* xdr free frees this string. so make a copy */ + ret.err_str = strdup( ret.err_str ); + /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */ } free_server_handle(handle); free(prime_arg); gss_release_buffer(&minor_stat, &client_name); gss_release_buffer(&minor_stat, &service_name); +exit_func: + if( ret.err_str == NULL ) + { + if( ret.code == 0 ) + ret.err_str = "success"; + else + ret.err_str = error_message(ret.code); + + /* xdr free frees this string. so make a copy */ + ret.err_str = strdup( ret.err_str ); + /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */ + } return &ret; } @@ -731,22 +896,22 @@ chpass_principal3_1_svc(chpass3_arg *arg, struct svc_req *rqstp) xdr_free(xdr_generic_ret, &ret); if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle))) - return &ret; + goto exit_func; if ((ret.code = check_handle((void *)handle))) { free_server_handle(handle); - return &ret; + goto exit_func; } ret.api_version = handle->api_version; if (setup_gss_names(rqstp, &client_name, &service_name) < 0) { ret.code = KADM5_FAILURE; - return &ret; + goto exit_func; } if (krb5_unparse_name(handle->context, arg->princ, &prime_arg)) { ret.code = KADM5_BAD_PRINCIPAL; - return &ret; + goto exit_func; } if (cmp_gss_krb5_name(handle, rqst2name(rqstp), arg->princ)) { @@ -771,17 +936,37 @@ chpass_principal3_1_svc(chpass3_arg *arg, struct svc_req *rqstp) } if(ret.code != KADM5_AUTH_CHANGEPW) { + if( ret.code == 0 ) + ret.err_str = "success"; + else + ret.err_str = error_message(ret.code); + krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_chpass_principal", - prime_arg, ((ret.code == 0) ? "success" : - error_message(ret.code)), + prime_arg, ret.err_str, client_name.value, service_name.value, inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + + /* xdr free frees this string. so make a copy */ + ret.err_str = strdup( ret.err_str ); + /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */ } free_server_handle(handle); free(prime_arg); gss_release_buffer(&minor_stat, &client_name); gss_release_buffer(&minor_stat, &service_name); +exit_func: + if( ret.err_str == NULL ) + { + if( ret.code == 0 ) + ret.err_str = "success"; + else + ret.err_str = error_message(ret.code); + + /* xdr free frees this string. so make a copy */ + ret.err_str = strdup( ret.err_str ); + /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */ + } return &ret; } @@ -798,22 +983,22 @@ setv4key_principal_1_svc(setv4key_arg *arg, struct svc_req *rqstp) xdr_free(xdr_generic_ret, &ret); if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle))) - return &ret; + goto exit_func; if ((ret.code = check_handle((void *)handle))) { free_server_handle(handle); - return &ret; + goto exit_func; } ret.api_version = handle->api_version; if (setup_gss_names(rqstp, &client_name, &service_name) < 0) { ret.code = KADM5_FAILURE; - return &ret; + goto exit_func; } if (krb5_unparse_name(handle->context, arg->princ, &prime_arg)) { ret.code = KADM5_BAD_PRINCIPAL; - return &ret; + goto exit_func; } if (!(CHANGEPW_SERVICE(rqstp)) && @@ -829,17 +1014,37 @@ setv4key_principal_1_svc(setv4key_arg *arg, struct svc_req *rqstp) } if(ret.code != KADM5_AUTH_SETKEY) { + if( ret.code == 0 ) + ret.err_str = "success"; + else + ret.err_str = error_message(ret.code); + krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_setv4key_principal", - prime_arg, ((ret.code == 0) ? "success" : - error_message(ret.code)), + prime_arg, ret.err_str, client_name.value, service_name.value, inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + + /* xdr free frees this string. so make a copy */ + ret.err_str = strdup( ret.err_str ); + /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */ } free_server_handle(handle); free(prime_arg); gss_release_buffer(&minor_stat, &client_name); gss_release_buffer(&minor_stat, &service_name); +exit_func: + if( ret.err_str == NULL ) + { + if( ret.code == 0 ) + ret.err_str = "success"; + else + ret.err_str = error_message(ret.code); + + /* xdr free frees this string. so make a copy */ + ret.err_str = strdup( ret.err_str ); + /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */ + } return &ret; } @@ -856,22 +1061,22 @@ setkey_principal_1_svc(setkey_arg *arg, struct svc_req *rqstp) xdr_free(xdr_generic_ret, &ret); if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle))) - return &ret; + goto exit_func; if ((ret.code = check_handle((void *)handle))) { free_server_handle(handle); - return &ret; + goto exit_func; } ret.api_version = handle->api_version; if (setup_gss_names(rqstp, &client_name, &service_name) < 0) { ret.code = KADM5_FAILURE; - return &ret; + goto exit_func; } if (krb5_unparse_name(handle->context, arg->princ, &prime_arg)) { ret.code = KADM5_BAD_PRINCIPAL; - return &ret; + goto exit_func; } if (!(CHANGEPW_SERVICE(rqstp)) && @@ -887,17 +1092,37 @@ setkey_principal_1_svc(setkey_arg *arg, struct svc_req *rqstp) } if(ret.code != KADM5_AUTH_SETKEY) { + if( ret.code == 0 ) + ret.err_str = "success"; + else + ret.err_str = error_message(ret.code); + krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_setkey_principal", - prime_arg, ((ret.code == 0) ? "success" : - error_message(ret.code)), + prime_arg, ret.err_str, client_name.value, service_name.value, inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + + /* xdr free frees this string. so make a copy */ + ret.err_str = strdup( ret.err_str ); + /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */ } free_server_handle(handle); free(prime_arg); gss_release_buffer(&minor_stat, &client_name); gss_release_buffer(&minor_stat, &service_name); +exit_func: + if( ret.err_str == NULL ) + { + if( ret.code == 0 ) + ret.err_str = "success"; + else + ret.err_str = error_message(ret.code); + + /* xdr free frees this string. so make a copy */ + ret.err_str = strdup( ret.err_str ); + /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */ + } return &ret; } @@ -914,22 +1139,22 @@ setkey_principal3_1_svc(setkey3_arg *arg, struct svc_req *rqstp) xdr_free(xdr_generic_ret, &ret); if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle))) - return &ret; + goto exit_func; if ((ret.code = check_handle((void *)handle))) { free_server_handle(handle); - return &ret; + goto exit_func; } ret.api_version = handle->api_version; if (setup_gss_names(rqstp, &client_name, &service_name) < 0) { ret.code = KADM5_FAILURE; - return &ret; + goto exit_func; } if (krb5_unparse_name(handle->context, arg->princ, &prime_arg)) { ret.code = KADM5_BAD_PRINCIPAL; - return &ret; + goto exit_func; } if (!(CHANGEPW_SERVICE(rqstp)) && @@ -948,17 +1173,37 @@ setkey_principal3_1_svc(setkey3_arg *arg, struct svc_req *rqstp) } if(ret.code != KADM5_AUTH_SETKEY) { + if( ret.code == 0 ) + ret.err_str = "success"; + else + ret.err_str = error_message(ret.code); + krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_setkey_principal", - prime_arg, ((ret.code == 0) ? "success" : - error_message(ret.code)), + prime_arg, ret.err_str, client_name.value, service_name.value, inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + + /* xdr free frees this string. so make a copy */ + ret.err_str = strdup( ret.err_str ); + /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */ } free_server_handle(handle); free(prime_arg); gss_release_buffer(&minor_stat, &client_name); gss_release_buffer(&minor_stat, &service_name); +exit_func: + if( ret.err_str == NULL ) + { + if( ret.code == 0 ) + ret.err_str = "success"; + else + ret.err_str = error_message(ret.code); + + /* xdr free frees this string. so make a copy */ + ret.err_str = strdup( ret.err_str ); + /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */ + } return &ret; } @@ -977,11 +1222,12 @@ chrand_principal_1_svc(chrand_arg *arg, struct svc_req *rqstp) xdr_free(xdr_chrand_ret, &ret); if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle))) - return &ret; + goto exit_func; + if ((ret.code = check_handle((void *)handle))) { free_server_handle(handle); - return &ret; + goto exit_func; } ret.api_version = handle->api_version; @@ -992,11 +1238,11 @@ chrand_principal_1_svc(chrand_arg *arg, struct svc_req *rqstp) if (setup_gss_names(rqstp, &client_name, &service_name) < 0) { ret.code = KADM5_FAILURE; free_server_handle(handle); - return &ret; + goto exit_func; } if (krb5_unparse_name(handle->context, arg->princ, &prime_arg)) { ret.code = KADM5_BAD_PRINCIPAL; - return &ret; + goto exit_func; } if (cmp_gss_krb5_name(handle, rqst2name(rqstp), arg->princ)) { @@ -1025,16 +1271,36 @@ chrand_principal_1_svc(chrand_arg *arg, struct svc_req *rqstp) } if(ret.code != KADM5_AUTH_CHANGEPW) { + if( ret.code == 0 ) + ret.err_str = "success"; + else + ret.err_str = error_message(ret.code); + krb5_klog_syslog(LOG_NOTICE, LOG_DONE, funcname, - prime_arg, ((ret.code == 0) ? "success" : - error_message(ret.code)), + prime_arg, ret.err_str, client_name.value, service_name.value, inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + + /* xdr free frees this string. so make a copy */ + ret.err_str = strdup( ret.err_str ); + /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */ } free_server_handle(handle); free(prime_arg); gss_release_buffer(&minor_stat, &client_name); gss_release_buffer(&minor_stat, &service_name); +exit_func: + if( ret.err_str == NULL ) + { + if( ret.code == 0 ) + ret.err_str = "success"; + else + ret.err_str = error_message(ret.code); + + /* xdr free frees this string. so make a copy */ + ret.err_str = strdup( ret.err_str ); + /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */ + } return &ret; } @@ -1053,11 +1319,11 @@ chrand_principal3_1_svc(chrand3_arg *arg, struct svc_req *rqstp) xdr_free(xdr_chrand_ret, &ret); if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle))) - return &ret; + goto exit_func; if ((ret.code = check_handle((void *)handle))) { free_server_handle(handle); - return &ret; + goto exit_func; } ret.api_version = handle->api_version; @@ -1068,11 +1334,11 @@ chrand_principal3_1_svc(chrand3_arg *arg, struct svc_req *rqstp) if (setup_gss_names(rqstp, &client_name, &service_name) < 0) { ret.code = KADM5_FAILURE; free_server_handle(handle); - return &ret; + goto exit_func; } if (krb5_unparse_name(handle->context, arg->princ, &prime_arg)) { ret.code = KADM5_BAD_PRINCIPAL; - return &ret; + goto exit_func; } if (cmp_gss_krb5_name(handle, rqst2name(rqstp), arg->princ)) { @@ -1107,16 +1373,36 @@ chrand_principal3_1_svc(chrand3_arg *arg, struct svc_req *rqstp) } if(ret.code != KADM5_AUTH_CHANGEPW) { + if( ret.code == 0 ) + ret.err_str = "success"; + else + ret.err_str = error_message(ret.code); + krb5_klog_syslog(LOG_NOTICE, LOG_DONE, funcname, - prime_arg, ((ret.code == 0) ? "success" : - error_message(ret.code)), + prime_arg, ret.err_str, client_name.value, service_name.value, inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + + /* xdr free frees this string. so make a copy */ + ret.err_str = strdup( ret.err_str ); + /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */ } free_server_handle(handle); free(prime_arg); gss_release_buffer(&minor_stat, &client_name); gss_release_buffer(&minor_stat, &service_name); +exit_func: + if( ret.err_str == NULL ) + { + if( ret.code == 0 ) + ret.err_str = "success"; + else + ret.err_str = error_message(ret.code); + + /* xdr free frees this string. so make a copy */ + ret.err_str = strdup( ret.err_str ); + /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */ + } return &ret; } @@ -1133,18 +1419,18 @@ create_policy_1_svc(cpol_arg *arg, struct svc_req *rqstp) xdr_free(xdr_generic_ret, &ret); if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle))) - return &ret; + goto exit_func; if ((ret.code = check_handle((void *)handle))) { free_server_handle(handle); - return &ret; + goto exit_func; } ret.api_version = handle->api_version; if (setup_gss_names(rqstp, &client_name, &service_name) < 0) { ret.code = KADM5_FAILURE; - return &ret; + goto exit_func; } prime_arg = arg->rec.policy; @@ -1159,15 +1445,36 @@ create_policy_1_svc(cpol_arg *arg, struct svc_req *rqstp) } else { ret.code = kadm5_create_policy((void *)handle, &arg->rec, arg->mask); + if( ret.code == 0 ) + ret.err_str = "success"; + else + ret.err_str = error_message(ret.code); + krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_create_policy", ((prime_arg == NULL) ? "(null)" : prime_arg), - ((ret.code == 0) ? "success" : error_message(ret.code)), + ret.err_str, client_name.value, service_name.value, inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + + /* xdr free frees this string. so make a copy */ + ret.err_str = strdup( ret.err_str ); + /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */ } free_server_handle(handle); gss_release_buffer(&minor_stat, &client_name); gss_release_buffer(&minor_stat, &service_name); +exit_func: + if( ret.err_str == NULL ) + { + if( ret.code == 0 ) + ret.err_str = "success"; + else + ret.err_str = error_message(ret.code); + + /* xdr free frees this string. so make a copy */ + ret.err_str = strdup( ret.err_str ); + /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */ + } return &ret; } @@ -1184,18 +1491,18 @@ delete_policy_1_svc(dpol_arg *arg, struct svc_req *rqstp) xdr_free(xdr_generic_ret, &ret); if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle))) - return &ret; + goto exit_func; if ((ret.code = check_handle((void *)handle))) { free_server_handle(handle); - return &ret; + goto exit_func; } ret.api_version = handle->api_version; if (setup_gss_names(rqstp, &client_name, &service_name) < 0) { ret.code = KADM5_FAILURE; - return &ret; + goto exit_func; } prime_arg = arg->name; @@ -1208,15 +1515,36 @@ delete_policy_1_svc(dpol_arg *arg, struct svc_req *rqstp) ret.code = KADM5_AUTH_DELETE; } else { ret.code = kadm5_delete_policy((void *)handle, arg->name); + if( ret.code == 0 ) + ret.err_str = "success"; + else + ret.err_str = error_message(ret.code); + krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_delete_policy", ((prime_arg == NULL) ? "(null)" : prime_arg), - ((ret.code == 0) ? "success" : error_message(ret.code)), + ret.err_str, client_name.value, service_name.value, inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + + /* xdr free frees this string. so make a copy */ + ret.err_str = strdup( ret.err_str ); + /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */ } free_server_handle(handle); gss_release_buffer(&minor_stat, &client_name); gss_release_buffer(&minor_stat, &service_name); +exit_func: + if( ret.err_str == NULL ) + { + if( ret.code == 0 ) + ret.err_str = "success"; + else + ret.err_str = error_message(ret.code); + + /* xdr free frees this string. so make a copy */ + ret.err_str = strdup( ret.err_str ); + /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */ + } return &ret; } @@ -1233,18 +1561,18 @@ modify_policy_1_svc(mpol_arg *arg, struct svc_req *rqstp) xdr_free(xdr_generic_ret, &ret); if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle))) - return &ret; + goto exit_func; if ((ret.code = check_handle((void *)handle))) { free_server_handle(handle); - return &ret; + goto exit_func; } ret.api_version = handle->api_version; if (setup_gss_names(rqstp, &client_name, &service_name) < 0) { ret.code = KADM5_FAILURE; - return &ret; + goto exit_func; } prime_arg = arg->rec.policy; @@ -1258,15 +1586,36 @@ modify_policy_1_svc(mpol_arg *arg, struct svc_req *rqstp) } else { ret.code = kadm5_modify_policy((void *)handle, &arg->rec, arg->mask); + if( ret.code == 0 ) + ret.err_str = "success"; + else + ret.err_str = error_message(ret.code); + krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_modify_policy", ((prime_arg == NULL) ? "(null)" : prime_arg), - ((ret.code == 0) ? "success" : error_message(ret.code)), + ret.err_str, client_name.value, service_name.value, inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + + /* xdr free frees this string. so make a copy */ + ret.err_str = strdup( ret.err_str ); + /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */ } free_server_handle(handle); gss_release_buffer(&minor_stat, &client_name); gss_release_buffer(&minor_stat, &service_name); +exit_func: + if( ret.err_str == NULL ) + { + if( ret.code == 0 ) + ret.err_str = "success"; + else + ret.err_str = error_message(ret.code); + + /* xdr free frees this string. so make a copy */ + ret.err_str = strdup( ret.err_str ); + /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */ + } return &ret; } @@ -1286,11 +1635,11 @@ get_policy_1_svc(gpol_arg *arg, struct svc_req *rqstp) xdr_free(xdr_gpol_ret, &ret); if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle))) - return &ret; + goto exit_func; if ((ret.code = check_handle((void *)handle))) { free_server_handle(handle); - return &ret; + goto exit_func; } ret.api_version = handle->api_version; @@ -1300,7 +1649,7 @@ get_policy_1_svc(gpol_arg *arg, struct svc_req *rqstp) if (setup_gss_names(rqstp, &client_name, &service_name) < 0) { ret.code = KADM5_FAILURE; - return &ret; + goto exit_func; } prime_arg = arg->name; @@ -1337,11 +1686,20 @@ get_policy_1_svc(gpol_arg *arg, struct svc_req *rqstp) &ret.rec); } + if( ret.code == 0 ) + ret.err_str = "success"; + else + ret.err_str = error_message(ret.code); + krb5_klog_syslog(LOG_NOTICE, LOG_DONE, funcname, ((prime_arg == NULL) ? "(null)" : prime_arg), - ((ret.code == 0) ? "success" : error_message(ret.code)), + ret.err_str, client_name.value, service_name.value, inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + + /* xdr free frees this string. so make a copy */ + ret.err_str = strdup( ret.err_str ); + /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */ } else { krb5_klog_syslog(LOG_NOTICE, LOG_UNAUTH, funcname, prime_arg, client_name.value, service_name.value, @@ -1350,6 +1708,18 @@ get_policy_1_svc(gpol_arg *arg, struct svc_req *rqstp) free_server_handle(handle); gss_release_buffer(&minor_stat, &client_name); gss_release_buffer(&minor_stat, &service_name); +exit_func: + if( ret.err_str == NULL ) + { + if( ret.code == 0 ) + ret.err_str = "success"; + else + ret.err_str = error_message(ret.code); + + /* xdr free frees this string. so make a copy */ + ret.err_str = strdup( ret.err_str ); + /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */ + } return &ret; } @@ -1367,18 +1737,18 @@ get_pols_1_svc(gpols_arg *arg, struct svc_req *rqstp) xdr_free(xdr_gpols_ret, &ret); if ((ret.code = new_server_handle(arg->api_version, rqstp, &handle))) - return &ret; + goto exit_func; if ((ret.code = check_handle((void *)handle))) { free_server_handle(handle); - return &ret; + goto exit_func; } ret.api_version = handle->api_version; if (setup_gss_names(rqstp, &client_name, &service_name) < 0) { ret.code = KADM5_FAILURE; - return &ret; + goto exit_func; } prime_arg = arg->exp; if (prime_arg == NULL) @@ -1395,15 +1765,36 @@ get_pols_1_svc(gpols_arg *arg, struct svc_req *rqstp) ret.code = kadm5_get_policies((void *)handle, arg->exp, &ret.pols, &ret.count); + if( ret.code == 0 ) + ret.err_str = "success"; + else + ret.err_str = error_message(ret.code); + krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_get_policies", prime_arg, - ((ret.code == 0) ? "success" : error_message(ret.code)), + ret.err_str, client_name.value, service_name.value, inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + + /* xdr free frees this string. so make a copy */ + ret.err_str = strdup( ret.err_str ); + /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */ } free_server_handle(handle); gss_release_buffer(&minor_stat, &client_name); gss_release_buffer(&minor_stat, &service_name); +exit_func: + if( ret.err_str == NULL ) + { + if( ret.code == 0 ) + ret.err_str = "success"; + else + ret.err_str = error_message(ret.code); + + /* xdr free frees this string. so make a copy */ + ret.err_str = strdup( ret.err_str ); + /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */ + } return &ret; } @@ -1417,29 +1808,51 @@ getprivs_ret * get_privs_1_svc(krb5_ui_4 *arg, struct svc_req *rqstp) xdr_free(xdr_getprivs_ret, &ret); if ((ret.code = new_server_handle(*arg, rqstp, &handle))) - return &ret; + goto exit_func; if ((ret.code = check_handle((void *)handle))) { free_server_handle(handle); - return &ret; + goto exit_func; } ret.api_version = handle->api_version; if (setup_gss_names(rqstp, &client_name, &service_name) < 0) { ret.code = KADM5_FAILURE; - return &ret; + goto exit_func; } ret.code = kadm5_get_privs((void *)handle, &ret.privs); + if( ret.code == 0 ) + ret.err_str = "success"; + else + ret.err_str = error_message(ret.code); + krb5_klog_syslog(LOG_NOTICE, LOG_DONE, "kadm5_get_privs", client_name.value, - ((ret.code == 0) ? "success" : error_message(ret.code)), + ret.err_str, client_name.value, service_name.value, inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr)); + + /* xdr free frees this string. so make a copy */ + ret.err_str = strdup( ret.err_str ); + /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */ + free_server_handle(handle); gss_release_buffer(&minor_stat, &client_name); gss_release_buffer(&minor_stat, &service_name); +exit_func: + if( ret.err_str == NULL ) + { + if( ret.code == 0 ) + ret.err_str = "success"; + else + ret.err_str = error_message(ret.code); + + /* xdr free frees this string. so make a copy */ + ret.err_str = strdup( ret.err_str ); + /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */ + } return &ret; } @@ -1454,7 +1867,7 @@ generic_ret *init_1_svc(krb5_ui_4 *arg, struct svc_req *rqstp) xdr_free(xdr_generic_ret, &ret); if ((ret.code = new_server_handle(*arg, rqstp, &handle))) - return &ret; + goto exit_func; if (! (ret.code = check_handle((void *)handle))) { ret.api_version = handle->api_version; } @@ -1463,7 +1876,7 @@ generic_ret *init_1_svc(krb5_ui_4 *arg, struct svc_req *rqstp) if (setup_gss_names(rqstp, &client_name, &service_name) < 0) { ret.code = KADM5_FAILURE; - return &ret; + goto exit_func; } krb5_klog_syslog(LOG_NOTICE, LOG_DONE ", flavor=%d", @@ -1477,6 +1890,18 @@ generic_ret *init_1_svc(krb5_ui_4 *arg, struct svc_req *rqstp) gss_release_buffer(&minor_stat, &client_name); gss_release_buffer(&minor_stat, &service_name); +exit_func: + if( ret.err_str == NULL ) + { + if( ret.code == 0 ) + ret.err_str = "success"; + else + ret.err_str = error_message(ret.code); + + /* xdr free frees this string. so make a copy */ + ret.err_str = strdup( ret.err_str ); + /* no need to check for NULL. Even if it is NULL, atleast error_code will be returned */ + } return(&ret); } diff --git a/src/kadmin/testing/util/ChangeLog b/src/kadmin/testing/util/ChangeLog index f34d8f83c..a81e3491f 100644 --- a/src/kadmin/testing/util/ChangeLog +++ b/src/kadmin/testing/util/ChangeLog @@ -1,3 +1,10 @@ +2005-06-20 Ken Raeburn + + Novell merge. + * Makefile.in: + * tcl_kadm5.c: + * tcl_ovsec_kadm.c: + 2005-02-10 Tom Yu * tcl_kadm5.c (unparse_err): Add entries for KRB5_CC_NOTFOUND and diff --git a/src/kadmin/testing/util/Makefile.in b/src/kadmin/testing/util/Makefile.in index bc3e730be..f53861e21 100644 --- a/src/kadmin/testing/util/Makefile.in +++ b/src/kadmin/testing/util/Makefile.in @@ -2,10 +2,11 @@ thisconfigdir=./../.. myfulldir=kadmin/testing/util mydir=testing/util BUILDTOP=$(REL)..$(S)..$(S).. -LOCALINCLUDES = $(TCL_INCLUDES) +LOCALINCLUDES = $(TCL_INCLUDES) -I$(BUILDTOP)/lib/kdb/ # Force Tcl headers to use stdarg.h, because krb5 does too, and if # Tcl uses varargs.h it'll just mess things up. DEFINES= -DHAS_STDARG +KRB5_PTHREAD_LIB=-lpthread PROG_LIBPATH=-L$(TOPLIBD) $(TCL_LIBPATH) PROG_RPATH=$(KRB5_LIBDIR)$(TCL_RPATH) @@ -29,11 +30,11 @@ all-tcl:: $(CLNTPROG) $(SRVPROG) $(SRVPROG): $(OBJS) $(KADMSRV_DEPLIBS) $(KRB5_BASE_DEPLIBS) $(CC_LINK) -o $(SRVPROG) $(OBJS) $(TCL_MAYBE_RPATH) \ - $(KADMSRV_LIBS) $(KRB5_BASE_LIBS) $(TCL_LIBS) + $(KADMSRV_LIBS) $(KRB5_PTHREAD_LIB) $(KRB5_BASE_LIBS) $(TCL_LIBS) $(CLNTPROG): $(OBJS) $(KADMCLNT_DEPLIBS) $(KRB5_BASE_DEPLIBS) $(CC_LINK) -o $(CLNTPROG) $(OBJS) $(TCL_MAYBE_RPATH) \ - $(KADMCLNT_LIBS) $(KRB5_BASE_LIBS) $(TCL_LIBS) + $(KRB5_PTHREAD_LIB) $(KADMCLNT_LIBS) $(KRB5_BASE_LIBS) $(TCL_LIBS) bsddb_dump: bsddb_dump.o $(CC_LINK) -o bsddb_dump bsddb_dump.o $(KADMSRV_LIBS) @@ -59,8 +60,8 @@ $(OUTPRE)tcl_ovsec_kadm.$(OBJEXT): tcl_ovsec_kadm.c \ $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \ $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/socket-utils.h \ $(SRCTOP)/include/krb5/kdb.h $(BUILDTOP)/include/kadm5/kadm_err.h \ - $(BUILDTOP)/include/kadm5/adb_err.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \ - tcl_kadm5.h + $(BUILDTOP)/include/kadm5/chpass_util_strings.h tcl_kadm5.h \ + $(BUILDTOP)/lib/kdb/adb_err.h $(OUTPRE)tcl_kadm5.$(OBJEXT): tcl_kadm5.c $(BUILDTOP)/include/kadm5/admin.h \ $(BUILDTOP)/include/gssrpc/rpc.h $(BUILDTOP)/include/gssrpc/types.h \ $(BUILDTOP)/include/gssrpc/rename.h $(BUILDTOP)/include/gssrpc/xdr.h \ @@ -74,6 +75,6 @@ $(OUTPRE)tcl_kadm5.$(OBJEXT): tcl_kadm5.c $(BUILDTOP)/include/kadm5/admin.h \ $(SRCTOP)/include/k5-thread.h $(BUILDTOP)/include/profile.h \ $(SRCTOP)/include/port-sockets.h $(BUILDTOP)/include/krb5/autoconf.h \ $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \ - $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/adb_err.h \ - $(BUILDTOP)/include/kadm5/chpass_util_strings.h tcl_kadm5.h + $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \ + $(BUILDTOP)/lib/kdb/adb_err.h tcl_kadm5.h $(OUTPRE)test.$(OBJEXT): test.c tcl_kadm5.h diff --git a/src/kadmin/testing/util/tcl_kadm5.c b/src/kadmin/testing/util/tcl_kadm5.c index a6b945277..828f207a6 100644 --- a/src/kadmin/testing/util/tcl_kadm5.c +++ b/src/kadmin/testing/util/tcl_kadm5.c @@ -11,6 +11,7 @@ #include #include #include +#include #include "tcl_kadm5.h" struct flagval { @@ -1622,12 +1623,12 @@ static int _tcl_kadm5_init_any(enum init_type init_type, ClientData clientData, ret = kadm5_init_with_creds(client_name, cc, service_name, ¶ms, struct_version, - api_version, &server_handle); + api_version, NULL, &server_handle); (void) krb5_cc_close(context, cc); } else ret = kadm5_init(client_name, pass, service_name, ¶ms, - struct_version, api_version, &server_handle); + struct_version, api_version, NULL, &server_handle); if (ret != KADM5_OK) { stash_error(interp, ret); diff --git a/src/kadmin/testing/util/tcl_ovsec_kadm.c b/src/kadmin/testing/util/tcl_ovsec_kadm.c index e67b84d5c..9aaa85023 100644 --- a/src/kadmin/testing/util/tcl_ovsec_kadm.c +++ b/src/kadmin/testing/util/tcl_ovsec_kadm.c @@ -12,6 +12,7 @@ #include #include #include "tcl_kadm5.h" +#include struct flagval { char *name; @@ -1044,7 +1045,7 @@ static int tcl_ovsec_kadm_init(ClientData clientData, Tcl_Interp *interp, } ret = ovsec_kadm_init(client_name, pass, service_name, realm, - struct_version, api_version, &server_handle); + struct_version, api_version, NULL, &server_handle); if (ret != OVSEC_KADM_OK) { stash_error(interp, ret); diff --git a/src/kdc/ChangeLog b/src/kdc/ChangeLog index bb886c120..47a6d23ac 100644 --- a/src/kdc/ChangeLog +++ b/src/kdc/ChangeLog @@ -1,3 +1,9 @@ +2005-06-20 Ken Raeburn + + Novell merge. + * Makefile.in: + * main.c: + 2005-05-13 Ken Raeburn * kerberos_v4.c: Include autoconf.h before testing diff --git a/src/kdc/Makefile.in b/src/kdc/Makefile.in index d26144dab..9b18c4e91 100644 --- a/src/kdc/Makefile.in +++ b/src/kdc/Makefile.in @@ -10,6 +10,7 @@ BUILDTOP=$(REL).. DEFINES = # -DNOCACHE RUN_SETUP = @KRB5_RUN_ENV@ PROG_LIBPATH=-L$(TOPLIBD) $(KRB4_LIBPATH) +KDB5_LIB_DEPS=-ldl -lpthread PROG_RPATH=$(KRB5_LIBDIR) FAKEKA=@FAKEKA@ @@ -68,10 +69,10 @@ kdc5_err.h: kdc5_err.et kdc5_err.o: kdc5_err.h krb5kdc: $(OBJS) $(KADMSRV_DEPLIBS) $(KRB4COMPAT_DEPLIBS) $(APPUTILS_DEPLIB) - $(CC_LINK) -o krb5kdc $(OBJS) $(KADMSRV_LIBS) $(KRB4COMPAT_LIBS) $(APPUTILS_LIB) + $(CC_LINK) -o krb5kdc $(OBJS) $(KADMSRV_LIBS) $(KDB5_LIB_DEPS) $(KRB4COMPAT_LIBS) $(APPUTILS_LIB) rtest: $(RT_OBJS) $(KDB5_DEPLIBS) $(KADM_COMM_DEPLIBS) $(KRB5_BASE_DEPLIBS) - $(CC_LINK) -o rtest $(RT_OBJS) $(KDB5_LIBS) $(KADM_COMM_LIBS) $(KRB5_BASE_LIBS) + $(CC_LINK) -o rtest $(RT_OBJS) $(KDB5_LIBS) $(KDB5_LIB_DEPS) $(KADM_COMM_LIBS) $(KRB5_BASE_LIBS) fakeka: fakeka.o $(KADMSRV_DEPLIBS) $(KRB4COMPAT_DEPLIBS) $(APPUTILS_DEPLIB) $(CC_LINK) -o fakeka fakeka.o $(KADMSRV_LIBS) $(KRB4COMPAT_LIBS) $(APPUTILS_LIB) diff --git a/src/kdc/main.c b/src/kdc/main.c index 961f3bbee..c5ecdec7a 100644 --- a/src/kdc/main.c +++ b/src/kdc/main.c @@ -147,9 +147,9 @@ finish_realm(kdc_realm_t *rdp) * realm data and we should be all set to begin operation for that realm. */ static krb5_error_code -init_realm(char *progname, kdc_realm_t *rdp, char *realm, char *def_dbname, +init_realm(char *progname, kdc_realm_t *rdp, char *realm, char *def_mpname, krb5_enctype def_enctype, char *def_udp_ports, - char *def_tcp_ports, krb5_boolean def_manual) + char *def_tcp_ports, krb5_boolean def_manual, char **db_args) { krb5_error_code kret; krb5_boolean manual; @@ -180,13 +180,6 @@ init_realm(char *progname, kdc_realm_t *rdp, char *realm, char *def_dbname, if (rparams && rparams->realm_profile) rdp->realm_profile = strdup(rparams->realm_profile); - /* Handle database name */ - if (rparams && rparams->realm_dbname) - rdp->realm_dbname = strdup(rparams->realm_dbname); - else - rdp->realm_dbname = (def_dbname) ? strdup(def_dbname) : - strdup(DEFAULT_KDB_FILE); - /* Handle master key name */ if (rparams && rparams->realm_mkey_name) rdp->realm_mpname = strdup(rparams->realm_mkey_name); @@ -245,6 +238,17 @@ init_realm(char *progname, kdc_realm_t *rdp, char *realm, char *def_dbname, goto whoops; } + /* first open the database before doing anything */ +#ifdef KRBCONF_KDC_MODIFIES_KDB + if ((kret = krb5_db_open(rdp->realm_context, db_args, KRB5_KDB_OPEN_RW))) { +#else + if ((kret = krb5_db_open(rdp->realm_context, db_args, KRB5_KDB_OPEN_RO))) { +#endif + com_err(progname, kret, + "while initializing database for realm %s", realm); + goto whoops; + } + /* Assemble and parse the master key name */ if ((kret = krb5_db_setup_mkey_name(rdp->realm_context, rdp->realm_mpname, rdp->realm_name, (char **) NULL, @@ -268,20 +272,6 @@ init_realm(char *progname, kdc_realm_t *rdp, char *realm, char *def_dbname, goto whoops; } - /* Set and open the database. */ - if (rdp->realm_dbname && - (kret = krb5_db_set_name(rdp->realm_context, rdp->realm_dbname))) { - com_err(progname, kret, - "while setting database name to %s for realm %s", - rdp->realm_dbname, realm); - goto whoops; - } - if ((kret = krb5_db_init(rdp->realm_context))) { - com_err(progname, kret, - "while initializing database for realm %s", realm); - goto whoops; - } - /* Verify the master key */ if ((kret = krb5_db_verify_master_key(rdp->realm_context, rdp->realm_mprinc, @@ -408,7 +398,10 @@ setup_sam(void) void usage(char *name) { - fprintf(stderr, "usage: %s [-d dbpathname] [-r dbrealmname] [-R replaycachename ]\n\t[-m] [-k masterenctype] [-M masterkeyname] [-p port] [-4 v4mode] [-X] [-n]\n", name); + fprintf(stderr, "usage: %s [-x db_args]* [-d dbpathname] [-r dbrealmname] [-R replaycachename ]\n\t[-m] [-k masterenctype] [-M masterkeyname] [-p port] [-4 v4mode] [-X] [-n]\n" + "\nwhere,\n\t[-x db_args]* - any number of database specific arguments.\n" + "\t\t\tLook at each database documentation for supported arguments\n", + name); return; } @@ -428,6 +421,9 @@ initialize_realms(krb5_context kcontext, int argc, char **argv) char *default_tcp_ports = 0; krb5_pointer aprof; const char *hierarchy[3]; + char **db_args = NULL; + int db_args_size = 0; + #ifdef KRB5_KRB4_COMPAT char *v4mode = 0; #endif @@ -459,26 +455,77 @@ initialize_realms(krb5_context kcontext, int argc, char **argv) * Loop through the option list. Each time we encounter a realm name, * use the previously scanned options to fill in for defaults. */ - while ((c = getopt(argc, argv, "r:d:mM:k:R:e:p:s:n4:X3")) != -1) { + while ((c = getopt(argc, argv, "x:r:d:mM:k:R:e:p:s:n4:X3")) != -1) { switch(c) { + case 'x': + db_args_size++; + { + char **temp = realloc( db_args, sizeof(char*) * (db_args_size+1)); /* one for NULL */ + if( temp == NULL ) + { + fprintf(stderr,"%s: KDC cannot initialize. Not enough memory\n", + argv[0]); + exit(1); + } + + db_args = temp; + } + db_args[db_args_size-1] = optarg; + db_args[db_args_size] = NULL; + break; + case 'r': /* realm name for db */ if (!find_realm_data(optarg, (krb5_ui_4) strlen(optarg))) { if ((rdatap = (kdc_realm_t *) malloc(sizeof(kdc_realm_t)))) { - if ((retval = init_realm(argv[0], rdatap, optarg, db_name, + if ((retval = init_realm(argv[0], rdatap, optarg, mkey_name, menctype, default_udp_ports, - default_tcp_ports, manual))) { + default_tcp_ports, manual, db_args))) { fprintf(stderr,"%s: cannot initialize realm %s - see log file for details\n", argv[0], optarg); exit(1); } kdc_realmlist[kdc_numrealms] = rdatap; kdc_numrealms++; + free(db_args), db_args=NULL, db_args_size = 0; + } + else + { + fprintf(stderr,"%s: cannot initialize realm %s. Not enough memory\n", + argv[0], optarg); + exit(1); } } break; case 'd': /* pathname for db */ - db_name = optarg; + /* now db_name is not a seperate argument. It has to be passed as part of the db_args */ + if( db_name == NULL ) + { + db_name = malloc(1025); + if( db_name == NULL ) + { + fprintf(stderr,"%s: KDC cannot initialize. Not enough memory\n", + argv[0] ); + exit(1); + } + + sprintf( db_name, "dbname=%s", optarg); + } + + db_args_size++; + { + char **temp = realloc( db_args, sizeof(char*) * (db_args_size+1)); /* one for NULL */ + if( temp == NULL ) + { + fprintf(stderr,"%s: KDC cannot initialize. Not enough memory\n", + argv[0]); + exit(1); + } + + db_args = temp; + } + db_args[db_args_size-1] = db_name; + db_args[db_args_size] = NULL; break; case 'm': /* manual type-in of master key */ manual = TRUE; @@ -547,9 +594,9 @@ initialize_realms(krb5_context kcontext, int argc, char **argv) exit(1); } if ((rdatap = (kdc_realm_t *) malloc(sizeof(kdc_realm_t)))) { - if ((retval = init_realm(argv[0], rdatap, lrealm, db_name, + if ((retval = init_realm(argv[0], rdatap, lrealm, mkey_name, menctype, default_udp_ports, - default_tcp_ports, manual))) { + default_tcp_ports, manual, db_args))) { fprintf(stderr,"%s: cannot initialize realm %s - see log file for details\n", argv[0], lrealm); exit(1); @@ -576,6 +623,10 @@ initialize_realms(krb5_context kcontext, int argc, char **argv) free(default_udp_ports); if (default_tcp_ports) free(default_tcp_ports); + if (db_args) + free(db_args); + if (db_name) + free(db_name); return; } diff --git a/src/krb524/ChangeLog b/src/krb524/ChangeLog index 0dea38dd6..7e404b482 100644 --- a/src/krb524/ChangeLog +++ b/src/krb524/ChangeLog @@ -1,3 +1,9 @@ +2005-06-20 Ken Raeburn + + Novell merge. + * Makefile.in: + * krb524d.c: + 2004-09-08 Tom Yu * Makefile.in (install-unix): Install krb524d manpage. diff --git a/src/krb524/Makefile.in b/src/krb524/Makefile.in index 31c95f1df..acbfb0da5 100644 --- a/src/krb524/Makefile.in +++ b/src/krb524/Makefile.in @@ -2,6 +2,8 @@ thisconfigdir=.. myfulldir=krb524 mydir=krb524 BUILDTOP=$(REL).. +KDB_DEP_LIB=-ldl -lpthread + # Copyright 1994 by OpenVision Technologies, Inc. # # Permission to use, copy, modify, distribute, and sell this software @@ -78,7 +80,7 @@ SERVER_OBJS= krb524d.o cnv_tkt_skey.o conv_princ.o CLIENT_OBJS= $(OUTPRE)k524init.$(OBJEXT) krb524d: $(SERVER_OBJS) $(KADMSRV_DEPLIBS) $(KRB5_DEPLIB) $(KRB4COMPAT_DEPLIBS) $(APPUTILS_DEPLIB) - $(CC_LINK) -o krb524d $(SERVER_OBJS) $(KADMSRV_LIBS) $(KRB5_LIB) $(KRB4COMPAT_LIBS) $(APPUTILS_LIB) + $(CC_LINK) -o krb524d $(SERVER_OBJS) $(KADMSRV_LIBS) $(KDB_DEP_LIB) $(KRB5_LIB) $(KRB4COMPAT_LIBS) $(APPUTILS_LIB) k524init: $(CLIENT_OBJS) $(KRB5_DEPLIB) $(KRB4COMPAT_DEPLIBS) $(CC_LINK) -o k524init $(CLIENT_OBJS) $(KRB5_LIB) $(KRB4COMPAT_LIBS) @@ -146,8 +148,8 @@ $(OUTPRE)krb524d.$(OBJEXT): krb524d.c $(BUILDTOP)/include/krb5.h \ $(SRCTOP)/include/k5-thread.h $(BUILDTOP)/include/profile.h \ $(SRCTOP)/include/port-sockets.h $(BUILDTOP)/include/krb5/autoconf.h \ $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \ - $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/adb_err.h \ - $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(SRCTOP)/include/krb5/adm_proto.h \ - $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h \ - $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h krb524d.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/kerberosIV/krb.h + $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \ + $(SRCTOP)/include/krb5/adm_proto.h $(SRCTOP)/include/kerberosIV/krb.h \ + $(SRCTOP)/include/kerberosIV/des.h $(KRB_ERR_H_DEP) \ + $(BUILDTOP)/include/profile.h krb524d.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/kerberosIV/krb.h diff --git a/src/krb524/krb524d.c b/src/krb524/krb524d.c index 5b3641bcc..f126641b4 100644 --- a/src/krb524/krb524d.c +++ b/src/krb524/krb524d.c @@ -313,7 +313,7 @@ void init_master(context, params) use_master = 0; if ((ret = kadm5_init(whoami, NULL, KADM5_ADMIN_SERVICE, params, - KADM5_STRUCT_VERSION, KADM5_API_VERSION_2, + KADM5_STRUCT_VERSION, KADM5_API_VERSION_2, NULL, &handle))) { com_err(whoami, ret, "initializing kadm5 library"); cleanup_and_exit(1, context); diff --git a/src/lib/ChangeLog b/src/lib/ChangeLog index 4ef1d3109..dec6650ae 100644 --- a/src/lib/ChangeLog +++ b/src/lib/ChangeLog @@ -1,3 +1,10 @@ +2005-06-20 Ken Raeburn + + Novell merge. + * Makefile.in: + (LOCAL_SUBDIRS): Build kdb after rpc. + * krb5.saber.source: Deleted. + 2005-04-22 Jeffrey Altman * win_glue.c: Remove calls to WSAStartup/WSACleanup because diff --git a/src/lib/Makefile.in b/src/lib/Makefile.in index 67867c777..3e34ef0ef 100644 --- a/src/lib/Makefile.in +++ b/src/lib/Makefile.in @@ -1,7 +1,7 @@ thisconfigdir=./.. myfulldir=lib mydir=lib -LOCAL_SUBDIRS=crypto krb5 des425 @KRB4@ kdb gssapi rpc kadm5 apputils +LOCAL_SUBDIRS=crypto krb5 des425 @KRB4@ gssapi rpc kdb kadm5 apputils BUILDTOP=$(REL).. all-unix:: diff --git a/src/lib/kadm5/ChangeLog b/src/lib/kadm5/ChangeLog index 96b6dbc96..cb3f14b65 100644 --- a/src/lib/kadm5/ChangeLog +++ b/src/lib/kadm5/ChangeLog @@ -1,3 +1,16 @@ +2005-06-20 Ken Raeburn + + Novell merge. + * Makefile.in: + * adb_err.et: + * admin.h: + * admin_xdr.h: + * kadm_err.et: + * kadm_rpc.h: + * kadm_rpc_xdr.c: + * ovsec_glue.c: + * server_internal.h: + 2005-04-19 Ken Raeburn * configure.in: Don't invoke AC_CANONICAL_HOST explicitly, diff --git a/src/lib/kadm5/Makefile.in b/src/lib/kadm5/Makefile.in index 79847e982..fe8384c99 100644 --- a/src/lib/kadm5/Makefile.in +++ b/src/lib/kadm5/Makefile.in @@ -7,20 +7,16 @@ LOCAL_SUBDIRS = clnt srv unit-test ##DOSBUILDTOP = ..\.. kadm_err.$(OBJEXT): kadm_err.c -adb_err.$(OBJEXT): adb_err.c chpass_util_strings.$(OBJEXT): chpass_util_strings.c kadm_err.c kadm_err.h: $(srcdir)/kadm_err.et -adb_err.c adb_err.h: $(srcdir)/adb_err.et chpass_util_strings.c chpass_util_strings.h: $(srcdir)/chpass_util_strings.et clean:: $(RM) kadm_err.c kadm_err.h kadm_err.o - $(RM) adb_err.c adb_err.h adb_err.o $(RM) chpass_util_strings.c chpass_util_strings.h chpass_util_strings.o SRCS = kadm_err.c \ - adb_err.c \ chpass_util_strings.c \ $(srcdir)/ovsec_glue.c \ $(srcdir)/misc_free.c \ @@ -31,7 +27,6 @@ SRCS = kadm_err.c \ $(srcdir)/logger.c OBJS = kadm_err.$(OBJEXT) \ - adb_err.$(OBJEXT) \ chpass_util_strings.$(OBJEXT) \ ovsec_glue.$(OBJEXT) \ misc_free.$(OBJEXT) \ @@ -43,7 +38,6 @@ OBJS = kadm_err.$(OBJEXT) \ STLIBOBJS = \ kadm_err.o \ - adb_err.o \ chpass_util_strings.o \ ovsec_glue.o \ misc_free.o \ @@ -54,18 +48,16 @@ STLIBOBJS = \ logger.o HDRDIR=$(BUILDTOP)/include/kadm5 -HDRS = $(HDRDIR)/adb.h \ - $(HDRDIR)/admin.h \ +HDRS = $(HDRDIR)/admin.h \ $(HDRDIR)/admin_internal.h \ $(HDRDIR)/admin_xdr.h \ $(HDRDIR)/kadm_rpc.h \ $(HDRDIR)/server_internal.h \ - $(HDRDIR)/adb_err.h \ $(HDRDIR)/chpass_util_strings.h \ $(HDRDIR)/kadm_err.h -BUILD_HDRS = adb_err.h chpass_util_strings.h kadm_err.h -SRC_HDRS = adb.h admin.h admin_internal.h admin_xdr.h kadm_rpc.h \ +BUILD_HDRS = chpass_util_strings.h kadm_err.h +SRC_HDRS = admin.h admin_internal.h admin_xdr.h kadm_rpc.h \ server_internal.h $(HDRS): includes @@ -112,8 +104,6 @@ clean-windows:: # kadm_err.so kadm_err.po $(OUTPRE)kadm_err.$(OBJEXT): \ kadm_err.c $(COM_ERR_DEPS) -adb_err.so adb_err.po $(OUTPRE)adb_err.$(OBJEXT): adb_err.c \ - $(COM_ERR_DEPS) chpass_util_strings.so chpass_util_strings.po $(OUTPRE)chpass_util_strings.$(OBJEXT): \ chpass_util_strings.c $(COM_ERR_DEPS) ovsec_glue.so ovsec_glue.po $(OUTPRE)ovsec_glue.$(OBJEXT): \ @@ -130,7 +120,7 @@ ovsec_glue.so ovsec_glue.po $(OUTPRE)ovsec_glue.$(OBJEXT): \ $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \ $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/socket-utils.h \ $(SRCTOP)/include/krb5/kdb.h $(BUILDTOP)/include/kadm5/kadm_err.h \ - $(BUILDTOP)/include/kadm5/adb_err.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h + $(BUILDTOP)/include/kadm5/chpass_util_strings.h misc_free.so misc_free.po $(OUTPRE)misc_free.$(OBJEXT): \ misc_free.c $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/gssrpc/rpc.h \ $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/gssrpc/rename.h \ @@ -145,9 +135,8 @@ misc_free.so misc_free.po $(OUTPRE)misc_free.$(OBJEXT): \ $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \ $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/socket-utils.h \ $(SRCTOP)/include/krb5/kdb.h $(BUILDTOP)/include/kadm5/kadm_err.h \ - $(BUILDTOP)/include/kadm5/adb_err.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \ - server_internal.h $(SRCTOP)/include/krb5/kdb.h admin_internal.h \ - adb.h $(DB_DEPS) + $(BUILDTOP)/include/kadm5/chpass_util_strings.h server_internal.h \ + $(SRCTOP)/include/krb5/kdb.h admin_internal.h kadm_rpc_xdr.so kadm_rpc_xdr.po $(OUTPRE)kadm_rpc_xdr.$(OBJEXT): \ kadm_rpc_xdr.c $(BUILDTOP)/include/gssrpc/rpc.h $(BUILDTOP)/include/gssrpc/types.h \ $(BUILDTOP)/include/gssrpc/rename.h $(BUILDTOP)/include/gssrpc/xdr.h \ @@ -162,9 +151,10 @@ kadm_rpc_xdr.so kadm_rpc_xdr.po $(OUTPRE)kadm_rpc_xdr.$(OBJEXT): \ $(SRCTOP)/include/port-sockets.h $(BUILDTOP)/include/krb5/autoconf.h \ $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \ $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/kadm_err.h \ - $(BUILDTOP)/include/kadm5/adb_err.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \ - $(BUILDTOP)/include/kadm5/kadm_rpc.h $(BUILDTOP)/include/kadm5/admin_xdr.h \ - $(BUILDTOP)/include/kadm5/kadm_rpc.h + $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_rpc.h \ + $(BUILDTOP)/include/kadm5/admin_xdr.h $(BUILDTOP)/include/kadm5/kadm_rpc.h \ + $(BUILDTOP)/include/kadm5/server_internal.h $(SRCTOP)/include/krb5/kdb.h \ + $(BUILDTOP)/include/kadm5/admin_internal.h chpass_util.so chpass_util.po $(OUTPRE)chpass_util.$(OBJEXT): \ chpass_util.c $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/gssrpc/rpc.h \ $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/gssrpc/rename.h \ @@ -179,8 +169,7 @@ chpass_util.so chpass_util.po $(OUTPRE)chpass_util.$(OBJEXT): \ $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \ $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/socket-utils.h \ $(SRCTOP)/include/krb5/kdb.h $(BUILDTOP)/include/kadm5/kadm_err.h \ - $(BUILDTOP)/include/kadm5/adb_err.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \ - admin_internal.h + $(BUILDTOP)/include/kadm5/chpass_util_strings.h admin_internal.h alt_prof.so alt_prof.po $(OUTPRE)alt_prof.$(OBJEXT): \ alt_prof.c $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/krb5/osconf.h \ $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/k5-platform.h \ @@ -196,8 +185,7 @@ alt_prof.so alt_prof.po $(OUTPRE)alt_prof.$(OBJEXT): \ $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/svc_auth.h \ $(BUILDTOP)/include/gssrpc/svc.h $(BUILDTOP)/include/krb5.h \ $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/kadm5/kadm_err.h \ - $(BUILDTOP)/include/kadm5/adb_err.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \ - $(SRCTOP)/include/krb5/adm_proto.h + $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(SRCTOP)/include/krb5/adm_proto.h str_conv.so str_conv.po $(OUTPRE)str_conv.$(OBJEXT): \ str_conv.c $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/krb5/osconf.h \ $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/k5-platform.h \ @@ -213,8 +201,8 @@ str_conv.so str_conv.po $(OUTPRE)str_conv.$(OBJEXT): \ $(BUILDTOP)/include/gssrpc/auth_gss.h $(BUILDTOP)/include/gssapi/gssapi.h \ $(BUILDTOP)/include/gssrpc/svc_auth.h $(BUILDTOP)/include/gssrpc/svc.h \ $(BUILDTOP)/include/krb5.h $(SRCTOP)/include/k5-int.h \ - $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/adb_err.h \ - $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(SRCTOP)/include/krb5/adm_proto.h + $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \ + $(SRCTOP)/include/krb5/adm_proto.h logger.so logger.po $(OUTPRE)logger.$(OBJEXT): logger.c \ $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/krb5/osconf.h \ $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/k5-platform.h \ diff --git a/src/lib/kadm5/admin.h b/src/lib/kadm5/admin.h index 4051601ec..a70e90b4e 100644 --- a/src/lib/kadm5/admin.h +++ b/src/lib/kadm5/admin.h @@ -43,7 +43,6 @@ #include #include #include -#include #include #define KADM5_ADMIN_SERVICE "kadmin/admin" @@ -204,11 +203,6 @@ typedef struct _kadm5_policy_ent_t { long policy_refcnt; } kadm5_policy_ent_rec, *kadm5_policy_ent_t; -typedef struct __krb5_key_salt_tuple { - krb5_enctype ks_enctype; - krb5_int32 ks_salttype; -} krb5_key_salt_tuple; - /* * Data structure returned by kadm5_get_config_params() */ @@ -304,6 +298,7 @@ kadm5_ret_t kadm5_init(char *client_name, char *pass, #endif krb5_ui_4 struct_version, krb5_ui_4 api_version, + char **db_args, void **server_handle); kadm5_ret_t kadm5_init_with_password(char *client_name, char *pass, @@ -315,6 +310,7 @@ kadm5_ret_t kadm5_init_with_password(char *client_name, #endif krb5_ui_4 struct_version, krb5_ui_4 api_version, + char **db_args, void **server_handle); kadm5_ret_t kadm5_init_with_skey(char *client_name, char *keytab, @@ -326,6 +322,7 @@ kadm5_ret_t kadm5_init_with_skey(char *client_name, #endif krb5_ui_4 struct_version, krb5_ui_4 api_version, + char **db_args, void **server_handle); #if USE_KADM5_API_VERSION > 1 kadm5_ret_t kadm5_init_with_creds(char *client_name, @@ -334,6 +331,7 @@ kadm5_ret_t kadm5_init_with_creds(char *client_name, kadm5_config_params *params, krb5_ui_4 struct_version, krb5_ui_4 api_version, + char **db_args, void **server_handle); #endif kadm5_ret_t kadm5_lock(void *server_handle); @@ -594,6 +592,7 @@ ovsec_kadm_ret_t ovsec_kadm_init(char *client_name, char *pass, char *service_name, char *realm, krb5_ui_4 struct_version, krb5_ui_4 api_version, + char **db_args, void **server_handle); ovsec_kadm_ret_t ovsec_kadm_init_with_password(char *client_name, char *pass, @@ -601,6 +600,7 @@ ovsec_kadm_ret_t ovsec_kadm_init_with_password(char *client_name, char *realm, krb5_ui_4 struct_version, krb5_ui_4 api_version, + char ** db_args, void **server_handle); ovsec_kadm_ret_t ovsec_kadm_init_with_skey(char *client_name, char *keytab, @@ -608,6 +608,7 @@ ovsec_kadm_ret_t ovsec_kadm_init_with_skey(char *client_name, char *realm, krb5_ui_4 struct_version, krb5_ui_4 api_version, + char **db_args, void **server_handle); ovsec_kadm_ret_t ovsec_kadm_flush(void *server_handle); ovsec_kadm_ret_t ovsec_kadm_destroy(void *server_handle); diff --git a/src/lib/kadm5/admin_xdr.h b/src/lib/kadm5/admin_xdr.h index 305502541..05d1a7ea6 100644 --- a/src/lib/kadm5/admin_xdr.h +++ b/src/lib/kadm5/admin_xdr.h @@ -7,6 +7,7 @@ #include #include "kadm_rpc.h" +#include "server_internal.h" bool_t xdr_ui_4(XDR *xdrs, krb5_ui_4 *objp); bool_t xdr_nullstring(XDR *xdrs, char **objp); @@ -59,3 +60,5 @@ bool_t xdr_krb5_int32(XDR *xdrs, krb5_int32 *objp); bool_t xdr_krb5_enctype(XDR *xdrs, krb5_enctype *objp); bool_t xdr_krb5_salttype(XDR *xdrs, krb5_int32 *objp); bool_t xdr_krb5_keyblock(XDR *xdrs, krb5_keyblock *objp); +bool_t xdr_krb5_key_data(XDR *xdrs, krb5_key_data *objp); +bool_t xdr_osa_pw_hist_ent(XDR *xdrs, osa_pw_hist_ent *objp); diff --git a/src/lib/kadm5/clnt/ChangeLog b/src/lib/kadm5/clnt/ChangeLog index fc2dfca2e..a296c1e7d 100644 --- a/src/lib/kadm5/clnt/ChangeLog +++ b/src/lib/kadm5/clnt/ChangeLog @@ -1,3 +1,14 @@ +2005-06-20 Ken Raeburn + + Novell merge. + * Makefile.in: + * client_init.c: + * client_principal.c: + * clnt_policy.c: + * clnt_privs.c: + * err_handle.c: + * err_handle.h: + 2005-02-11 Tom Yu * client_init.c (kadm5_get_init_creds, kadm5_gic_iter) diff --git a/src/lib/kadm5/clnt/Makefile.in b/src/lib/kadm5/clnt/Makefile.in index f4ed9db74..449d75378 100644 --- a/src/lib/kadm5/clnt/Makefile.in +++ b/src/lib/kadm5/clnt/Makefile.in @@ -27,6 +27,7 @@ SRCS = $(srcdir)/clnt_policy.c \ $(srcdir)/client_principal.c \ $(srcdir)/client_init.c \ $(srcdir)/clnt_privs.c \ + $(srcdir)/err_handle.c \ $(srcdir)/clnt_chpass_util.c OBJS = \ @@ -35,6 +36,7 @@ OBJS = \ client_principal.$(OBJEXT) \ client_init.$(OBJEXT) \ clnt_privs.$(OBJEXT) \ + err_handle.$(OBJEXT) \ clnt_chpass_util.$(OBJEXT) STLIBOBJS = \ @@ -43,8 +45,11 @@ STLIBOBJS = \ client_principal.o \ client_init.o \ clnt_privs.o \ + err_handle.o \ clnt_chpass_util.o +err_handle.o : err_handle.h err_handle.c + all-unix:: includes all-unix:: all-liblinks all-windows:: $(OBJS) @@ -91,9 +96,9 @@ clnt_policy.so clnt_policy.po $(OUTPRE)clnt_policy.$(OBJEXT): \ $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \ $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/socket-utils.h \ $(SRCTOP)/include/krb5/kdb.h $(BUILDTOP)/include/kadm5/kadm_err.h \ - $(BUILDTOP)/include/kadm5/adb_err.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \ - $(BUILDTOP)/include/kadm5/kadm_rpc.h client_internal.h \ - $(BUILDTOP)/include/kadm5/admin_internal.h + $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_rpc.h \ + client_internal.h $(BUILDTOP)/include/kadm5/admin_internal.h \ + err_handle.h client_rpc.so client_rpc.po $(OUTPRE)client_rpc.$(OBJEXT): \ client_rpc.c $(BUILDTOP)/include/gssrpc/rpc.h $(BUILDTOP)/include/gssrpc/types.h \ $(BUILDTOP)/include/gssrpc/rename.h $(BUILDTOP)/include/gssrpc/xdr.h \ @@ -108,8 +113,7 @@ client_rpc.so client_rpc.po $(OUTPRE)client_rpc.$(OBJEXT): \ $(SRCTOP)/include/k5-thread.h $(BUILDTOP)/include/profile.h \ $(SRCTOP)/include/port-sockets.h $(BUILDTOP)/include/krb5/autoconf.h \ $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \ - $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/adb_err.h \ - $(BUILDTOP)/include/kadm5/chpass_util_strings.h + $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h client_principal.so client_principal.po $(OUTPRE)client_principal.$(OBJEXT): \ client_principal.c $(BUILDTOP)/include/gssrpc/rpc.h \ $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/gssrpc/rename.h \ @@ -124,9 +128,9 @@ client_principal.so client_principal.po $(OUTPRE)client_principal.$(OBJEXT): \ $(SRCTOP)/include/k5-thread.h $(BUILDTOP)/include/profile.h \ $(SRCTOP)/include/port-sockets.h $(BUILDTOP)/include/krb5/autoconf.h \ $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \ - $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/adb_err.h \ - $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_rpc.h \ - client_internal.h $(BUILDTOP)/include/kadm5/admin_internal.h + $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \ + $(BUILDTOP)/include/kadm5/kadm_rpc.h client_internal.h \ + $(BUILDTOP)/include/kadm5/admin_internal.h err_handle.h client_init.so client_init.po $(OUTPRE)client_init.$(OBJEXT): \ client_init.c $(COM_ERR_DEPS) $(BUILDTOP)/include/krb5.h \ $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/krb5/osconf.h \ @@ -141,10 +145,10 @@ client_init.so client_init.po $(OUTPRE)client_init.$(OBJEXT): \ $(BUILDTOP)/include/gssrpc/rpc_msg.h $(BUILDTOP)/include/gssrpc/auth_unix.h \ $(BUILDTOP)/include/gssrpc/auth_gss.h $(BUILDTOP)/include/gssapi/gssapi.h \ $(BUILDTOP)/include/gssrpc/svc_auth.h $(BUILDTOP)/include/gssrpc/svc.h \ - $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/adb_err.h \ - $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_rpc.h \ - client_internal.h $(BUILDTOP)/include/kadm5/admin_internal.h \ - $(BUILDTOP)/include/gssapi/gssapi_krb5.h $(BUILDTOP)/include/gssrpc/auth_gssapi.h + $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \ + $(BUILDTOP)/include/kadm5/kadm_rpc.h client_internal.h \ + $(BUILDTOP)/include/kadm5/admin_internal.h $(BUILDTOP)/include/gssapi/gssapi_krb5.h \ + $(BUILDTOP)/include/gssrpc/auth_gssapi.h clnt_privs.so clnt_privs.po $(OUTPRE)clnt_privs.$(OBJEXT): \ clnt_privs.c $(BUILDTOP)/include/gssrpc/rpc.h $(BUILDTOP)/include/gssrpc/types.h \ $(BUILDTOP)/include/gssrpc/rename.h $(BUILDTOP)/include/gssrpc/xdr.h \ @@ -159,9 +163,17 @@ clnt_privs.so clnt_privs.po $(OUTPRE)clnt_privs.$(OBJEXT): \ $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \ $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/socket-utils.h \ $(SRCTOP)/include/krb5/kdb.h $(BUILDTOP)/include/kadm5/kadm_err.h \ - $(BUILDTOP)/include/kadm5/adb_err.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \ - $(BUILDTOP)/include/kadm5/kadm_rpc.h client_internal.h \ - $(BUILDTOP)/include/kadm5/admin_internal.h + $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_rpc.h \ + client_internal.h $(BUILDTOP)/include/kadm5/admin_internal.h \ + err_handle.h +err_handle.so err_handle.po $(OUTPRE)err_handle.$(OBJEXT): \ + err_handle.c err_handle.h $(SRCTOP)/include/k5-int.h \ + $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \ + $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5/autoconf.h \ + $(SRCTOP)/include/k5-thread.h $(BUILDTOP)/include/krb5.h \ + $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \ + $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/socket-utils.h \ + $(SRCTOP)/include/krb5/kdb.h clnt_chpass_util.so clnt_chpass_util.po $(OUTPRE)clnt_chpass_util.$(OBJEXT): \ clnt_chpass_util.c $(BUILDTOP)/include/kadm5/admin.h \ $(BUILDTOP)/include/gssrpc/rpc.h $(BUILDTOP)/include/gssrpc/types.h \ @@ -176,6 +188,5 @@ clnt_chpass_util.so clnt_chpass_util.po $(OUTPRE)clnt_chpass_util.$(OBJEXT): \ $(SRCTOP)/include/k5-thread.h $(BUILDTOP)/include/profile.h \ $(SRCTOP)/include/port-sockets.h $(BUILDTOP)/include/krb5/autoconf.h \ $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \ - $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/adb_err.h \ - $(BUILDTOP)/include/kadm5/chpass_util_strings.h client_internal.h \ - $(BUILDTOP)/include/kadm5/admin_internal.h + $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \ + client_internal.h $(BUILDTOP)/include/kadm5/admin_internal.h diff --git a/src/lib/kadm5/clnt/client_init.c b/src/lib/kadm5/clnt/client_init.c index f1031548f..cf5638e46 100644 --- a/src/lib/kadm5/clnt/client_init.c +++ b/src/lib/kadm5/clnt/client_init.c @@ -65,6 +65,7 @@ static kadm5_ret_t _kadm5_init_any(char *client_name, kadm5_config_params *params, krb5_ui_4 struct_version, krb5_ui_4 api_version, + char **db_args, void **server_handle); static kadm5_ret_t @@ -99,11 +100,12 @@ kadm5_ret_t kadm5_init_with_creds(char *client_name, kadm5_config_params *params, krb5_ui_4 struct_version, krb5_ui_4 api_version, + char **db_args, void **server_handle) { return _kadm5_init_any(client_name, INIT_CREDS, NULL, ccache, service_name, params, - struct_version, api_version, + struct_version, api_version, db_args, server_handle); } @@ -113,11 +115,12 @@ kadm5_ret_t kadm5_init_with_password(char *client_name, char *pass, kadm5_config_params *params, krb5_ui_4 struct_version, krb5_ui_4 api_version, + char **db_args, void **server_handle) { return _kadm5_init_any(client_name, INIT_PASS, pass, NULL, service_name, params, struct_version, - api_version, server_handle); + api_version, db_args, server_handle); } kadm5_ret_t kadm5_init(char *client_name, char *pass, @@ -125,11 +128,12 @@ kadm5_ret_t kadm5_init(char *client_name, char *pass, kadm5_config_params *params, krb5_ui_4 struct_version, krb5_ui_4 api_version, + char **db_args, void **server_handle) { return _kadm5_init_any(client_name, INIT_PASS, pass, NULL, service_name, params, struct_version, - api_version, server_handle); + api_version, db_args, server_handle); } kadm5_ret_t kadm5_init_with_skey(char *client_name, char *keytab, @@ -137,11 +141,12 @@ kadm5_ret_t kadm5_init_with_skey(char *client_name, char *keytab, kadm5_config_params *params, krb5_ui_4 struct_version, krb5_ui_4 api_version, + char **db_args, void **server_handle) { return _kadm5_init_any(client_name, INIT_SKEY, keytab, NULL, service_name, params, struct_version, - api_version, server_handle); + api_version, db_args, server_handle); } static kadm5_ret_t _kadm5_init_any(char *client_name, @@ -152,6 +157,7 @@ static kadm5_ret_t _kadm5_init_any(char *client_name, kadm5_config_params *params_in, krb5_ui_4 struct_version, krb5_ui_4 api_version, + char **db_args, void **server_handle) { struct sockaddr_in addr; @@ -168,7 +174,7 @@ static kadm5_ret_t _kadm5_init_any(char *client_name, generic_ret *r; initialize_ovk_error_table(); - initialize_adb_error_table(); +/* initialize_adb_error_table(); */ initialize_ovku_error_table(); if (! server_handle) { diff --git a/src/lib/kadm5/clnt/client_principal.c b/src/lib/kadm5/clnt/client_principal.c index 972a7b321..eb2248325 100644 --- a/src/lib/kadm5/clnt/client_principal.c +++ b/src/lib/kadm5/clnt/client_principal.c @@ -15,6 +15,7 @@ static char *rcsid = "$Header$"; #include #endif #include "client_internal.h" +#include "err_handle.h" #ifdef DEBUG #define eret() do { clnt_perror(handle->clnt, "null ret"); return KADM5_RPC_ERROR; } while (0) @@ -254,6 +255,11 @@ kadm5_get_principal(void *server_handle, memcpy(ent, &r->rec, sizeof(r->rec)); } + + if(r->code) + { + krb5_set_err( handle->context, krb5_err_have_str, r->code, r->err_str ); + } return r->code; } @@ -282,6 +288,10 @@ kadm5_get_principals(void *server_handle, *princs = NULL; } + if(r->code) + { + krb5_set_err( handle->context, krb5_err_have_str, r->code, r->err_str ); + } return r->code; } @@ -483,6 +493,11 @@ kadm5_randkey_principal_3(void *server_handle, } } + if(r->code) + { + krb5_set_err( handle->context, krb5_err_have_str, r->code, r->err_str ); + } + return r->code; } @@ -531,6 +546,11 @@ kadm5_randkey_principal(void *server_handle, } } + if(r->code) + { + krb5_set_err( handle->context, krb5_err_have_str, r->code, r->err_str ); + } + return r->code; } diff --git a/src/lib/kadm5/clnt/clnt_policy.c b/src/lib/kadm5/clnt/clnt_policy.c index 182b2d9e7..55bef4af7 100644 --- a/src/lib/kadm5/clnt/clnt_policy.c +++ b/src/lib/kadm5/clnt/clnt_policy.c @@ -14,6 +14,7 @@ static char *rcsid = "$Header$"; #include "client_internal.h" #include #include +#include "err_handle.h" kadm5_ret_t kadm5_create_policy(void *server_handle, @@ -34,6 +35,11 @@ kadm5_create_policy(void *server_handle, r = create_policy_1(&arg, handle->clnt); if(r == NULL) return KADM5_RPC_ERROR; + + if(r->code) + { + krb5_set_err( handle->context, krb5_err_have_str, r->code, r->err_str ); + } return r->code; } @@ -55,6 +61,11 @@ kadm5_delete_policy(void *server_handle, char *name) r = delete_policy_1(&arg, handle->clnt); if(r == NULL) return KADM5_RPC_ERROR; + + if(r->code) + { + krb5_set_err( handle->context, krb5_err_have_str, r->code, r->err_str ); + } return r->code; } @@ -78,6 +89,11 @@ kadm5_modify_policy(void *server_handle, r = modify_policy_1(&arg, handle->clnt); if(r == NULL) return KADM5_RPC_ERROR; + + if(r->code) + { + krb5_set_err( handle->context, krb5_err_have_str, r->code, r->err_str ); + } return r->code; } @@ -116,6 +132,10 @@ kadm5_get_policy(void *server_handle, char *name, kadm5_policy_ent_t ent) memcpy(ent, &r->rec, sizeof(r->rec)); } + if(r->code) + { + krb5_set_err( handle->context, krb5_err_have_str, r->code, r->err_str ); + } return r->code; } @@ -144,5 +164,9 @@ kadm5_get_policies(void *server_handle, *pols = NULL; } + if(r->code) + { + krb5_set_err( handle->context, krb5_err_have_str, r->code, r->err_str ); + } return r->code; } diff --git a/src/lib/kadm5/clnt/clnt_privs.c b/src/lib/kadm5/clnt/clnt_privs.c index 0452f72e0..497feea5d 100644 --- a/src/lib/kadm5/clnt/clnt_privs.c +++ b/src/lib/kadm5/clnt/clnt_privs.c @@ -5,6 +5,15 @@ * $Source$ * * $Log$ + * Revision 1.3 2005/06/21 01:35:56 raeburn + * Novell Database Abstraction Layer merge. + * Will probably break things. + * + * Revision 1.2.26.1 2005/06/17 21:11:24 raeburn + * Initial checkin of Novell Database Abstraction Layer changes. + * Patches applied to 1.4.1 release code, updated to trunk, makefile dependencies + * deleted when they caused cvs merge conflicts. + * * Revision 1.2 1998/02/14 02:32:58 tlyu * * client_init.c: * * client_principal.c: @@ -65,6 +74,7 @@ static char *rcsid = "$Header$"; #include #include #include "client_internal.h" +#include "err_handle.h" kadm5_ret_t kadm5_get_privs(void *server_handle, long *privs) { @@ -76,5 +86,10 @@ kadm5_ret_t kadm5_get_privs(void *server_handle, long *privs) return KADM5_RPC_ERROR; else if (r->code == KADM5_OK) *privs = r->privs; + + if(r->code) + { + krb5_set_err( handle->context, krb5_err_have_str, r->code, r->err_str ); + } return r->code; } diff --git a/src/lib/kadm5/clnt/err_handle.c b/src/lib/kadm5/clnt/err_handle.c new file mode 100644 index 000000000..997544d5e --- /dev/null +++ b/src/lib/kadm5/clnt/err_handle.c @@ -0,0 +1,185 @@ +/********************************************************************** +* +* C %name: err_handle.c % +* Instance: idc_sec_1 +* Description: +* %created_by: spradeep % +* %date_created: Thu Apr 7 15:36:27 2005 % +* +**********************************************************************/ +#ifndef lint +static char *_csrc = "@(#) %filespec: err_handle.c~1 % (%full_filespec: err_handle.c~1:csrc:idc_sec#2 %)"; +#endif + +/* this file should be ideally be in util/et. But, for now thread safety requirement stops me from putting there. + if I do, then all the applications have to link to pthread */ + +#ifdef HAVE_PTHREAD_H +#include +#endif +#include "err_handle.h" +#include + +#ifdef NOVELL +krb5_errcode_2_string_func old_error_2_string = NULL; +#endif + +typedef struct { + char krb5_err_str[KRB5_MAX_ERR_STR + 1]; + long err_code; + krb5_err_subsystem subsystem; + krb5_context kcontext; +} krb5_err_struct_t; + +#ifdef HAVE_PTHREAD_H +static void tsd_key_destructor(void *data) +{ + free(data); +} + +static pthread_key_t krb5_err_key; + +static void init_err_handling( void ) +{ + assert(!pthread_key_create(&krb5_err_key, tsd_key_destructor)); +#ifdef NOVELL + old_error_2_string = error_message; + error_message = krb5_get_err_string; +#endif +} + +static pthread_once_t krb5_key_create = PTHREAD_ONCE_INIT; + +krb5_error_code krb5_set_err( krb5_context kcontext, krb5_err_subsystem subsystem, long err_code, char *str ) +{ + int ret; + krb5_err_struct_t *err_struct; + pthread_once(&krb5_key_create, init_err_handling); + + err_struct = (krb5_err_struct_t*) pthread_getspecific(krb5_err_key); + if( err_struct == NULL ) + { + err_struct = calloc(sizeof(krb5_err_struct_t), 1); + if( err_struct == NULL ) + return ENOMEM; + + if((ret = pthread_setspecific(krb5_err_key, err_struct))) + { + free( err_struct ); + return ret; + } + } + + err_struct->subsystem = subsystem; + err_struct->err_code = err_code; + err_struct->kcontext = kcontext; + if( err_struct->subsystem == krb5_err_have_str ) + { + strncpy( err_struct->krb5_err_str, str, sizeof(err_struct->krb5_err_str) ); + err_struct->krb5_err_str[KRB5_MAX_ERR_STR] = '\0'; + } + + return 0; +} + +const char * KRB5_CALLCONV krb5_get_err_string(long err_code) +{ + krb5_err_struct_t *err_struct; + pthread_once(&krb5_key_create, init_err_handling); + + err_struct = (krb5_err_struct_t*) pthread_getspecific(krb5_err_key); + if( err_struct && (err_struct->subsystem == krb5_err_have_str) && (err_code == err_struct->err_code) ) + { + /* checking error code is for safety. + In case, the caller ignores a database error and calls other calls before doing com_err. + Though not perfect, caller should call krb5_clr_error before this*/ + err_struct->subsystem = krb5_err_unknown; + return err_struct->krb5_err_str; + } + + /* Error strings are not generated here. the remaining two cases are handled by the default error string convertor */ +#ifdef NOVELL + return old_error_2_string(err_code); +#else + return error_message(err_code); +#endif +} + +void krb5_clr_error() +{ + krb5_err_struct_t *err_struct; + pthread_once(&krb5_key_create, init_err_handling); + + err_struct = (krb5_err_struct_t*) pthread_getspecific(krb5_err_key); + if( err_struct ) + err_struct->subsystem = krb5_err_unknown; +} + +#else +krb5_err_struct_t krb5_err = {{0}, 0, 0, 0}; +krb5_boolean krb5_init_once = TRUE; + +static void init_err_handling( void ) +{ + if( krb5_init_once ) + { +#ifdef NOVELL + old_error_2_string = error_message; + error_message = krb5_get_err_string; +#endif + krb5_init_once = FALSE; + } +} + +krb5_error_code krb5_set_err( krb5_context kcontext, krb5_err_subsystem subsystem, long err_code, char *str ) +{ + krb5_err_struct_t *err_struct = &krb5_err; + + init_err_handling(); /* takes care for multiple inits */ + + err_struct->subsystem = subsystem; + err_struct->err_code = err_code; + err_struct->kcontext = kcontext; + if( err_struct->subsystem == krb5_err_have_str ) + { + strncpy( err_struct->krb5_err_str, str, sizeof(err_struct->krb5_err_str) ); + err_struct->krb5_err_str[KRB5_MAX_ERR_STR] = '\0'; + } + + return 0; +} + +const char * KRB5_CALLCONV krb5_get_err_string(long err_code) +{ + krb5_err_struct_t *err_struct = &krb5_err; + + init_err_handling(); /* takes care for multiple inits */ + + if( (err_struct->subsystem == krb5_err_have_str) && (err_code == err_struct->err_code) ) + { + /* checking error code is for safety. + In case, the caller ignores a database error and calls other calls before doing com_err. + Though not perfect, caller should call krb5_clr_error before this*/ + err_struct->subsystem = krb5_err_unknown; + return err_struct->krb5_err_str; + } + + /* it is not generated here. the remaining two cases are handled by the default error string convertor */ +#ifdef NOVELL + return old_error_2_string(err_code); +#else + return error_message(err_code); +#endif +} + +void krb5_clr_error() +{ + krb5_err_struct_t *err_struct = &krb5_err; + + init_err_handling(); /* takes care for multiple inits */ + + err_struct->subsystem = krb5_err_unknown; +} + + +#endif diff --git a/src/lib/kadm5/clnt/err_handle.h b/src/lib/kadm5/clnt/err_handle.h new file mode 100644 index 000000000..76b6ee43c --- /dev/null +++ b/src/lib/kadm5/clnt/err_handle.h @@ -0,0 +1,32 @@ +/********************************************************************** +* +* C Header: err_handle.h +* Instance: idc_sec_1 +* Description: +* %created_by: spradeep % +* %date_created: Thu Apr 7 15:36:49 2005 % +* +**********************************************************************/ +#ifndef _idc_sec_1_err_handle_h_H +#define _idc_sec_1_err_handle_h_H +#include + +/* Everything else goes here */ + +#define KRB5_MAX_ERR_STR 1024 +typedef enum krb5_err_subsystem { krb5_err_unknown = 0, /* no error or unknown system. Has to be probed */ + krb5_err_system, /* error in system call */ + krb5_err_krblib, /* error in kerberos library call, should lookup in the error table */ + krb5_err_have_str, /* error message is available in the string */ + krb5_err_db /* error is a database error, should be handled by calling DB */ +} krb5_err_subsystem; + +typedef krb5_error_code (*krb5_set_err_func_t)( krb5_context, krb5_err_subsystem, long, char*); + +krb5_error_code krb5_set_err( krb5_context kcontext, krb5_err_subsystem subsystem, long err_code, char *str ); + +const char * KRB5_CALLCONV krb5_get_err_string(long err_code); + +void krb5_clr_error(void); + +#endif diff --git a/src/lib/kadm5/kadm_err.et b/src/lib/kadm5/kadm_err.et index c7b48b369..da18a74eb 100644 --- a/src/lib/kadm5/kadm_err.et +++ b/src/lib/kadm5/kadm_err.et @@ -59,4 +59,5 @@ error_code KADM5_SETKEY_DUP_ENCTYPES, "Multiple values for single or folded enct error_code KADM5_SETV4KEY_INVAL_ENCTYPE, "Invalid enctype for setv4key" error_code KADM5_SETKEY3_ETYPE_MISMATCH, "Mismatched enctypes for setkey3" error_code KADM5_MISSING_KRB5_CONF_PARAMS, "Missing parameters in krb5.conf required for kadmin client" +error_code KADM5_XDR_FAILURE, "XDR encoding error" end diff --git a/src/lib/kadm5/kadm_rpc.h b/src/lib/kadm5/kadm_rpc.h index d546c9472..df7764361 100644 --- a/src/lib/kadm5/kadm_rpc.h +++ b/src/lib/kadm5/kadm_rpc.h @@ -29,6 +29,7 @@ bool_t xdr_cprinc3_arg(); struct generic_ret { krb5_ui_4 api_version; kadm5_ret_t code; + char *err_str; }; typedef struct generic_ret generic_ret; bool_t xdr_generic_ret(); @@ -68,6 +69,7 @@ struct gprincs_ret { kadm5_ret_t code; char **princs; int count; + char *err_str; }; typedef struct gprincs_ret gprincs_ret; bool_t xdr_gprincs_ret(); @@ -143,6 +145,7 @@ struct chrand_ret { krb5_keyblock key; krb5_keyblock *keys; int n_keys; + char *err_str; }; typedef struct chrand_ret chrand_ret; bool_t xdr_chrand_ret(); @@ -159,6 +162,7 @@ struct gprinc_ret { krb5_ui_4 api_version; kadm5_ret_t code; kadm5_principal_ent_rec rec; + char *err_str; }; typedef struct gprinc_ret gprinc_ret; bool_t xdr_gprinc_ret(); @@ -206,6 +210,7 @@ struct gpol_ret { krb5_ui_4 api_version; kadm5_ret_t code; kadm5_policy_ent_rec rec; + char *err_str; }; typedef struct gpol_ret gpol_ret; bool_t xdr_gpol_ret(); @@ -222,6 +227,7 @@ struct gpols_ret { kadm5_ret_t code; char **pols; int count; + char *err_str; }; typedef struct gpols_ret gpols_ret; bool_t xdr_gpols_ret(); @@ -230,6 +236,7 @@ struct getprivs_ret { krb5_ui_4 api_version; kadm5_ret_t code; long privs; + char *err_str; }; typedef struct getprivs_ret getprivs_ret; bool_t xdr_getprivs_ret(); diff --git a/src/lib/kadm5/kadm_rpc_xdr.c b/src/lib/kadm5/kadm_rpc_xdr.c index f5a34e925..f7090bdcf 100644 --- a/src/lib/kadm5/kadm_rpc_xdr.c +++ b/src/lib/kadm5/kadm_rpc_xdr.c @@ -544,6 +544,19 @@ xdr_generic_ret(XDR *xdrs, generic_ret *objp) if (!xdr_kadm5_ret_t(xdrs, &objp->code)) { return (FALSE); } + + if( xdrs->x_op == XDR_ENCODE ) + { + char *tmp_str = "Unknown error code"; + if(!xdr_string(xdrs, objp->err_str?&objp->err_str:&tmp_str, (unsigned int)-1 )) { + return (FALSE); + } + } else { + if(!xdr_string(xdrs, &objp->err_str, (unsigned int)-1 )) { + return (FALSE); + } + } + return(TRUE); } @@ -626,6 +639,19 @@ xdr_gprincs_ret(XDR *xdrs, gprincs_ret *objp) return (FALSE); } } + + if( xdrs->x_op == XDR_ENCODE ) + { + char *tmp_str = "Unknown error code"; + if(!xdr_string(xdrs, objp->err_str?&objp->err_str:&tmp_str, (unsigned int)-1 )) { + return (FALSE); + } + } else { + if(!xdr_string(xdrs, &objp->err_str, (unsigned int)-1 )) { + return (FALSE); + } + } + return (TRUE); } @@ -785,7 +811,19 @@ xdr_chrand_ret(XDR *xdrs, chrand_ret *objp) return FALSE; } } - + + if( xdrs->x_op == XDR_ENCODE ) + { + char *tmp_str = "Unknown error code"; + if(!xdr_string(xdrs, objp->err_str?&objp->err_str:&tmp_str, (unsigned int)-1 )) { + return (FALSE); + } + } else { + if(!xdr_string(xdrs, &objp->err_str, (unsigned int)-1 )) { + return (FALSE); + } + } + return (TRUE); } @@ -826,6 +864,19 @@ xdr_gprinc_ret(XDR *xdrs, gprinc_ret *objp) } } } + + if( xdrs->x_op == XDR_ENCODE ) + { + char *tmp_str = "Unknown error code"; + if(!xdr_string(xdrs, objp->err_str?&objp->err_str:&tmp_str, (unsigned int)-1 )) { + return (FALSE); + } + } else { + if(!xdr_string(xdrs, &objp->err_str, (unsigned int)-1 )) { + return (FALSE); + } + } + return (TRUE); } @@ -896,6 +947,19 @@ xdr_gpol_ret(XDR *xdrs, gpol_ret *objp) if (!xdr_kadm5_policy_ent_rec(xdrs, &objp->rec)) return (FALSE); } + + if( xdrs->x_op == XDR_ENCODE ) + { + char *tmp_str = "Unknown error code"; + if(!xdr_string(xdrs, objp->err_str?&objp->err_str:&tmp_str, (unsigned int)-1 )) { + return (FALSE); + } + } else { + if(!xdr_string(xdrs, &objp->err_str, (unsigned int)-1 )) { + return (FALSE); + } + } + return (TRUE); } @@ -930,6 +994,19 @@ xdr_gpols_ret(XDR *xdrs, gpols_ret *objp) return (FALSE); } } + + if( xdrs->x_op == XDR_ENCODE ) + { + char *tmp_str = "Unknown error code"; + if(!xdr_string(xdrs, objp->err_str?&objp->err_str:&tmp_str, (unsigned int)-1 )) { + return (FALSE); + } + } else { + if(!xdr_string(xdrs, &objp->err_str, (unsigned int)-1 )) { + return (FALSE); + } + } + return (TRUE); } @@ -941,6 +1018,19 @@ bool_t xdr_getprivs_ret(XDR *xdrs, getprivs_ret *objp) if (! xdr_kadm5_ret_t(xdrs, &objp->code) || ! xdr_long(xdrs, &objp->privs)) return FALSE; + + if( xdrs->x_op == XDR_ENCODE ) + { + char *tmp_str = "Unknown error code"; + if(!xdr_string(xdrs, objp->err_str?&objp->err_str:&tmp_str, (unsigned int)-1 )) { + return (FALSE); + } + } else { + if(!xdr_string(xdrs, &objp->err_str, (unsigned int)-1 )) { + return (FALSE); + } + } + return TRUE; } diff --git a/src/lib/kadm5/ovsec_glue.c b/src/lib/kadm5/ovsec_glue.c index ce818934f..750aa3f81 100644 --- a/src/lib/kadm5/ovsec_glue.c +++ b/src/lib/kadm5/ovsec_glue.c @@ -6,10 +6,11 @@ ovsec_kadm_ret_t ovsec_kadm_init_with_password(char *client_name, char *pass, char *realm, krb5_ui_4 struct_version, krb5_ui_4 api_version, + char **db_args, void **server_handle) { return kadm5_init_with_password(client_name, pass, service_name, - realm, struct_version, api_version, + realm, struct_version, api_version, db_args, server_handle); } @@ -18,10 +19,11 @@ ovsec_kadm_ret_t ovsec_kadm_init_with_skey(char *client_name, char *keytab, char *realm, krb5_ui_4 struct_version, krb5_ui_4 api_version, + char **db_args, void **server_handle) { return kadm5_init_with_skey(client_name, keytab, service_name, realm, - struct_version, api_version, + struct_version, api_version, db_args, server_handle); } @@ -30,10 +32,11 @@ ovsec_kadm_ret_t ovsec_kadm_init(char *client_name, char *from_stash, char *realm, krb5_ui_4 struct_version, krb5_ui_4 api_version, + char **db_args, void **server_handle) { return kadm5_init(client_name, from_stash, service_name, - realm, struct_version, api_version, + realm, struct_version, api_version, db_args, server_handle); } diff --git a/src/lib/kadm5/server_internal.h b/src/lib/kadm5/server_internal.h index 7792d0a49..33d6593ac 100644 --- a/src/lib/kadm5/server_internal.h +++ b/src/lib/kadm5/server_internal.h @@ -21,7 +21,6 @@ #include #include #include "admin_internal.h" -#include "adb.h" typedef struct _kadm5_server_handle_t { krb5_ui_4 magic_number; @@ -31,9 +30,26 @@ typedef struct _kadm5_server_handle_t { krb5_principal current_caller; kadm5_config_params params; struct _kadm5_server_handle_t *lhandle; - osa_adb_policy_t policy_db; + char **db_args; } kadm5_server_handle_rec, *kadm5_server_handle_t; +#define OSA_ADB_PRINC_VERSION_1 0x12345C01 + +typedef struct _osa_pw_hist_t { + int n_key_data; + krb5_key_data *key_data; +} osa_pw_hist_ent, *osa_pw_hist_t; + typedef struct _osa_princ_ent_t { + int version; + char *policy; + long aux_attributes; + unsigned int old_key_len; + unsigned int old_key_next; + krb5_kvno admin_history_kvno; + osa_pw_hist_ent *old_keys; +} osa_princ_ent_rec, *osa_princ_ent_t; + + kadm5_ret_t adb_policy_init(kadm5_server_handle_t handle); kadm5_ret_t adb_policy_close(kadm5_server_handle_t handle); kadm5_ret_t passwd_check(kadm5_server_handle_t handle, @@ -55,6 +71,7 @@ krb5_error_code kdb_put_entry(kadm5_server_handle_t handle, krb5_error_code kdb_delete_entry(kadm5_server_handle_t handle, krb5_principal name); krb5_error_code kdb_iter_entry(kadm5_server_handle_t handle, + char *match_entry, void (*iter_fct)(void *, krb5_principal), void *data); @@ -115,4 +132,9 @@ extern krb5_principal current_caller; KADM5_NEW_SERVER_API_VERSION) \ SERVER_CHECK_HANDLE(handle) +bool_t xdr_osa_princ_ent_rec(XDR *xdrs, osa_princ_ent_t objp); + +void +osa_free_princ_ent(osa_princ_ent_t val); + #endif /* __KADM5_SERVER_INTERNAL_H__ */ diff --git a/src/lib/kadm5/srv/ChangeLog b/src/lib/kadm5/srv/ChangeLog index eeba8685c..c885bc65d 100644 --- a/src/lib/kadm5/srv/ChangeLog +++ b/src/lib/kadm5/srv/ChangeLog @@ -1,3 +1,18 @@ +2005-06-20 Ken Raeburn + + Novell merge. + * Makefile.in: + * adb_free.c: + * adb_openclose.c: + * adb_policy.c: + * adb_xdr.c: + * server_init.c: + * server_kdb.c: + * server_misc.c: + * svr_iters.c: + * svr_policy.c: + * svr_principal.c: + 2004-12-20 Tom Yu * svr_principal.c (add_to_history): Rewrite somewhat, using diff --git a/src/lib/kadm5/srv/Makefile.in b/src/lib/kadm5/srv/Makefile.in index 66de263ce..6a159ffcb 100644 --- a/src/lib/kadm5/srv/Makefile.in +++ b/src/lib/kadm5/srv/Makefile.in @@ -35,10 +35,7 @@ SRCS = $(srcdir)/svr_policy.c \ $(srcdir)/server_dict.c \ $(srcdir)/svr_iters.c \ $(srcdir)/svr_chpass_util.c \ - $(srcdir)/adb_xdr.c \ - $(srcdir)/adb_policy.c \ - $(srcdir)/adb_free.c \ - $(srcdir)/adb_openclose.c + $(srcdir)/adb_xdr.c OBJS = svr_policy.$(OBJEXT) \ svr_principal.$(OBJEXT) \ @@ -49,10 +46,7 @@ OBJS = svr_policy.$(OBJEXT) \ server_dict.$(OBJEXT) \ svr_iters.$(OBJEXT) \ svr_chpass_util.$(OBJEXT) \ - adb_xdr.$(OBJEXT) \ - adb_policy.$(OBJEXT) \ - adb_free.$(OBJEXT) \ - adb_openclose.$(OBJEXT) + adb_xdr.$(OBJEXT) STLIBOBJS = \ svr_policy.o \ @@ -64,10 +58,7 @@ STLIBOBJS = \ server_dict.o \ svr_iters.o \ svr_chpass_util.o \ - adb_xdr.o \ - adb_policy.o \ - adb_free.o \ - adb_openclose.o + adb_xdr.o all-unix:: includes all-unix:: all-liblinks @@ -115,10 +106,8 @@ svr_policy.so svr_policy.po $(OUTPRE)svr_policy.$(OBJEXT): \ $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \ $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/socket-utils.h \ $(SRCTOP)/include/krb5/kdb.h $(BUILDTOP)/include/kadm5/kadm_err.h \ - $(BUILDTOP)/include/kadm5/adb_err.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \ - $(BUILDTOP)/include/kadm5/adb.h $(SRCTOP)/include/krb5/kdb.h \ - $(DB_DEPS) $(BUILDTOP)/include/kadm5/server_internal.h \ - $(BUILDTOP)/include/kadm5/admin_internal.h $(BUILDTOP)/include/kadm5/adb.h + $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/server_internal.h \ + $(SRCTOP)/include/krb5/kdb.h $(BUILDTOP)/include/kadm5/admin_internal.h svr_principal.so svr_principal.po $(OUTPRE)svr_principal.$(OBJEXT): \ svr_principal.c $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/gssrpc/rpc.h \ $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/gssrpc/rename.h \ @@ -133,10 +122,8 @@ svr_principal.so svr_principal.po $(OUTPRE)svr_principal.$(OBJEXT): \ $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \ $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/socket-utils.h \ $(SRCTOP)/include/krb5/kdb.h $(BUILDTOP)/include/kadm5/kadm_err.h \ - $(BUILDTOP)/include/kadm5/adb_err.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \ - $(BUILDTOP)/include/kadm5/adb.h $(SRCTOP)/include/krb5/kdb.h \ - $(DB_DEPS) $(BUILDTOP)/include/kadm5/server_internal.h \ - $(BUILDTOP)/include/kadm5/admin_internal.h $(BUILDTOP)/include/kadm5/adb.h + $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(SRCTOP)/include/krb5/kdb.h \ + $(BUILDTOP)/include/kadm5/server_internal.h $(BUILDTOP)/include/kadm5/admin_internal.h server_acl.so server_acl.po $(OUTPRE)server_acl.$(OBJEXT): \ server_acl.c $(SRCTOP)/include/syslog.h $(BUILDTOP)/include/gssapi/gssapi_generic.h \ $(BUILDTOP)/include/gssapi/gssapi.h $(SRCTOP)/include/k5-int.h \ @@ -154,9 +141,8 @@ server_acl.so server_acl.po $(OUTPRE)server_acl.$(OBJEXT): \ $(BUILDTOP)/include/gssrpc/auth_unix.h $(BUILDTOP)/include/gssrpc/auth_gss.h \ $(BUILDTOP)/include/gssrpc/svc_auth.h $(BUILDTOP)/include/gssrpc/svc.h \ $(BUILDTOP)/include/krb5.h $(SRCTOP)/include/k5-int.h \ - $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/adb_err.h \ - $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/admin_internal.h \ - $(BUILDTOP)/include/kadm5/adb.h $(DB_DEPS) $(SRCTOP)/include/krb5/adm_proto.h \ + $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \ + $(BUILDTOP)/include/kadm5/admin_internal.h $(SRCTOP)/include/krb5/adm_proto.h \ server_acl.h server_kdb.so server_kdb.po $(OUTPRE)server_kdb.$(OBJEXT): \ server_kdb.c $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/krb5/osconf.h \ @@ -173,10 +159,8 @@ server_kdb.so server_kdb.po $(OUTPRE)server_kdb.$(OBJEXT): \ $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/svc_auth.h \ $(BUILDTOP)/include/gssrpc/svc.h $(BUILDTOP)/include/krb5.h \ $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/kadm5/kadm_err.h \ - $(BUILDTOP)/include/kadm5/adb_err.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \ - $(BUILDTOP)/include/kadm5/server_internal.h $(SRCTOP)/include/krb5/kdb.h \ - $(BUILDTOP)/include/kadm5/admin_internal.h $(BUILDTOP)/include/kadm5/adb.h \ - $(DB_DEPS) + $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/server_internal.h \ + $(SRCTOP)/include/krb5/kdb.h $(BUILDTOP)/include/kadm5/admin_internal.h server_misc.so server_misc.po $(OUTPRE)server_misc.$(OBJEXT): \ server_misc.c $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/krb5/osconf.h \ $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/k5-platform.h \ @@ -184,18 +168,17 @@ server_misc.so server_misc.po $(OUTPRE)server_misc.$(OBJEXT): \ $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h \ $(SRCTOP)/include/port-sockets.h $(BUILDTOP)/include/krb5/autoconf.h \ $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \ - $(SRCTOP)/include/krb5/kdb.h $(BUILDTOP)/include/kadm5/adb.h \ - $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/gssrpc/rename.h \ - $(SRCTOP)/include/k5-int.h $(DB_DEPS) $(BUILDTOP)/include/kadm5/admin.h \ - $(BUILDTOP)/include/gssrpc/rpc.h $(BUILDTOP)/include/gssrpc/xdr.h \ + $(SRCTOP)/include/krb5/kdb.h $(BUILDTOP)/include/kadm5/server_internal.h \ + $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/kadm5/admin.h \ + $(BUILDTOP)/include/gssrpc/rpc.h $(BUILDTOP)/include/gssrpc/types.h \ + $(BUILDTOP)/include/gssrpc/rename.h $(BUILDTOP)/include/gssrpc/xdr.h \ $(BUILDTOP)/include/gssrpc/auth.h $(BUILDTOP)/include/gssrpc/clnt.h \ $(BUILDTOP)/include/gssrpc/rpc_msg.h $(BUILDTOP)/include/gssrpc/auth_unix.h \ $(BUILDTOP)/include/gssrpc/auth_gss.h $(BUILDTOP)/include/gssapi/gssapi.h \ $(BUILDTOP)/include/gssrpc/svc_auth.h $(BUILDTOP)/include/gssrpc/svc.h \ $(BUILDTOP)/include/krb5.h $(SRCTOP)/include/k5-int.h \ - $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/adb_err.h \ - $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/server_internal.h \ - $(BUILDTOP)/include/kadm5/admin_internal.h $(BUILDTOP)/include/kadm5/adb.h + $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \ + $(BUILDTOP)/include/kadm5/admin_internal.h server_init.so server_init.po $(OUTPRE)server_init.$(OBJEXT): \ server_init.c $(COM_ERR_DEPS) $(BUILDTOP)/include/kadm5/admin.h \ $(BUILDTOP)/include/gssrpc/rpc.h $(BUILDTOP)/include/gssrpc/types.h \ @@ -210,10 +193,9 @@ server_init.so server_init.po $(OUTPRE)server_init.$(OBJEXT): \ $(SRCTOP)/include/k5-thread.h $(BUILDTOP)/include/profile.h \ $(SRCTOP)/include/port-sockets.h $(BUILDTOP)/include/krb5/autoconf.h \ $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \ - $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/adb_err.h \ - $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/server_internal.h \ - $(SRCTOP)/include/krb5/kdb.h $(BUILDTOP)/include/kadm5/admin_internal.h \ - $(BUILDTOP)/include/kadm5/adb.h $(DB_DEPS) + $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \ + $(BUILDTOP)/include/kadm5/server_internal.h $(SRCTOP)/include/krb5/kdb.h \ + $(BUILDTOP)/include/kadm5/admin_internal.h server_dict.so server_dict.po $(OUTPRE)server_dict.$(OBJEXT): \ server_dict.c $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/gssrpc/rpc.h \ $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/gssrpc/rename.h \ @@ -228,11 +210,9 @@ server_dict.so server_dict.po $(OUTPRE)server_dict.$(OBJEXT): \ $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \ $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/socket-utils.h \ $(SRCTOP)/include/krb5/kdb.h $(BUILDTOP)/include/kadm5/kadm_err.h \ - $(BUILDTOP)/include/kadm5/adb_err.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \ - $(SRCTOP)/include/krb5/adm_proto.h $(SRCTOP)/include/syslog.h \ - $(BUILDTOP)/include/kadm5/server_internal.h $(SRCTOP)/include/krb5/kdb.h \ - $(BUILDTOP)/include/kadm5/admin_internal.h $(BUILDTOP)/include/kadm5/adb.h \ - $(DB_DEPS) + $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(SRCTOP)/include/krb5/adm_proto.h \ + $(SRCTOP)/include/syslog.h $(BUILDTOP)/include/kadm5/server_internal.h \ + $(SRCTOP)/include/krb5/kdb.h $(BUILDTOP)/include/kadm5/admin_internal.h svr_iters.so svr_iters.po $(OUTPRE)svr_iters.$(OBJEXT): \ svr_iters.c $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/gssrpc/rpc.h \ $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/gssrpc/rename.h \ @@ -247,10 +227,8 @@ svr_iters.so svr_iters.po $(OUTPRE)svr_iters.$(OBJEXT): \ $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \ $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/socket-utils.h \ $(SRCTOP)/include/krb5/kdb.h $(BUILDTOP)/include/kadm5/kadm_err.h \ - $(BUILDTOP)/include/kadm5/adb_err.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \ - $(BUILDTOP)/include/kadm5/adb.h $(SRCTOP)/include/krb5/kdb.h \ - $(DB_DEPS) $(BUILDTOP)/include/kadm5/server_internal.h \ - $(BUILDTOP)/include/kadm5/admin_internal.h $(BUILDTOP)/include/kadm5/adb.h + $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/server_internal.h \ + $(SRCTOP)/include/krb5/kdb.h $(BUILDTOP)/include/kadm5/admin_internal.h svr_chpass_util.so svr_chpass_util.po $(OUTPRE)svr_chpass_util.$(OBJEXT): \ svr_chpass_util.c $(BUILDTOP)/include/kadm5/admin.h \ $(BUILDTOP)/include/gssrpc/rpc.h $(BUILDTOP)/include/gssrpc/types.h \ @@ -265,10 +243,9 @@ svr_chpass_util.so svr_chpass_util.po $(OUTPRE)svr_chpass_util.$(OBJEXT): \ $(SRCTOP)/include/k5-thread.h $(BUILDTOP)/include/profile.h \ $(SRCTOP)/include/port-sockets.h $(BUILDTOP)/include/krb5/autoconf.h \ $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \ - $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/adb_err.h \ - $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/server_internal.h \ - $(SRCTOP)/include/krb5/kdb.h $(BUILDTOP)/include/kadm5/admin_internal.h \ - $(BUILDTOP)/include/kadm5/adb.h $(DB_DEPS) + $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \ + $(BUILDTOP)/include/kadm5/server_internal.h $(SRCTOP)/include/krb5/kdb.h \ + $(BUILDTOP)/include/kadm5/admin_internal.h adb_xdr.so adb_xdr.po $(OUTPRE)adb_xdr.$(OBJEXT): adb_xdr.c \ $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(BUILDTOP)/include/gssrpc/rpc.h \ $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/gssrpc/rename.h \ @@ -276,65 +253,14 @@ adb_xdr.so adb_xdr.po $(OUTPRE)adb_xdr.$(OBJEXT): adb_xdr.c \ $(BUILDTOP)/include/gssrpc/clnt.h $(BUILDTOP)/include/gssrpc/rpc_msg.h \ $(BUILDTOP)/include/gssrpc/auth_unix.h $(BUILDTOP)/include/gssrpc/auth_gss.h \ $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/svc_auth.h \ - $(BUILDTOP)/include/gssrpc/svc.h $(BUILDTOP)/include/kadm5/adb.h \ + $(BUILDTOP)/include/gssrpc/svc.h $(BUILDTOP)/include/kadm5/server_internal.h \ $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/krb5/osconf.h \ $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/k5-platform.h \ $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/k5-thread.h \ $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \ $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/socket-utils.h \ $(SRCTOP)/include/krb5/kdb.h $(SRCTOP)/include/krb5/kdb.h \ - $(DB_DEPS) $(BUILDTOP)/include/kadm5/admin.h $(SRCTOP)/include/k5-int.h \ - $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/adb_err.h \ - $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/admin_xdr.h \ - $(BUILDTOP)/include/kadm5/kadm_rpc.h -adb_policy.so adb_policy.po $(OUTPRE)adb_policy.$(OBJEXT): \ - adb_policy.c $(BUILDTOP)/include/kadm5/adb.h $(BUILDTOP)/include/gssrpc/types.h \ - $(BUILDTOP)/include/gssrpc/rename.h $(SRCTOP)/include/k5-int.h \ - $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \ - $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5/autoconf.h \ - $(SRCTOP)/include/k5-thread.h $(BUILDTOP)/include/krb5.h \ - $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \ - $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/socket-utils.h \ - $(SRCTOP)/include/krb5/kdb.h $(SRCTOP)/include/krb5/kdb.h \ - $(DB_DEPS) $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/gssrpc/rpc.h \ - $(BUILDTOP)/include/gssrpc/xdr.h $(BUILDTOP)/include/gssrpc/auth.h \ - $(BUILDTOP)/include/gssrpc/clnt.h $(BUILDTOP)/include/gssrpc/rpc_msg.h \ - $(BUILDTOP)/include/gssrpc/auth_unix.h $(BUILDTOP)/include/gssrpc/auth_gss.h \ - $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/svc_auth.h \ - $(BUILDTOP)/include/gssrpc/svc.h $(BUILDTOP)/include/krb5.h \ - $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/kadm5/kadm_err.h \ - $(BUILDTOP)/include/kadm5/adb_err.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h -adb_free.so adb_free.po $(OUTPRE)adb_free.$(OBJEXT): \ - adb_free.c $(BUILDTOP)/include/kadm5/adb.h $(BUILDTOP)/include/gssrpc/types.h \ - $(BUILDTOP)/include/gssrpc/rename.h $(SRCTOP)/include/k5-int.h \ - $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \ - $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5/autoconf.h \ - $(SRCTOP)/include/k5-thread.h $(BUILDTOP)/include/krb5.h \ - $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \ - $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/socket-utils.h \ - $(SRCTOP)/include/krb5/kdb.h $(SRCTOP)/include/krb5/kdb.h \ - $(DB_DEPS) $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/gssrpc/rpc.h \ - $(BUILDTOP)/include/gssrpc/xdr.h $(BUILDTOP)/include/gssrpc/auth.h \ - $(BUILDTOP)/include/gssrpc/clnt.h $(BUILDTOP)/include/gssrpc/rpc_msg.h \ - $(BUILDTOP)/include/gssrpc/auth_unix.h $(BUILDTOP)/include/gssrpc/auth_gss.h \ - $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/svc_auth.h \ - $(BUILDTOP)/include/gssrpc/svc.h $(BUILDTOP)/include/krb5.h \ - $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/kadm5/kadm_err.h \ - $(BUILDTOP)/include/kadm5/adb_err.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h -adb_openclose.so adb_openclose.po $(OUTPRE)adb_openclose.$(OBJEXT): \ - adb_openclose.c $(BUILDTOP)/include/kadm5/adb.h $(BUILDTOP)/include/gssrpc/types.h \ - $(BUILDTOP)/include/gssrpc/rename.h $(SRCTOP)/include/k5-int.h \ - $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \ - $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5/autoconf.h \ - $(SRCTOP)/include/k5-thread.h $(BUILDTOP)/include/krb5.h \ - $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \ - $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/socket-utils.h \ - $(SRCTOP)/include/krb5/kdb.h $(SRCTOP)/include/krb5/kdb.h \ - $(DB_DEPS) $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/gssrpc/rpc.h \ - $(BUILDTOP)/include/gssrpc/xdr.h $(BUILDTOP)/include/gssrpc/auth.h \ - $(BUILDTOP)/include/gssrpc/clnt.h $(BUILDTOP)/include/gssrpc/rpc_msg.h \ - $(BUILDTOP)/include/gssrpc/auth_unix.h $(BUILDTOP)/include/gssrpc/auth_gss.h \ - $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/svc_auth.h \ - $(BUILDTOP)/include/gssrpc/svc.h $(BUILDTOP)/include/krb5.h \ - $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/kadm5/kadm_err.h \ - $(BUILDTOP)/include/kadm5/adb_err.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h + $(BUILDTOP)/include/kadm5/admin.h $(SRCTOP)/include/k5-int.h \ + $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \ + $(BUILDTOP)/include/kadm5/admin_internal.h $(BUILDTOP)/include/kadm5/admin_xdr.h \ + $(BUILDTOP)/include/kadm5/kadm_rpc.h $(BUILDTOP)/include/kadm5/server_internal.h diff --git a/src/lib/kadm5/srv/adb_free.c b/src/lib/kadm5/srv/adb_free.c deleted file mode 100644 index cfc107d06..000000000 --- a/src/lib/kadm5/srv/adb_free.c +++ /dev/null @@ -1,85 +0,0 @@ -/* - * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved - * - * $Header$ - * - * $Log$ - * Revision 1.3 2000/06/01 02:02:03 tritan - * Check for existance of . - * (from Nathan Neulinger ) - * - * Revision 1.2 1996/10/18 19:45:49 bjaspan - * * svr_misc_free.c, server_dict.c, adb_policy.c, adb_free.c: - * include stdlib.h instead of malloc.h [krb5-admin/35] - * - * Revision 1.1 1996/07/24 22:23:09 tlyu - * * Makefile.in, configure.in: break out server lib into a - * subdirectory - * - * Revision 1.8 1996/07/22 20:35:16 marc - * this commit includes all the changes on the OV_9510_INTEGRATION and - * OV_MERGE branches. This includes, but is not limited to, the new openvision - * admin system, and major changes to gssapi to add functionality, and bring - * the implementation in line with rfc1964. before committing, the - * code was built and tested for netbsd and solaris. - * - * Revision 1.7.4.1 1996/07/18 03:08:07 marc - * merged in changes from OV_9510_BP to OV_9510_FINAL1 - * - * Revision 1.7.2.1 1996/06/20 02:16:25 marc - * File added to the repository on a branch - * - * Revision 1.7 1996/05/12 06:21:57 marc - * don't use for "internal header files" - * - * Revision 1.6 1993/12/13 21:15:56 shanzer - * fixed memory leak - * ., - * - * Revision 1.5 1993/12/06 22:20:37 marc - * fixup free functions to use xdr to free the underlying struct - * - * Revision 1.4 1993/11/15 00:29:46 shanzer - * check to make sure pointers are somewhat vaid before freeing. - * - * Revision 1.3 1993/11/09 04:02:24 shanzer - * added some includefiles - * changed bzero to memset - * - * Revision 1.2 1993/11/04 01:54:24 shanzer - * added rcs header .. - * - */ - -#if !defined(lint) && !defined(__CODECENTER__) -static char *rcsid = "$Header$"; -#endif - -#include "adb.h" -#ifdef HAVE_MEMORY_H -#include -#endif -#include - -void -osa_free_princ_ent(osa_princ_ent_t val) -{ - XDR xdrs; - - xdrmem_create(&xdrs, NULL, 0, XDR_FREE); - - xdr_osa_princ_ent_rec(&xdrs, val); - free(val); -} - -void -osa_free_policy_ent(osa_policy_ent_t val) -{ - XDR xdrs; - - xdrmem_create(&xdrs, NULL, 0, XDR_FREE); - - xdr_osa_policy_ent_rec(&xdrs, val); - free(val); -} - diff --git a/src/lib/kadm5/srv/adb_xdr.c b/src/lib/kadm5/srv/adb_xdr.c index 757cf92e5..d5d17062a 100644 --- a/src/lib/kadm5/srv/adb_xdr.c +++ b/src/lib/kadm5/srv/adb_xdr.c @@ -11,7 +11,7 @@ static char *rcsid = "$Header$"; #include #include #include -#include "adb.h" +#include "server_internal.h" #include "admin_xdr.h" #ifdef HAVE_MEMORY_H #include @@ -97,38 +97,14 @@ xdr_osa_princ_ent_rec(XDR *xdrs, osa_princ_ent_t objp) return (TRUE); } -bool_t -xdr_osa_policy_ent_rec(XDR *xdrs, osa_policy_ent_t objp) +void +osa_free_princ_ent(osa_princ_ent_t val) { - switch (xdrs->x_op) { - case XDR_ENCODE: - objp->version = OSA_ADB_POLICY_VERSION_1; - /* fall through */ - case XDR_FREE: - if (!xdr_int(xdrs, &objp->version)) - return FALSE; - break; - case XDR_DECODE: - if (!xdr_int(xdrs, &objp->version)) - return FALSE; - if (objp->version != OSA_ADB_POLICY_VERSION_1) - return FALSE; - break; - } - - if(!xdr_nullstring(xdrs, &objp->name)) - return (FALSE); - if (!xdr_u_int32(xdrs, &objp->pw_min_life)) - return (FALSE); - if (!xdr_u_int32(xdrs, &objp->pw_max_life)) - return (FALSE); - if (!xdr_u_int32(xdrs, &objp->pw_min_length)) - return (FALSE); - if (!xdr_u_int32(xdrs, &objp->pw_min_classes)) - return (FALSE); - if (!xdr_u_int32(xdrs, &objp->pw_history_num)) - return (FALSE); - if (!xdr_u_int32(xdrs, &objp->policy_refcnt)) - return (FALSE); - return (TRUE); + XDR xdrs; + + xdrmem_create(&xdrs, NULL, 0, XDR_FREE); + + xdr_osa_princ_ent_rec(&xdrs, val); + free(val); } + diff --git a/src/lib/kadm5/srv/server_init.c b/src/lib/kadm5/srv/server_init.c index dc3526a72..a5369298a 100644 --- a/src/lib/kadm5/srv/server_init.c +++ b/src/lib/kadm5/srv/server_init.c @@ -33,15 +33,70 @@ static int check_handle(void *handle) return 0; } +static int dup_db_args( kadm5_server_handle_t handle, char **db_args ) +{ + int count = 0; + int ret = 0; + + for( count=0; db_args && db_args[count]; count++ ); + if( count == 0 ) + { + handle->db_args = NULL; + goto clean_n_exit; + } + + handle->db_args = calloc(sizeof(char*), count+1); + if( handle->db_args == NULL ) + { + ret=ENOMEM; + goto clean_n_exit; + } + + for(count=0; db_args[count]; count++) + { + handle->db_args[count] = strdup(db_args[count]); + if( handle->db_args[count] == NULL ) + { + ret = ENOMEM; + goto clean_n_exit; + } + } + + clean_n_exit: + if( ret && handle->db_args ) + { + for(count=0; handle->db_args[count]; count++ ) + free( handle->db_args[count] ); + + free(handle->db_args), handle->db_args = NULL; + } + + return ret; +} + +static void free_db_args(kadm5_server_handle_t handle) +{ + int count; + + if( handle->db_args ) + { + for(count=0; handle->db_args[count]; count++ ) + free( handle->db_args[count] ); + + free(handle->db_args), handle->db_args = NULL; + } +} + kadm5_ret_t kadm5_init_with_password(char *client_name, char *pass, char *service_name, kadm5_config_params *params, krb5_ui_4 struct_version, krb5_ui_4 api_version, + char **db_args, void **server_handle) { return kadm5_init(client_name, pass, service_name, params, - struct_version, api_version, + struct_version, api_version, db_args, server_handle); } @@ -51,6 +106,7 @@ kadm5_ret_t kadm5_init_with_creds(char *client_name, kadm5_config_params *params, krb5_ui_4 struct_version, krb5_ui_4 api_version, + char **db_args, void **server_handle) { /* @@ -64,7 +120,7 @@ kadm5_ret_t kadm5_init_with_creds(char *client_name, params->mkey_from_kbd) return KADM5_BAD_SERVER_PARAMS; return kadm5_init(client_name, NULL, service_name, params, - struct_version, api_version, + struct_version, api_version, db_args, server_handle); } @@ -74,6 +130,7 @@ kadm5_ret_t kadm5_init_with_skey(char *client_name, char *keytab, kadm5_config_params *params, krb5_ui_4 struct_version, krb5_ui_4 api_version, + char **db_args, void **server_handle) { /* @@ -87,7 +144,7 @@ kadm5_ret_t kadm5_init_with_skey(char *client_name, char *keytab, params->mkey_from_kbd) return KADM5_BAD_SERVER_PARAMS; return kadm5_init(client_name, NULL, service_name, params, - struct_version, api_version, + struct_version, api_version, db_args, server_handle); } @@ -96,6 +153,7 @@ kadm5_ret_t kadm5_init(char *client_name, char *pass, kadm5_config_params *params_in, krb5_ui_4 struct_version, krb5_ui_4 api_version, + char **db_args, void **server_handle) { int ret; @@ -112,14 +170,22 @@ kadm5_ret_t kadm5_init(char *client_name, char *pass, return ENOMEM; memset(handle, 0, sizeof(*handle)); + ret = dup_db_args( handle, db_args ); + if( ret ) + { + free(handle); + return ret; + } + ret = (int) krb5_init_context(&(handle->context)); if (ret) { + free_db_args(handle); free(handle); return(ret); } initialize_ovk_error_table(); - initialize_adb_error_table(); +/* initialize_adb_error_table(); */ initialize_ovku_error_table(); handle->magic_number = KADM5_SERVER_HANDLE_MAGIC; @@ -153,6 +219,7 @@ kadm5_ret_t kadm5_init(char *client_name, char *pass, #define ILLEGAL_PARAMS (KADM5_CONFIG_ADMIN_SERVER) if (params_in && (params_in->mask & ILLEGAL_PARAMS)) { krb5_free_context(handle->context); + free_db_args(handle); free(handle); return KADM5_BAD_SERVER_PARAMS; } @@ -162,6 +229,7 @@ kadm5_ret_t kadm5_init(char *client_name, char *pass, &handle->params); if (ret) { krb5_free_context(handle->context); + free_db_args(handle); free(handle); return(ret); } @@ -176,24 +244,24 @@ kadm5_ret_t kadm5_init(char *client_name, char *pass, if ((handle->params.mask & REQUIRED_PARAMS) != REQUIRED_PARAMS) { krb5_free_context(handle->context); + free_db_args(handle); free(handle); return KADM5_MISSING_CONF_PARAMS; } - /* - * Set the db_name based on configuration before calling - * krb5_db_init, so it will get used. - */ - - ret = krb5_db_set_name(handle->context, handle->params.dbname); - if (ret) { - free(handle); - return(ret); - } + ret = krb5_set_default_realm(handle->context, handle->params.realm); + if( ret ) + { + krb5_free_context(handle->context); + free_db_args(handle); + free(handle); + return ret; + } - ret = krb5_db_init(handle->context); + ret = krb5_db_open(handle->context, db_args, KRB5_KDB_OPEN_RW); if (ret) { krb5_free_context(handle->context); + free_db_args(handle); free(handle); return(ret); } @@ -202,6 +270,7 @@ kadm5_ret_t kadm5_init(char *client_name, char *pass, &handle->current_caller))) { krb5_db_fini(handle->context); krb5_free_context(handle->context); + free_db_args(handle); free(handle); return ret; } @@ -209,6 +278,7 @@ kadm5_ret_t kadm5_init(char *client_name, char *pass, if (! (handle->lhandle = malloc(sizeof(*handle)))) { krb5_db_fini(handle->context); krb5_free_context(handle->context); + free_db_args(handle); free(handle); return ENOMEM; } @@ -220,6 +290,7 @@ kadm5_ret_t kadm5_init(char *client_name, char *pass, /* can't check the handle until current_caller is set */ ret = check_handle((void *) handle); if (ret) { + free_db_args(handle); free(handle); return ret; } @@ -250,6 +321,7 @@ kadm5_ret_t kadm5_init(char *client_name, char *pass, if (ret) { krb5_db_fini(handle->context); krb5_free_context(handle->context); + free_db_args(handle); free(handle); return ret; } @@ -258,6 +330,7 @@ kadm5_ret_t kadm5_init(char *client_name, char *pass, if (ret) { krb5_db_fini(handle->context); krb5_free_context(handle->context); + free_db_args(handle); free(handle); return ret; } @@ -267,20 +340,11 @@ kadm5_ret_t kadm5_init(char *client_name, char *pass, krb5_db_fini(handle->context); krb5_free_principal(handle->context, handle->current_caller); krb5_free_context(handle->context); + free_db_args(handle); free(handle); return ret; } - ret = adb_policy_init(handle); - if (ret) { - krb5_db_fini(handle->context); - krb5_free_principal(handle->context, handle->current_caller); - krb5_free_context(handle->context); - free(handle); - return ret; - } - handle->lhandle->policy_db = handle->policy_db; - *server_handle = (void *) handle; return KADM5_OK; @@ -301,6 +365,7 @@ kadm5_ret_t kadm5_destroy(void *server_handle) krb5_free_context(handle->context); handle->magic_number = 0; free(handle->lhandle); + free_db_args(handle); free(handle); return KADM5_OK; @@ -312,10 +377,7 @@ kadm5_ret_t kadm5_lock(void *server_handle) kadm5_ret_t ret; CHECK_HANDLE(server_handle); - ret = osa_adb_open_and_lock(handle->policy_db, OSA_ADB_EXCLUSIVE); - if (ret) - return ret; - ret = krb5_db_lock(handle->context, KRB5_LOCKMODE_EXCLUSIVE); + ret = krb5_db_lock(handle->context, KRB5_DB_LOCKMODE_EXCLUSIVE); if (ret) return ret; @@ -328,9 +390,6 @@ kadm5_ret_t kadm5_unlock(void *server_handle) kadm5_ret_t ret; CHECK_HANDLE(server_handle); - ret = osa_adb_close_and_unlock(handle->policy_db); - if (ret) - return ret; ret = krb5_db_unlock(handle->context); if (ret) return ret; @@ -346,13 +405,7 @@ kadm5_ret_t kadm5_flush(void *server_handle) CHECK_HANDLE(server_handle); if ((ret = krb5_db_fini(handle->context)) || - /* - * Set the db_name based on configuration before calling - * krb5_db_init, so it will get used. - */ - (ret = krb5_db_set_name(handle->context, - handle->params.dbname)) || - (ret = krb5_db_init(handle->context)) || + (ret = krb5_db_open(handle->context, handle->db_args, KRB5_KDB_OPEN_RW)) || (ret = adb_policy_close(handle)) || (ret = adb_policy_init(handle))) { (void) kadm5_destroy(server_handle); diff --git a/src/lib/kadm5/srv/server_kdb.c b/src/lib/kadm5/srv/server_kdb.c index 97d38c7b6..6392ef10d 100644 --- a/src/lib/kadm5/srv/server_kdb.c +++ b/src/lib/kadm5/srv/server_kdb.c @@ -42,7 +42,7 @@ krb5_error_code kdb_init_master(kadm5_server_handle_t handle, } else { realm = r; } - + if ((ret = krb5_db_setup_mkey_name(handle->context, handle->params.mkey_name, realm, NULL, &master_princ))) @@ -60,9 +60,6 @@ krb5_error_code kdb_init_master(kadm5_server_handle_t handle, if (ret) goto done; - if ((ret = krb5_db_init(handle->context)) != KSUCCESS) - goto done; - if ((ret = krb5_db_verify_master_key(handle->context, master_princ, &master_keyblock))) { krb5_db_fini(handle->context); @@ -264,7 +261,7 @@ kdb_get_entry(kadm5_server_handle_t handle, if (! xdr_osa_princ_ent_rec(&xdrs, adb)) { xdr_destroy(&xdrs); krb5_db_free_principal(handle->context, kdb, 1); - return(OSA_ADB_XDR_FAILURE); + return(KADM5_XDR_FAILURE); } xdr_destroy(&xdrs); } @@ -346,7 +343,7 @@ kdb_put_entry(kadm5_server_handle_t handle, xdralloc_create(&xdrs, XDR_ENCODE); if(! xdr_osa_princ_ent_rec(&xdrs, adb)) { xdr_destroy(&xdrs); - return(OSA_ADB_XDR_FAILURE); + return(KADM5_XDR_FAILURE); } tl_data.tl_data_type = KRB5_TL_KADM_DATA; tl_data.tl_data_length = xdr_getpos(&xdrs); @@ -395,7 +392,7 @@ kdb_iter_func(krb5_pointer data, krb5_db_entry *kdb) } krb5_error_code -kdb_iter_entry(kadm5_server_handle_t handle, +kdb_iter_entry(kadm5_server_handle_t handle, char *match_entry, void (*iter_fct)(void *, krb5_principal), void *data) { iter_data id; @@ -404,11 +401,10 @@ kdb_iter_entry(kadm5_server_handle_t handle, id.func = iter_fct; id.data = data; - ret = krb5_db_iterate(handle->context, kdb_iter_func, &id); + ret = krb5_db_iterate(handle->context, match_entry, kdb_iter_func, &id); if (ret) return(ret); return(0); } - diff --git a/src/lib/kadm5/srv/server_misc.c b/src/lib/kadm5/srv/server_misc.c index 02c7dced6..4f15fd3b2 100644 --- a/src/lib/kadm5/srv/server_misc.c +++ b/src/lib/kadm5/srv/server_misc.c @@ -11,7 +11,6 @@ static char *rcsid = "$Header$"; #include "k5-int.h" #include #include -#include "adb.h" #include /* for strcasecmp */ @@ -22,22 +21,17 @@ static char *rcsid = "$Header$"; kadm5_ret_t adb_policy_init(kadm5_server_handle_t handle) { - osa_adb_ret_t ret; - if(handle->policy_db == (osa_adb_policy_t) NULL) - if((ret = osa_adb_open_policy(&handle->policy_db, - &handle->params)) != OSA_ADB_OK) - return ret; - return KADM5_OK; + /* now policy is initialized as part of database. No seperate call needed */ + if( krb5_db_inited( handle->context ) ) + return KADM5_OK; + + return krb5_db_open( handle->context, NULL, KRB5_KDB_OPEN_RW ); } kadm5_ret_t adb_policy_close(kadm5_server_handle_t handle) { - osa_adb_ret_t ret; - if(handle->policy_db != (osa_adb_policy_t) NULL) - if((ret = osa_adb_close_policy(handle->policy_db)) != OSA_ADB_OK) - return ret; - handle->policy_db = NULL; + /* will be taken care by database close */ return KADM5_OK; } @@ -185,3 +179,4 @@ passwd_check(kadm5_server_handle_t handle, } return KADM5_OK; } + diff --git a/src/lib/kadm5/srv/svr_iters.c b/src/lib/kadm5/srv/svr_iters.c index 8c04d7857..ea1ee27cc 100644 --- a/src/lib/kadm5/srv/svr_iters.c +++ b/src/lib/kadm5/srv/svr_iters.c @@ -21,7 +21,6 @@ static char *rcsid = "$Header$"; #include #include #include -#include "adb.h" #ifdef SOLARIS_REGEXPS #include #endif @@ -230,18 +229,18 @@ static kadm5_ret_t kadm5_get_either(int princ, if (princ) { data.context = handle->context; - ret = kdb_iter_entry(handle, get_princs_iter, (void *) &data); + ret = kdb_iter_entry(handle, exp, get_princs_iter, (void *) &data); } else { - ret = osa_adb_iter_policy(handle->policy_db, get_pols_iter, (void *)&data); + ret = krb5_db_iter_policy(handle->context, exp, get_pols_iter, (void *)&data); } free(regexp); #ifdef POSIX_REGEXPS regfree(&data.preg); #endif - if (ret == OSA_ADB_OK && data.malloc_failed) + if ( !ret && data.malloc_failed) ret = ENOMEM; - if (ret != OSA_ADB_OK) { + if ( ret ) { for (i = 0; i < data.n_names; i++) free(data.names[i]); free(data.names); diff --git a/src/lib/kadm5/srv/svr_policy.c b/src/lib/kadm5/srv/svr_policy.c index d03cfd0b6..24398c1f4 100644 --- a/src/lib/kadm5/srv/svr_policy.c +++ b/src/lib/kadm5/srv/svr_policy.c @@ -10,7 +10,6 @@ static char *rcsid = "$Header$"; #include #include -#include "adb.h" #include "server_internal.h" #include @@ -47,6 +46,8 @@ kadm5_create_policy(void *server_handle, { CHECK_HANDLE(server_handle); + krb5_db_clr_error(); + if (mask & KADM5_REF_COUNT) return KADM5_BAD_MASK; else @@ -139,10 +140,10 @@ kadm5_create_policy_internal(void *server_handle, pent.policy_refcnt = 0; else pent.policy_refcnt = entry->policy_refcnt; - if ((ret = osa_adb_create_policy(handle->policy_db, &pent)) == OSA_ADB_OK) - return KADM5_OK; - else + if ((ret = krb5_db_create_policy(handle->context, &pent))) return ret; + else + return KADM5_OK; } kadm5_ret_t @@ -151,24 +152,30 @@ kadm5_delete_policy(void *server_handle, kadm5_policy_t name) kadm5_server_handle_t handle = server_handle; osa_policy_ent_t entry; int ret; + int cnt=1; CHECK_HANDLE(server_handle); + krb5_db_clr_error(); + if(name == (kadm5_policy_t) NULL) return EINVAL; if(strlen(name) == 0) return KADM5_BAD_POLICY; - if ((ret = osa_adb_get_policy(handle->policy_db, name, &entry)) != OSA_ADB_OK) + if((ret = krb5_db_get_policy(handle->context, name, &entry,&cnt))) return ret; + if( cnt != 1 ) + return KADM5_UNK_POLICY; + if(entry->policy_refcnt != 0) { - osa_free_policy_ent(entry); + krb5_db_free_policy(handle->context, entry); return KADM5_POLICY_REF; } - osa_free_policy_ent(entry); - if ((ret = osa_adb_destroy_policy(handle->policy_db, name)) == OSA_ADB_OK) - return KADM5_OK; - else + krb5_db_free_policy(handle->context, entry); + if ((ret = krb5_db_delete_policy(handle->context, name))) return ret; + else + return KADM5_OK; } kadm5_ret_t @@ -177,6 +184,8 @@ kadm5_modify_policy(void *server_handle, { CHECK_HANDLE(server_handle); + krb5_db_clr_error(); + if (mask & KADM5_REF_COUNT) return KADM5_BAD_MASK; else @@ -190,6 +199,7 @@ kadm5_modify_policy_internal(void *server_handle, kadm5_server_handle_t handle = server_handle; osa_policy_ent_t p; int ret; + int cnt=1; CHECK_HANDLE(server_handle); @@ -200,26 +210,22 @@ kadm5_modify_policy_internal(void *server_handle, if((mask & KADM5_POLICY)) return KADM5_BAD_MASK; - switch ((ret = osa_adb_get_policy(handle->policy_db, entry->policy, &p))) { - case OSA_ADB_OK: - break; - case OSA_ADB_NOENT: + ret = krb5_db_get_policy(handle->context, entry->policy, &p, &cnt); + if( ret && (cnt==0) ) return KADM5_UNK_POLICY; - default: - break; - } + if ((mask & KADM5_PW_MAX_LIFE)) p->pw_max_life = entry->pw_max_life; if ((mask & KADM5_PW_MIN_LIFE)) { if(entry->pw_min_life > p->pw_max_life && p->pw_max_life != 0) { - osa_free_policy_ent(p); + krb5_db_free_policy(handle->context, p); return KADM5_BAD_MIN_PASS_LIFE; } p->pw_min_life = entry->pw_min_life; } if ((mask & KADM5_PW_MIN_LENGTH)) { if(entry->pw_min_length < MIN_PW_LENGTH) { - osa_free_policy_ent(p); + krb5_db_free_policy(handle->context, p); return KADM5_BAD_LENGTH; } p->pw_min_length = entry->pw_min_length; @@ -227,7 +233,7 @@ kadm5_modify_policy_internal(void *server_handle, if ((mask & KADM5_PW_MIN_CLASSES)) { if(entry->pw_min_classes > MAX_PW_CLASSES || entry->pw_min_classes < MIN_PW_CLASSES) { - osa_free_policy_ent(p); + krb5_db_free_policy(handle->context, p); return KADM5_BAD_CLASS; } p->pw_min_classes = entry->pw_min_classes; @@ -235,22 +241,15 @@ kadm5_modify_policy_internal(void *server_handle, if ((mask & KADM5_PW_HISTORY_NUM)) { if(entry->pw_history_num < MIN_PW_HISTORY || entry->pw_history_num > MAX_PW_HISTORY) { - osa_free_policy_ent(p); + krb5_db_free_policy(handle->context, p); return KADM5_BAD_HISTORY; } p->pw_history_num = entry->pw_history_num; } if ((mask & KADM5_REF_COUNT)) p->policy_refcnt = entry->policy_refcnt; - switch ((ret = osa_adb_put_policy(handle->policy_db, p))) { - case OSA_ADB_OK: - ret = KADM5_OK; - break; - case OSA_ADB_NOENT: /* this should not happen here ... */ - ret = KADM5_UNK_POLICY; - break; - } - osa_free_policy_ent(p); + ret = krb5_db_put_policy(handle->context, p); + krb5_db_free_policy(handle->context, p); return ret; } @@ -262,9 +261,12 @@ kadm5_get_policy(void *server_handle, kadm5_policy_t name, kadm5_policy_ent_rec entry_local, **entry_orig, *new; int ret; kadm5_server_handle_t handle = server_handle; + int cnt=1; CHECK_HANDLE(server_handle); + krb5_db_clr_error(); + /* * In version 1, entry is a pointer to a kadm5_policy_ent_t that * should be filled with allocated memory. @@ -279,16 +281,14 @@ kadm5_get_policy(void *server_handle, kadm5_policy_t name, return EINVAL; if(strlen(name) == 0) return KADM5_BAD_POLICY; - switch((ret = osa_adb_get_policy(handle->policy_db, name, &t))) { - case OSA_ADB_OK: - break; - case OSA_ADB_NOENT: - return KADM5_UNK_POLICY; - default: + if((ret = krb5_db_get_policy(handle->context, name, &t, &cnt))) return ret; - } + + if( cnt != 1 ) + return KADM5_UNK_POLICY; + if ((entry->policy = (char *) malloc(strlen(t->name) + 1)) == NULL) { - osa_free_policy_ent(t); + krb5_db_free_policy(handle->context, t); return ENOMEM; } strcpy(entry->policy, t->name); @@ -298,13 +298,13 @@ kadm5_get_policy(void *server_handle, kadm5_policy_t name, entry->pw_min_classes = t->pw_min_classes; entry->pw_history_num = t->pw_history_num; entry->policy_refcnt = t->policy_refcnt; - osa_free_policy_ent(t); + krb5_db_free_policy(handle->context, t); if (handle->api_version == KADM5_API_VERSION_1) { new = (kadm5_policy_ent_t) malloc(sizeof(kadm5_policy_ent_rec)); if (new == NULL) { free(entry->policy); - osa_free_policy_ent(t); + krb5_db_free_policy(handle->context, t); return ENOMEM; } *new = *entry; diff --git a/src/lib/kadm5/srv/svr_principal.c b/src/lib/kadm5/srv/svr_principal.c index 7dc2d8f6b..f1a0717e9 100644 --- a/src/lib/kadm5/srv/svr_principal.c +++ b/src/lib/kadm5/srv/svr_principal.c @@ -11,7 +11,6 @@ static char *rcsid = "$Header$"; #include #include #include -#include "adb.h" #include "k5-int.h" #include #include @@ -35,6 +34,79 @@ static int decrypt_key_data(krb5_context context, int n_key_data, krb5_key_data *key_data, krb5_keyblock **keyblocks, int *n_keys); +static krb5_error_code +kadm5_copy_principal(krb5_context context, krb5_const_principal inprinc, krb5_principal *outprinc) +{ + register krb5_principal tempprinc; + register int i, nelems; + + tempprinc = (krb5_principal)krb5_db_alloc(context, NULL, sizeof(krb5_principal_data)); + + if (tempprinc == 0) + return ENOMEM; + + memcpy(tempprinc, inprinc, sizeof(krb5_principal_data)); + + nelems = (int) krb5_princ_size(context, inprinc); + tempprinc->data = krb5_db_alloc(context, NULL, nelems * sizeof(krb5_data)); + + if (tempprinc->data == 0) { + krb5_db_free(context, (char *)tempprinc); + return ENOMEM; + } + + for (i = 0; i < nelems; i++) { + unsigned int len = krb5_princ_component(context, inprinc, i)->length; + krb5_princ_component(context, tempprinc, i)->length = len; + if (((krb5_princ_component(context, tempprinc, i)->data = + krb5_db_alloc(context, NULL, len)) == 0) && len) { + while (--i >= 0) + krb5_db_free(context, krb5_princ_component(context, tempprinc, i)->data); + krb5_db_free (context, tempprinc->data); + krb5_db_free (context, tempprinc); + return ENOMEM; + } + if (len) + memcpy(krb5_princ_component(context, tempprinc, i)->data, + krb5_princ_component(context, inprinc, i)->data, len); + } + + tempprinc->realm.data = + krb5_db_alloc(context, NULL, tempprinc->realm.length = inprinc->realm.length); + if (!tempprinc->realm.data && tempprinc->realm.length) { + for (i = 0; i < nelems; i++) + krb5_db_free(context, krb5_princ_component(context, tempprinc, i)->data); + krb5_db_free(context, tempprinc->data); + krb5_db_free(context, tempprinc); + return ENOMEM; + } + if (tempprinc->realm.length) + memcpy(tempprinc->realm.data, inprinc->realm.data, + inprinc->realm.length); + + *outprinc = tempprinc; + return 0; +} + +static void +kadm5_free_principal(krb5_context context, krb5_principal val) +{ + register krb5_int32 i; + + if (!val) + return; + + if (val->data) { + i = krb5_princ_size(context, val); + while(--i >= 0) + krb5_db_free(context, krb5_princ_component(context, val, i)->data); + krb5_db_free(context, val->data); + } + if (val->realm.data) + krb5_db_free(context, val->realm.data); + krb5_db_free(context, val); +} + /* * XXX Functions that ought to be in libkrb5.a, but aren't. */ @@ -98,8 +170,8 @@ static void cleanup_key_data(context, count, data) for (i = 0; i < count; i++) for (j = 0; j < data[i].key_data_ver; j++) if (data[i].key_data_length[j]) - free(data[i].key_data_contents[j]); - free(data); + krb5_db_free(context, data[i].key_data_contents[j]); + krb5_db_free(context, data); } kadm5_ret_t @@ -127,6 +199,8 @@ kadm5_create_principal_3(void *server_handle, CHECK_HANDLE(server_handle); + krb5_db_clr_error(); + /* * Argument sanity checking, and opening up the DB */ @@ -231,20 +305,37 @@ kadm5_create_principal_3(void *server_handle, to free the entire kdb entry, and that will try to free the principal. */ - if ((ret = krb5_copy_principal(handle->context, - entry->principal, &(kdb.princ)))) { + if ((ret = kadm5_copy_principal(handle->context, + entry->principal, &(kdb.princ)))) { if (mask & KADM5_POLICY) (void) kadm5_free_policy_ent(handle->lhandle, &polent); return(ret); } if ((ret = krb5_dbe_update_last_pwd_change(handle->context, &kdb, now))) { - krb5_dbe_free_contents(handle->context, &kdb); + krb5_db_free_principal(handle->context, &kdb, 1); if (mask & KADM5_POLICY) (void) kadm5_free_policy_ent(handle->lhandle, &polent); return(ret); } + if (mask & KADM5_TL_DATA) { + /* splice entry->tl_data onto the front of kdb.tl_data */ + tl_data_orig = kdb.tl_data; + for (tl_data_tail = entry->tl_data; tl_data_tail; + tl_data_tail = tl_data_tail->tl_data_next) + { + ret = krb5_dbe_update_tl_data(handle->context, &kdb, tl_data_tail); + if( ret ) + { + krb5_db_free_principal(handle->context, &kdb, 1); + if (mask & KADM5_POLICY) + (void) kadm5_free_policy_ent(handle->lhandle, &polent); + return ret; + } + } + } + /* initialize the keys */ if ((ret = krb5_dbe_cpw(handle->context, &master_keyblock, @@ -253,7 +344,7 @@ kadm5_create_principal_3(void *server_handle, password, (mask & KADM5_KVNO)?entry->kvno:1, FALSE, &kdb))) { - krb5_dbe_free_contents(handle->context, &kdb); + krb5_db_free_principal(handle->context, &kdb, 1); if (mask & KADM5_POLICY) (void) kadm5_free_policy_ent(handle->lhandle, &polent); return(ret); @@ -282,33 +373,17 @@ kadm5_create_principal_3(void *server_handle, if ((ret = kadm5_modify_policy_internal(handle->lhandle, &polent, KADM5_REF_COUNT)) != KADM5_OK) { - krb5_dbe_free_contents(handle->context, &kdb); + krb5_db_free_principal(handle->context, &kdb, 1); if (mask & KADM5_POLICY) (void) kadm5_free_policy_ent(handle->lhandle, &polent); return(ret); } } - if (mask & KADM5_TL_DATA) { - /* splice entry->tl_data onto the front of kdb.tl_data */ - tl_data_orig = kdb.tl_data; - for (tl_data_tail = entry->tl_data; tl_data_tail->tl_data_next; - tl_data_tail = tl_data_tail->tl_data_next) - ; - tl_data_tail->tl_data_next = kdb.tl_data; - kdb.tl_data = entry->tl_data; - } - /* store the new db entry */ ret = kdb_put_entry(handle, &kdb, &adb); - if (mask & KADM5_TL_DATA) { - /* remove entry->tl_data from the front of kdb.tl_data */ - tl_data_tail->tl_data_next = NULL; - kdb.tl_data = tl_data_orig; - } - - krb5_dbe_free_contents(handle->context, &kdb); + krb5_db_free_principal(handle->context, &kdb, 1); if (ret) { if ((mask & KADM5_POLICY)) { @@ -346,6 +421,8 @@ kadm5_delete_principal(void *server_handle, krb5_principal principal) CHECK_HANDLE(server_handle); + krb5_db_clr_error(); + if (principal == NULL) return EINVAL; @@ -392,6 +469,8 @@ kadm5_modify_principal(void *server_handle, CHECK_HANDLE(server_handle); + krb5_db_clr_error(); + if((mask & KADM5_PRINCIPAL) || (mask & KADM5_LAST_PWD_CHANGE) || (mask & KADM5_MOD_TIME) || (mask & KADM5_MOD_NAME) || (mask & KADM5_MKVNO) || (mask & KADM5_AUX_ATTRIBUTES) || @@ -534,34 +613,18 @@ kadm5_modify_principal(void *server_handle, } if (mask & KADM5_TL_DATA) { - krb5_tl_data *tl, *tl2; - /* - * Replace kdb.tl_data with what was passed in. The - * KRB5_TL_KADM_DATA will be re-added (based on adb) by - * kdb_put_entry, below. - * - * Note that we have to duplicate the passed in tl_data - * before adding it to kdb. The reason is that kdb_put_entry - * will add its own tl_data entries that we will need to - * free, but we cannot free the caller's tl_data (an - * alternative would be to scan the tl_data after put_entry - * and only free those entries that were not passed in). - */ - while (kdb.tl_data) { - tl = kdb.tl_data->tl_data_next; - free(kdb.tl_data->tl_data_contents); - free(kdb.tl_data); - kdb.tl_data = tl; - } + krb5_tl_data *tl; + + /* may have to change the version number of the API. Updates the list with the given tl_data rather than over-writting */ - kdb.n_tl_data = entry->n_tl_data; - kdb.tl_data = NULL; - tl2 = entry->tl_data; - while (tl2) { - tl = dup_tl_data(tl2); - tl->tl_data_next = kdb.tl_data; - kdb.tl_data = tl; - tl2 = tl2->tl_data_next; + for (tl = entry->tl_data; tl; + tl = tl->tl_data_next) + { + ret = krb5_dbe_update_tl_data(handle->context, &kdb, tl); + if( ret ) + { + goto done; + } } } @@ -593,6 +656,8 @@ kadm5_rename_principal(void *server_handle, CHECK_HANDLE(server_handle); + krb5_db_clr_error(); + if (source == NULL || target == NULL) return EINVAL; @@ -614,8 +679,8 @@ kadm5_rename_principal(void *server_handle, } } - krb5_free_principal(handle->context, kdb.princ); - ret = krb5_copy_principal(handle->context, target, &kdb.princ); + kadm5_free_principal(handle->context, kdb.princ); + ret = kadm5_copy_principal(handle->context, target, &kdb.princ); if (ret) { kdb.princ = NULL; /* so freeing the dbe doesn't lose */ goto done; @@ -638,7 +703,7 @@ kadm5_get_principal(void *server_handle, krb5_principal principal, { krb5_db_entry kdb; osa_princ_ent_rec adb; - osa_adb_ret_t ret = 0; + krb5_error_code ret = 0; long mask; int i; kadm5_server_handle_t handle = server_handle; @@ -646,6 +711,8 @@ kadm5_get_principal(void *server_handle, krb5_principal principal, CHECK_HANDLE(server_handle); + krb5_db_clr_error(); + /* * In version 1, all the defined fields are always returned. * entry is a pointer to a kadm5_principal_ent_t_v1 that should be @@ -1222,6 +1289,8 @@ kadm5_chpass_principal_3(void *server_handle, CHECK_HANDLE(server_handle); + krb5_db_clr_error(); + hist_added = 0; memset(&hist, 0, sizeof(hist)); @@ -1373,7 +1442,7 @@ done: free_history_entry(handle->context, &hist); kdb_free_entry(handle, &kdb, &adb); kdb_free_entry(handle, &kdb_save, NULL); - krb5_dbe_free_contents(handle->context, &kdb); + krb5_db_free_principal(handle->context, &kdb, 1); if (have_pol && (ret2 = kadm5_free_policy_ent(handle->lhandle, &pol)) && !ret) @@ -1409,6 +1478,8 @@ kadm5_randkey_principal_3(void *server_handle, int ret, last_pwd, have_pol = 0; kadm5_server_handle_t handle = server_handle; + krb5_db_clr_error(); + if (keyblocks) *keyblocks = NULL; @@ -1538,11 +1609,16 @@ kadm5_setv4key_principal(void *server_handle, krb5_int32 now; kadm5_policy_ent_rec pol; krb5_keysalt keysalt; - int i, kvno, ret, have_pol = 0; + int i, k, kvno, ret, have_pol = 0; #if 0 int last_pwd; #endif kadm5_server_handle_t handle = server_handle; + krb5_key_data tmp_key_data; + + krb5_db_clr_error(); + + memset( &tmp_key_data, 0, sizeof(tmp_key_data)); CHECK_HANDLE(server_handle); @@ -1566,7 +1642,7 @@ kadm5_setv4key_principal(void *server_handle, if (kdb.key_data != NULL) cleanup_key_data(handle->context, kdb.n_key_data, kdb.key_data); - kdb.key_data = (krb5_key_data*)malloc(sizeof(krb5_key_data)); + kdb.key_data = (krb5_key_data*)krb5_db_alloc(handle->context, NULL, sizeof(krb5_key_data)); if (kdb.key_data == NULL) return ENOMEM; memset(kdb.key_data, 0, sizeof(krb5_key_data)); @@ -1576,13 +1652,39 @@ kadm5_setv4key_principal(void *server_handle, keysalt.data.length = 0; keysalt.data.data = NULL; + /* use tmp_key_data as temporary location and reallocate later */ ret = krb5_dbekd_encrypt_key_data(handle->context, &master_keyblock, keyblock, &keysalt, kvno + 1, - kdb.key_data); + &tmp_key_data); if (ret) { goto done; } + for( k = 0; k < tmp_key_data.key_data_ver; k++ ) + { + kdb.key_data->key_data_type[k] = tmp_key_data.key_data_type[k]; + kdb.key_data->key_data_length[k] = tmp_key_data.key_data_length[k]; + if( tmp_key_data.key_data_contents[k] ) + { + kdb.key_data->key_data_contents[k] = krb5_db_alloc(handle->context, NULL, tmp_key_data.key_data_length[k]); + if( kdb.key_data->key_data_contents[k] == NULL ) + { + cleanup_key_data(handle->context, kdb.n_key_data, kdb.key_data); + kdb.key_data = NULL; + kdb.n_key_data = 0; + ret = ENOMEM; + goto done; + } + memcpy( kdb.key_data->key_data_contents[k], tmp_key_data.key_data_contents[k], tmp_key_data.key_data_length[k]); + + memset( tmp_key_data.key_data_contents[k], 0, tmp_key_data.key_data_length[k]); + free( tmp_key_data.key_data_contents[k] ); + tmp_key_data.key_data_contents[k] = NULL; + } + } + + + kdb.attributes &= ~KRB5_KDB_REQUIRES_PWCHANGE; ret = krb5_timeofday(handle->context, &now); @@ -1646,6 +1748,15 @@ kadm5_setv4key_principal(void *server_handle, ret = KADM5_OK; done: + for( i = 0; i < tmp_key_data.key_data_ver; i++ ) + { + if( tmp_key_data.key_data_contents[i] ) + { + memset( tmp_key_data.key_data_contents[i], 0, tmp_key_data.key_data_length[i]); + free( tmp_key_data.key_data_contents[i] ); + } + } + kdb_free_entry(handle, &kdb, &adb); if (have_pol) kadm5_free_policy_ent(handle->lhandle, &pol); @@ -1679,16 +1790,20 @@ kadm5_setkey_principal_3(void *server_handle, kadm5_policy_ent_rec pol; krb5_key_data *old_key_data; int n_old_keys; - int i, j, kvno, ret, have_pol = 0; + int i, j, k, kvno, ret, have_pol = 0; #if 0 int last_pwd; #endif kadm5_server_handle_t handle = server_handle; krb5_boolean similar; krb5_keysalt keysalt; + krb5_key_data tmp_key_data; + krb5_key_data *tptr; CHECK_HANDLE(server_handle); + krb5_db_clr_error(); + if (principal == NULL || keyblocks == NULL) return EINVAL; if (hist_princ && /* this will be NULL when initializing the databse */ @@ -1733,10 +1848,14 @@ kadm5_setkey_principal_3(void *server_handle, old_key_data = NULL; } - kdb.key_data = (krb5_key_data*)malloc((n_keys+n_old_keys) - *sizeof(krb5_key_data)); + kdb.key_data = (krb5_key_data*)krb5_db_alloc(handle->context, NULL, (n_keys+n_old_keys) + *sizeof(krb5_key_data)); if (kdb.key_data == NULL) - return ENOMEM; + { + ret= ENOMEM; + goto done; + } + memset(kdb.key_data, 0, (n_keys+n_old_keys)*sizeof(krb5_key_data)); kdb.n_key_data = 0; @@ -1746,20 +1865,50 @@ kadm5_setkey_principal_3(void *server_handle, keysalt.data.length = 0; keysalt.data.data = NULL; if (ks_tuple[i].ks_enctype != keyblocks[i].enctype) { - cleanup_key_data(handle->context, kdb.n_key_data, - kdb.key_data); - return KADM5_SETKEY3_ETYPE_MISMATCH; + ret= KADM5_SETKEY3_ETYPE_MISMATCH; + goto done; } } + memset( &tmp_key_data, 0, sizeof(tmp_key_data)); + ret = krb5_dbekd_encrypt_key_data(handle->context, &master_keyblock, &keyblocks[i], n_ks_tuple ? &keysalt : NULL, kvno + 1, - &kdb.key_data[i]); + &tmp_key_data); if (ret) { - cleanup_key_data(handle->context, kdb.n_key_data, kdb.key_data); - return ret; + goto done; + } + tptr = &kdb.key_data[i]; + for( k = 0; k < tmp_key_data.key_data_ver; k++ ) + { + tptr->key_data_type[k] = tmp_key_data.key_data_type[k]; + tptr->key_data_length[k] = tmp_key_data.key_data_length[k]; + if( tmp_key_data.key_data_contents[k] ) + { + tptr->key_data_contents[k] = krb5_db_alloc(handle->context, NULL, tmp_key_data.key_data_length[k]); + if( tptr->key_data_contents[k] == NULL ) + { + int i1; + for( i1 = k; i1 < tmp_key_data.key_data_ver; i1++ ) + { + if( tmp_key_data.key_data_contents[i1] ) + { + memset( tmp_key_data.key_data_contents[i1], 0, tmp_key_data.key_data_length[i1]); + free( tmp_key_data.key_data_contents[i1] ); + } + } + + ret = ENOMEM; + goto done; + } + memcpy( tptr->key_data_contents[k], tmp_key_data.key_data_contents[k], tmp_key_data.key_data_length[k]); + + memset( tmp_key_data.key_data_contents[k], 0, tmp_key_data.key_data_length[k]); + free( tmp_key_data.key_data_contents[k] ); + tmp_key_data.key_data_contents[k] = NULL; + } } kdb.n_key_data++; } @@ -1770,6 +1919,10 @@ kadm5_setkey_principal_3(void *server_handle, memset(&old_key_data[i], 0, sizeof (krb5_key_data)); kdb.n_key_data++; } + + if( old_key_data ) + krb5_db_free(handle->context, old_key_data); + /* assert(kdb.n_key_data == n_keys + n_old_keys) */ kdb.attributes &= ~KRB5_KDB_REQUIRES_PWCHANGE; @@ -1862,6 +2015,14 @@ static int decrypt_key_data(krb5_context context, &key_data[i], &keys[i], NULL); if (ret) { + for(; i >= 0; i-- ) + { + if( keys[i].contents ) + { + memset( keys[i].contents, 0, keys[i].length ); + free( keys[i].contents ); + } + } memset((char *) keys, 0, n_key_data*sizeof(krb5_keyblock)); free(keys); @@ -1946,3 +2107,4 @@ kadm5_ret_t kadm5_decrypt_key(void *server_handle, return KADM5_OK; } + diff --git a/src/lib/kadm5/unit-test/ChangeLog b/src/lib/kadm5/unit-test/ChangeLog index 4b0777e89..67c82bcd3 100644 --- a/src/lib/kadm5/unit-test/ChangeLog +++ b/src/lib/kadm5/unit-test/ChangeLog @@ -1,3 +1,15 @@ +2005-06-20 Ken Raeburn + + Novell merge. + * Makefile.in: + * destroy-test.c: + * handle-test.c: + * init-test.c: + * iter-test.c: + * lock-test.c: + * randkey-test.c: + * setkey-test.c: + 2005-02-10 Tom Yu * api.2/init-v2.exp: Handle improved error codes from diff --git a/src/lib/kadm5/unit-test/Makefile.in b/src/lib/kadm5/unit-test/Makefile.in index 5d4fc1f70..242e9c256 100644 --- a/src/lib/kadm5/unit-test/Makefile.in +++ b/src/lib/kadm5/unit-test/Makefile.in @@ -5,6 +5,7 @@ BUILDTOP=$(REL)..$(S)..$(S).. DEFINES = -DUSE_KADM5_API_VERSION=1 PROG_LIBPATH=-L$(TOPLIBD) PROG_RPATH=$(KRB5_LIBDIR) +KDB_DEP_LIB=-ldl -lpthread all:: init-test destroy-test client-handle-test client-iter-test all:: randkey-test server-handle-test lock-test server-iter-test @@ -40,26 +41,26 @@ client-setkey-test: setkey-test.o $(KADMCLNT_DEPLIBS) $(KRB5_BASE_DEPLIBS) randkey-test: randkey-test.o $(KADMSRV_DEPLIBS) $(KRB5_BASE_DEPLIBS) $(CC_LINK) -o randkey-test randkey-test.o \ - $(KADMSRV_LIBS) $(KRB5_BASE_LIBS) + $(KADMSRV_LIBS) $(KDB_DEP_LIB) $(KRB5_BASE_LIBS) server-handle-test: handle-test.o $(KADMSRV_DEPLIBS) $(KRB5_BASE_DEPLIBS) $(CC_LINK) -o server-handle-test handle-test.o \ - $(KADMSRV_LIBS) $(KRB5_BASE_LIBS) + $(KADMSRV_LIBS) $(KDB_DEP_LIB) $(KRB5_BASE_LIBS) lock-test: lock-test.o $(KADMSRV_DEPLIBS) $(KRB5_BASE_DEPLIBS) $(CC_LINK) -o lock-test lock-test.o \ - $(KADMSRV_LIBS) $(KRB5_BASE_LIBS) + $(KADMSRV_LIBS) $(KDB_DEP_LIB) $(KRB5_BASE_LIBS) server-iter-test: iter-test.o $(KADMSRV_DEPLIBS) $(KRB5_BASE_DEPLIBS) $(CC_LINK) -o server-iter-test iter-test.o \ - $(KADMSRV_LIBS) $(KRB5_BASE_LIBS) + $(KADMSRV_LIBS) $(KDB_DEP_LIB) $(KRB5_BASE_LIBS) setkey-test.o: $(SRCTOP)/lib/kadm5/unit-test/setkey-test.c $(CC) $(ALL_CFLAGS) -UUSE_KADM5_API_VERSION -DUSE_KADM5_API_VERSION=2 -c $(SRCTOP)/lib/kadm5/unit-test/setkey-test.c server-setkey-test: setkey-test.o $(KADMSRV_DEPLIBS) $(KRB5_BASE_DEPLIBS) $(CC_LINK) -o server-setkey-test setkey-test.o \ - $(KADMSRV_LIBS) $(KRB5_BASE_LIBS) + $(KADMSRV_LIBS) $(KDB_DEP_LIB) $(KRB5_BASE_LIBS) # # The unit-test targets diff --git a/src/lib/kadm5/unit-test/destroy-test.c b/src/lib/kadm5/unit-test/destroy-test.c index 02bfb7ec9..6d7435c45 100644 --- a/src/lib/kadm5/unit-test/destroy-test.c +++ b/src/lib/kadm5/unit-test/destroy-test.c @@ -22,7 +22,7 @@ int main() for(x = 0; x < TEST_NUM; x++) { ret = ovsec_kadm_init("admin", "admin", "ovsec_adm/admin", 0, OVSEC_KADM_STRUCT_VERSION, - OVSEC_KADM_API_VERSION_1, + OVSEC_KADM_API_VERSION_1, NULL, &server_handle); if(ret != OVSEC_KADM_OK) { com_err("test", ret, "init"); diff --git a/src/lib/kadm5/unit-test/handle-test.c b/src/lib/kadm5/unit-test/handle-test.c index aa71df483..6743e6e8e 100644 --- a/src/lib/kadm5/unit-test/handle-test.c +++ b/src/lib/kadm5/unit-test/handle-test.c @@ -25,7 +25,7 @@ int main(int argc, char *argv[]) krb5_init_context(&context); ret = ovsec_kadm_init("admin/none", "admin", "ovsec_adm/admin", 0, - OVSEC_KADM_STRUCT_VERSION, OVSEC_KADM_API_VERSION_1, + OVSEC_KADM_STRUCT_VERSION, OVSEC_KADM_API_VERSION_1, NULL, &server_handle); if(ret != OVSEC_KADM_OK) { com_err("test", ret, "init"); diff --git a/src/lib/kadm5/unit-test/init-test.c b/src/lib/kadm5/unit-test/init-test.c index 86b356686..9677698a7 100644 --- a/src/lib/kadm5/unit-test/init-test.c +++ b/src/lib/kadm5/unit-test/init-test.c @@ -14,7 +14,7 @@ int main() memset(¶ms, 0, sizeof(params)); params.mask |= KADM5_CONFIG_NO_AUTH; ret = kadm5_init("admin", "admin", NULL, ¶ms, - KADM5_STRUCT_VERSION, KADM5_API_VERSION_2, + KADM5_STRUCT_VERSION, KADM5_API_VERSION_2, NULL, &server_handle); if (ret == KADM5_RPC_ERROR) exit(0); diff --git a/src/lib/kadm5/unit-test/iter-test.c b/src/lib/kadm5/unit-test/iter-test.c index 4c85fe763..4b85a5490 100644 --- a/src/lib/kadm5/unit-test/iter-test.c +++ b/src/lib/kadm5/unit-test/iter-test.c @@ -16,7 +16,7 @@ int main(int argc, char **argv) ret = ovsec_kadm_init("admin", "admin", OVSEC_KADM_ADMIN_SERVICE, 0, OVSEC_KADM_STRUCT_VERSION, - OVSEC_KADM_API_VERSION_1, + OVSEC_KADM_API_VERSION_1, NULL, &server_handle); if (ret != OVSEC_KADM_OK) { com_err("iter-test", ret, "while initializing"); diff --git a/src/lib/kadm5/unit-test/lock-test.c b/src/lib/kadm5/unit-test/lock-test.c index 256954c85..24ff74a91 100644 --- a/src/lib/kadm5/unit-test/lock-test.c +++ b/src/lib/kadm5/unit-test/lock-test.c @@ -6,7 +6,7 @@ #include #include #include -#include +#include char *whoami; @@ -20,8 +20,7 @@ static void usage() int main(int argc, char **argv) { - osa_adb_ret_t ret; - osa_adb_policy_t policy_db; + krb5_error_code ret; osa_policy_ent_t entry; krb5_context context; kadm5_config_params params; @@ -36,7 +35,7 @@ int main(int argc, char **argv) } initialize_ovk_error_table(); - initialize_adb_error_table(); +/* initialize_adb_error_table(); */ initialize_ovku_error_table(); params.mask = 0; @@ -52,8 +51,8 @@ int main(int argc, char **argv) exit(1); } - ret = osa_adb_open_policy(&policy_db, ¶ms); - if (ret != OSA_ADB_OK) { + ret = krb5_db_open( context, NULL, KRB5_KDB_OPEN_RW); + if (ret) { com_err(whoami, ret, "while opening database"); exit(1); } @@ -61,38 +60,39 @@ int main(int argc, char **argv) argc--; argv++; while (argc) { if (strcmp(*argv, "shared") == 0) { - ret = osa_adb_get_lock(policy_db, OSA_ADB_SHARED); - if (ret != OSA_ADB_OK) + ret = krb5_db_lock(context, KRB5_DB_LOCKMODE_SHARED); + if (ret) com_err(whoami, ret, "while getting shared lock"); else printf("shared\n"); } else if (strcmp(*argv, "exclusive") == 0) { - ret = osa_adb_get_lock(policy_db, OSA_ADB_EXCLUSIVE); - if (ret != OSA_ADB_OK) + ret = krb5_db_lock(context, KRB5_DB_LOCKMODE_EXCLUSIVE ); + if (ret) com_err(whoami, ret, "while getting exclusive lock"); else printf("exclusive\n"); } else if (strcmp(*argv, "permanent") == 0) { - ret = osa_adb_get_lock(policy_db, OSA_ADB_PERMANENT); - if (ret != OSA_ADB_OK) + ret = krb5_db_lock(context, KRB5_DB_LOCKMODE_EXCLUSIVE ); + if (ret) com_err(whoami, ret, "while getting permanent lock"); else printf("permanent\n"); } else if (strcmp(*argv, "release") == 0) { - ret = osa_adb_release_lock(policy_db); - if (ret != OSA_ADB_OK) + ret = krb5_db_unlock(context); + if (ret) com_err(whoami, ret, "while releasing lock"); else printf("released\n"); } else if (strcmp(*argv, "get") == 0) { + int cnt = 1; argc--; argv++; if (!argc) usage(); - if ((ret = osa_adb_get_policy(policy_db, *argv, - &entry)) != OSA_ADB_OK) { + if ((ret = krb5_db_get_policy(context, *argv, + &entry, &cnt)) ) { com_err(whoami, ret, "while getting policy"); } else { printf("retrieved\n"); - osa_free_policy_ent(entry); + krb5_db_free_policy(context, entry); } } else if (strcmp(*argv, "wait") == 0) { getchar(); @@ -105,8 +105,8 @@ int main(int argc, char **argv) argc--; argv++; } - ret = osa_adb_close_policy(policy_db); - if (ret != OSA_ADB_OK) { + ret = krb5_db_fini(context); + if (ret) { com_err(whoami, ret, "while closing database"); exit(1); } diff --git a/src/lib/kadm5/unit-test/randkey-test.c b/src/lib/kadm5/unit-test/randkey-test.c index cddc165df..5722302de 100644 --- a/src/lib/kadm5/unit-test/randkey-test.c +++ b/src/lib/kadm5/unit-test/randkey-test.c @@ -23,7 +23,7 @@ int main() krb5_parse_name(context, "testuser", &tprinc); ret = ovsec_kadm_init("admin", "admin", "ovsec_adm/admin", 0, OVSEC_KADM_STRUCT_VERSION, - OVSEC_KADM_API_VERSION_1, + OVSEC_KADM_API_VERSION_1, NULL, &server_handle); if(ret != OVSEC_KADM_OK) { com_err("test", ret, "init"); diff --git a/src/lib/kadm5/unit-test/setkey-test.c b/src/lib/kadm5/unit-test/setkey-test.c index 5b791d8f3..af78114de 100644 --- a/src/lib/kadm5/unit-test/setkey-test.c +++ b/src/lib/kadm5/unit-test/setkey-test.c @@ -119,7 +119,7 @@ main(int argc, char **argv) } ret = kadm5_init(authprinc, NULL, KADM5_ADMIN_SERVICE, NULL, - KADM5_STRUCT_VERSION, KADM5_API_VERSION_2, + KADM5_STRUCT_VERSION, KADM5_API_VERSION_2, NULL, &handle); if (ret) { com_err(whoami, ret, "while initializing connection"); diff --git a/src/lib/kdb/ChangeLog b/src/lib/kdb/ChangeLog index 99e6b58ca..740cef026 100644 --- a/src/lib/kdb/ChangeLog +++ b/src/lib/kdb/ChangeLog @@ -1,3 +1,30 @@ +2005-06-20 Ken Raeburn + + Novell merge. + * Makefile.in: + * adb_err.et: + * configure.in: + * decrypt_key.c: + * encrypt_key.c: + * err_handle.c: + * err_handle.h: + * fetch_mkey.c: + * kdb5.c: + * kdb5.h: + * kdb_compat.h: + * kdb_cpw.c: + * kdb_db2.c: + * kdb_db2.h: + * kdb_default.c: + * kdb_xdr.c: + * keytab.c: + * libkrb5.exports: + * setup_mkey.c: + * store_mkey.c: + * t_kdb.c: + * t_krb5.conf: + * verify_mky.c: + 2005-06-09 Ken Raeburn * kdb_dbm.c: Unused file deleted. diff --git a/src/lib/kdb/Makefile.in b/src/lib/kdb/Makefile.in index 396ce1ef4..84c94c2f5 100644 --- a/src/lib/kdb/Makefile.in +++ b/src/lib/kdb/Makefile.in @@ -6,6 +6,8 @@ KRB5_RUN_ENV = @KRB5_RUN_ENV@ KRB5_CONFIG_SETUP = KRB5_CONFIG=$(SRCTOP)/config-files/krb5.conf ; export KRB5_CONFIG ; PROG_LIBPATH=-L$(TOPLIBD) PROG_RPATH=$(KRB5_LIBDIR) +CFLAGS=@CFLAGS@ -DKDB5_USE_LIB_KDB_DB2 +LOCALINCLUDES= -I. LIBBASE=kdb5 LIBMAJOR=4 @@ -29,30 +31,29 @@ DBOBJLISTS-k5 = $(DBDIR)/hash/OBJS.ST $(DBDIR)/btree/OBJS.ST \ all:: +adb_err.$(OBJEXT): adb_err.c +adb_err.c adb_err.h: $(srcdir)/adb_err.et + SRCS= \ - $(srcdir)/keytab.c \ + $(srcdir)/kdb5.c \ $(srcdir)/encrypt_key.c \ $(srcdir)/decrypt_key.c \ + $(srcdir)/kdb_default.c \ $(srcdir)/kdb_cpw.c \ - $(srcdir)/kdb_db2.c \ - $(srcdir)/kdb_xdr.c \ - $(srcdir)/verify_mky.c \ - $(srcdir)/fetch_mkey.c \ - $(srcdir)/setup_mkey.c \ - $(srcdir)/store_mkey.c + adb_err.c \ + $(srcdir)/err_handle.c \ + $(srcdir)/keytab.c STOBJLISTS=OBJS.ST $(DBOBJLISTS) STLIBOBJS= \ - keytab.o \ + kdb5.o \ encrypt_key.o \ decrypt_key.o \ + kdb_default.o \ kdb_cpw.o \ - kdb_db2.o \ - kdb_xdr.o \ - verify_mky.o \ - fetch_mkey.o \ - setup_mkey.o \ - store_mkey.o + adb_err.o \ + err_handle.o \ + keytab.o all-unix:: all-liblinks install-unix:: install-libs @@ -78,14 +79,14 @@ clean:: # Makefile dependencies follow. This must be the last section in # the Makefile.in file # -keytab.so keytab.po $(OUTPRE)keytab.$(OBJEXT): keytab.c \ - $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/krb5/osconf.h \ - $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/k5-platform.h \ - $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/k5-thread.h \ - $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h \ - $(SRCTOP)/include/port-sockets.h $(BUILDTOP)/include/krb5/autoconf.h \ - $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \ - $(SRCTOP)/include/krb5/kdb_kt.h $(SRCTOP)/include/krb5/kdb.h +kdb5.so kdb5.po $(OUTPRE)kdb5.$(OBJEXT): kdb5.c $(SRCTOP)/include/k5-int.h \ + $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \ + $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5/autoconf.h \ + $(SRCTOP)/include/k5-thread.h $(BUILDTOP)/include/krb5.h \ + $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \ + $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/socket-utils.h \ + $(SRCTOP)/include/krb5/kdb.h $(BUILDTOP)/include/krb5/osconf.h \ + kdb5.h err_handle.h ./adb_err.h encrypt_key.so encrypt_key.po $(OUTPRE)encrypt_key.$(OBJEXT): \ encrypt_key.c $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/krb5/osconf.h \ $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/k5-platform.h \ @@ -100,54 +101,35 @@ decrypt_key.so decrypt_key.po $(OUTPRE)decrypt_key.$(OBJEXT): \ $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h \ $(SRCTOP)/include/port-sockets.h $(BUILDTOP)/include/krb5/autoconf.h \ $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h -kdb_cpw.so kdb_cpw.po $(OUTPRE)kdb_cpw.$(OBJEXT): kdb_cpw.c \ - $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/krb5/osconf.h \ - $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/k5-platform.h \ - $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/k5-thread.h \ - $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h \ - $(SRCTOP)/include/port-sockets.h $(BUILDTOP)/include/krb5/autoconf.h \ - $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \ - $(SRCTOP)/include/krb5/adm.h -kdb_db2.so kdb_db2.po $(OUTPRE)kdb_db2.$(OBJEXT): kdb_db2.c \ - $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/krb5/osconf.h \ - $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/k5-platform.h \ - $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/k5-thread.h \ - $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h \ - $(SRCTOP)/include/port-sockets.h $(BUILDTOP)/include/krb5/autoconf.h \ - $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \ - $(DB_DEPS) kdb_compat.h kdb_db2.h -kdb_xdr.so kdb_xdr.po $(OUTPRE)kdb_xdr.$(OBJEXT): kdb_xdr.c \ - $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/krb5/osconf.h \ - $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/k5-platform.h \ - $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/k5-thread.h \ - $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h \ - $(SRCTOP)/include/port-sockets.h $(BUILDTOP)/include/krb5/autoconf.h \ - $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h -verify_mky.so verify_mky.po $(OUTPRE)verify_mky.$(OBJEXT): \ - verify_mky.c $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/krb5/osconf.h \ - $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/k5-platform.h \ - $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/k5-thread.h \ - $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h \ - $(SRCTOP)/include/port-sockets.h $(BUILDTOP)/include/krb5/autoconf.h \ - $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h -fetch_mkey.so fetch_mkey.po $(OUTPRE)fetch_mkey.$(OBJEXT): \ - fetch_mkey.c $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/krb5/osconf.h \ +kdb_default.so kdb_default.po $(OUTPRE)kdb_default.$(OBJEXT): \ + kdb_default.c $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/krb5/osconf.h \ $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/k5-platform.h \ $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/k5-thread.h \ $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h \ $(SRCTOP)/include/port-sockets.h $(BUILDTOP)/include/krb5/autoconf.h \ $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h -setup_mkey.so setup_mkey.po $(OUTPRE)setup_mkey.$(OBJEXT): \ - setup_mkey.c $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/krb5/osconf.h \ +kdb_cpw.so kdb_cpw.po $(OUTPRE)kdb_cpw.$(OBJEXT): kdb_cpw.c \ + $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/krb5/osconf.h \ $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/k5-platform.h \ $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/k5-thread.h \ $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h \ $(SRCTOP)/include/port-sockets.h $(BUILDTOP)/include/krb5/autoconf.h \ $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h -store_mkey.so store_mkey.po $(OUTPRE)store_mkey.$(OBJEXT): \ - store_mkey.c $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/krb5/osconf.h \ +adb_err.so adb_err.po $(OUTPRE)adb_err.$(OBJEXT): adb_err.c \ + $(COM_ERR_DEPS) +err_handle.so err_handle.po $(OUTPRE)err_handle.$(OBJEXT): \ + err_handle.c err_handle.h $(SRCTOP)/include/k5-int.h \ + $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \ + $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5/autoconf.h \ + $(SRCTOP)/include/k5-thread.h $(BUILDTOP)/include/krb5.h \ + $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \ + $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/socket-utils.h \ + $(SRCTOP)/include/krb5/kdb.h +keytab.so keytab.po $(OUTPRE)keytab.$(OBJEXT): keytab.c \ + $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/krb5/osconf.h \ $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/k5-platform.h \ $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/k5-thread.h \ $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h \ $(SRCTOP)/include/port-sockets.h $(BUILDTOP)/include/krb5/autoconf.h \ - $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h + $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \ + $(SRCTOP)/include/krb5/kdb_kt.h $(SRCTOP)/include/krb5/kdb.h diff --git a/src/lib/kadm5/adb_err.et b/src/lib/kdb/adb_err.et similarity index 100% rename from src/lib/kadm5/adb_err.et rename to src/lib/kdb/adb_err.et diff --git a/src/lib/kdb/configure.in b/src/lib/kdb/configure.in index dc002d878..4f06b3204 100644 --- a/src/lib/kdb/configure.in +++ b/src/lib/kdb/configure.in @@ -4,6 +4,7 @@ AC_CHECK_HEADERS(unistd.h) AC_TYPE_MODE_T AC_TYPE_OFF_T +AC_CHECK_HEADERS(pthread.h) AC_CHECK_FUNCS(srand48 srand srandom umask) dnl AIX is unusual in that it wants all symbols resolved at link time @@ -19,4 +20,5 @@ dnl The following is for check... KRB5_BUILD_PROGRAM KRB5_BUILD_LIBOBJS KRB5_BUILD_LIBRARY_WITH_DEPS -V5_AC_OUTPUT_MAKEFILE +AC_CONFIG_SUBDIRS(kdb_db2) +V5_AC_OUTPUT_MAKEFILE(. kdb_db2) diff --git a/src/lib/kdb/decrypt_key.c b/src/lib/kdb/decrypt_key.c index 765e6f377..53d02ffb7 100644 --- a/src/lib/kdb/decrypt_key.c +++ b/src/lib/kdb/decrypt_key.c @@ -62,12 +62,11 @@ */ krb5_error_code -krb5_dbekd_decrypt_key_data(context, mkey, key_data, dbkey, keysalt) - krb5_context context; - const krb5_keyblock * mkey; - const krb5_key_data * key_data; - krb5_keyblock * dbkey; - krb5_keysalt * keysalt; +krb5_dbekd_decrypt_key_data( krb5_context context, + const krb5_keyblock * mkey, + const krb5_key_data * key_data, + krb5_keyblock * dbkey, + krb5_keysalt * keysalt) { krb5_error_code retval = 0; krb5_int16 tmplen; diff --git a/src/lib/kdb/encrypt_key.c b/src/lib/kdb/encrypt_key.c index aa259f900..13686a4ed 100644 --- a/src/lib/kdb/encrypt_key.c +++ b/src/lib/kdb/encrypt_key.c @@ -62,13 +62,12 @@ */ krb5_error_code -krb5_dbekd_encrypt_key_data(context, mkey, dbkey, keysalt, keyver, key_data) - krb5_context context; - const krb5_keyblock * mkey; - const krb5_keyblock * dbkey; - const krb5_keysalt * keysalt; - int keyver; - krb5_key_data * key_data; +krb5_dbekd_encrypt_key_data( krb5_context context, + const krb5_keyblock * mkey, + const krb5_keyblock * dbkey, + const krb5_keysalt * keysalt, + int keyver, + krb5_key_data * key_data) { krb5_error_code retval; krb5_octet * ptr; diff --git a/src/lib/kdb/err_handle.c b/src/lib/kdb/err_handle.c new file mode 100644 index 000000000..7d54441cb --- /dev/null +++ b/src/lib/kdb/err_handle.c @@ -0,0 +1,193 @@ +/********************************************************************** +* +* C %name: err_handle.c % +* Instance: idc_sec_1 +* Description: +* %created_by: spradeep % +* %date_created: Thu Apr 7 14:05:00 2005 % +* +**********************************************************************/ +#ifndef lint +static char *_csrc = "@(#) %filespec: err_handle.c~1 % (%full_filespec: err_handle.c~1:csrc:idc_sec#1 %)"; +#endif + +/* This file should be ideally be in util/et. But, for now thread + safety requirement stops me from putting there. if I do, then all + the applications have to link to pthread. */ + +#ifdef HAVE_PTHREAD_H +#include +#endif +#include "err_handle.h" +#include + +#ifdef NOVELL +krb5_errcode_2_string_func old_error_2_string = NULL; +#endif + +typedef struct { + char krb5_err_str[KRB5_MAX_ERR_STR + 1]; + long err_code; + krb5_err_subsystem subsystem; + krb5_context kcontext; +} krb5_err_struct_t; + +#ifdef HAVE_PTHREAD_H +static void tsd_key_destructor(void *data) +{ + free(data); +} + +static pthread_key_t krb5_err_key; + +static void init_err_handling( void ) +{ + assert(!pthread_key_create(&krb5_err_key, tsd_key_destructor)); +#ifdef NOVELL + old_error_2_string = error_message; + error_message = krb5_get_err_string; +#endif +} + +static pthread_once_t krb5_key_create = PTHREAD_ONCE_INIT; + +krb5_error_code krb5_set_err( krb5_context kcontext, krb5_err_subsystem subsystem, long err_code, char *str ) +{ + int ret; + krb5_err_struct_t *err_struct; + pthread_once(&krb5_key_create, init_err_handling); + + err_struct = (krb5_err_struct_t*) pthread_getspecific(krb5_err_key); + if( err_struct == NULL ) + { + err_struct = calloc(sizeof(krb5_err_struct_t), 1); + if( err_struct == NULL ) + return ENOMEM; + + if((ret = pthread_setspecific(krb5_err_key, err_struct))) + { + free( err_struct ); + return ret; + } + } + + err_struct->subsystem = subsystem; + err_struct->err_code = err_code; + err_struct->kcontext = kcontext; + if( err_struct->subsystem == krb5_err_have_str ) + { + strncpy( err_struct->krb5_err_str, str, sizeof(err_struct->krb5_err_str) ); + err_struct->krb5_err_str[KRB5_MAX_ERR_STR] = '\0'; + } + + return 0; +} + +const char * KRB5_CALLCONV krb5_get_err_string(long err_code) +{ + krb5_err_struct_t *err_struct; + pthread_once(&krb5_key_create, init_err_handling); + + err_struct = (krb5_err_struct_t*) pthread_getspecific(krb5_err_key); + if( err_struct && (err_struct->subsystem == krb5_err_have_str) && (err_code == err_struct->err_code) ) + { + /* checking error code is for safety. + In case, the caller ignores a database error and calls other calls before doing com_err. + Though not perfect, caller should call krb5_clr_error before this*/ + err_struct->subsystem = krb5_err_unknown; + return err_struct->krb5_err_str; + } + + if( err_struct && (err_struct->subsystem == krb5_err_db) && (err_code == err_struct->err_code) ) + { + err_struct->subsystem = krb5_err_unknown; + return krb5_db_errcode2string(err_struct->kcontext, err_code); + } + + /* Error strings are not generated here. the remaining two cases are handled by the default error string convertor */ +#ifdef NOVELL + return old_error_2_string(err_code); +#else + return error_message (err_code); +#endif +} + +void krb5_clr_error() +{ + krb5_err_struct_t *err_struct; + pthread_once(&krb5_key_create, init_err_handling); + + err_struct = (krb5_err_struct_t*) pthread_getspecific(krb5_err_key); + if( err_struct ) + err_struct->subsystem = krb5_err_unknown; +} + +#else +krb5_err_struct_t krb5_err = {{0}, 0, 0, 0}; +krb5_boolean krb5_init_once = TRUE; + +static void init_err_handling( void ) +{ + if( krb5_init_once ) + { + old_error_2_string = error_message; + error_message = krb5_get_err_string; + krb5_init_once = FALSE; + } +} + +krb5_error_code krb5_set_err( krb5_context kcontext, krb5_err_subsystem subsystem, long err_code, char *str ) +{ + krb5_err_struct_t *err_struct = &krb5_err; + + init_err_handling(); /* takes care for multiple inits */ + + err_struct->subsystem = subsystem; + err_struct->err_code = err_code; + err_struct->kcontext = kcontext; + if( err_struct->subsystem == krb5_err_have_str ) + { + strncpy( err_struct->krb5_err_str, str, sizeof(err_struct->krb5_err_str) ); + err_struct->krb5_err_str[KRB5_MAX_ERR_STR] = '\0'; + } + + return 0; +} + +const char * KRB5_CALLCONV krb5_get_err_string(long err_code) +{ + krb5_err_struct_t *err_struct = &krb5_err; + + init_err_handling(); /* takes care for multiple inits */ + + if( (err_struct->subsystem == krb5_err_have_str) && (err_code == err_struct->err_code) ) + { + /* checking error code is for safety. + In case, the caller ignores a database error and calls other calls before doing com_err. + Though not perfect, caller should call krb5_clr_error before this*/ + err_struct->subsystem = krb5_err_unknown; + return err_struct->krb5_err_str; + } + + if( (err_struct->subsystem == krb5_err_db) && (err_code == err_struct->err_code) ) + { + err_struct->subsystem = krb5_err_unknown; + return krb5_db_errcode2string(err_struct->kcontext, err_code); + } + + /* it is not generated here. the remaining two cases are handled by the default error string convertor */ + return old_error_2_string(err_code); + +} + +void krb5_clr_error() +{ + krb5_err_struct_t *err_struct = &krb5_err; + + init_err_handling(); /* takes care for multiple inits */ + + err_struct->subsystem = krb5_err_unknown; +} + + +#endif diff --git a/src/lib/kdb/err_handle.h b/src/lib/kdb/err_handle.h new file mode 100644 index 000000000..e123afc9f --- /dev/null +++ b/src/lib/kdb/err_handle.h @@ -0,0 +1,32 @@ +/********************************************************************** +* +* C Header: err_handle.h +* Instance: idc_sec_1 +* Description: +* %created_by: spradeep % +* %date_created: Thu Apr 7 14:05:33 2005 % +* +**********************************************************************/ +#ifndef _idc_sec_1_err_handle_h_H +#define _idc_sec_1_err_handle_h_H +#include + +/* Everything else goes here */ + +#define KRB5_MAX_ERR_STR 1024 +typedef enum krb5_err_subsystem { krb5_err_unknown = 0, /* no error or unknown system. Has to be probed */ + krb5_err_system, /* error in system call */ + krb5_err_krblib, /* error in kerberos library call, should lookup in the error table */ + krb5_err_have_str, /* error message is available in the string */ + krb5_err_db /* error is a database error, should be handled by calling DB */ +} krb5_err_subsystem; + +typedef krb5_error_code (*krb5_set_err_func_t)( krb5_context, krb5_err_subsystem, long, char*); + +krb5_error_code krb5_set_err( krb5_context kcontext, krb5_err_subsystem subsystem, long err_code, char *str ); + +const char * KRB5_CALLCONV krb5_get_err_string(long err_code); + +void krb5_clr_error(void); + +#endif diff --git a/src/lib/kdb/fetch_mkey.c b/src/lib/kdb/fetch_mkey.c deleted file mode 100644 index 5d63b8c0e..000000000 --- a/src/lib/kdb/fetch_mkey.c +++ /dev/null @@ -1,182 +0,0 @@ -/* - * lib/kdb/fetch_mkey.c - * - * Copyright 1990 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - * - * krb5_db_fetch_mkey(): - * Fetch a database master key from somewhere. - */ - -/* - * Copyright (C) 1998 by the FundsXpress, INC. - * - * All rights reserved. - * - * Export of this software from the United States of America may require - * a specific license from the United States Government. It is the - * responsibility of any person or organization contemplating export to - * obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of FundsXpress. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. FundsXpress makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED - * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. - */ - -#include "k5-int.h" - -/* these are available to other funcs, and the pointers may be reassigned */ - -char *krb5_mkey_pwd_prompt1 = KRB5_KDC_MKEY_1; -char *krb5_mkey_pwd_prompt2 = KRB5_KDC_MKEY_2; - -/* - * Get the KDC database master key from somewhere, filling it into *key. - * - * key->enctype should be set to the desired key type. - * - * if fromkeyboard is TRUE, then the master key is read as a password - * from the user's terminal. In this case, - * eblock should point to a block with an appropriate string_to_key function. - * if twice is TRUE, the password is read twice for verification. - * - * mname is the name of the key sought; this can be used by the string_to_key - * function or by some other method to isolate the desired key. - * - */ - -#ifndef min -#define min(a,b) (((a) < (b)) ? (a) : (b)) -#endif - -krb5_error_code -krb5_db_fetch_mkey(context, mname, etype, fromkeyboard, twice, keyfile, - salt, key) - krb5_context context; - krb5_principal mname; - krb5_enctype etype; - krb5_boolean fromkeyboard; - krb5_boolean twice; - char *keyfile; - krb5_data * salt; - krb5_keyblock * key; -{ - krb5_error_code retval; - char password[BUFSIZ]; - krb5_data pwd; - unsigned int size = sizeof(password); - - if (fromkeyboard) { - krb5_data scratch; - - if ((retval = krb5_read_password(context, krb5_mkey_pwd_prompt1, - twice ? krb5_mkey_pwd_prompt2 : 0, - password, &size))) - return(retval); - - pwd.data = password; - pwd.length = size; - if (!salt) { - retval = krb5_principal2salt(context, mname, &scratch); - if (retval) - return retval; - } - retval = krb5_c_string_to_key(context, etype, &pwd, salt?salt:&scratch, - key); - - if (!salt) - krb5_xfree(scratch.data); - memset(password, 0, sizeof(password)); /* erase it */ - return retval; - - } else { - /* from somewhere else */ - krb5_ui_2 enctype; - char defkeyfile[MAXPATHLEN+1]; - krb5_data *realm = krb5_princ_realm(context, mname); - FILE *kf; - - retval = 0; - key->magic = KV5M_KEYBLOCK; - (void) strcpy(defkeyfile, DEFAULT_KEYFILE_STUB); - (void) strncat(defkeyfile, realm->data, - min(sizeof(defkeyfile)-sizeof(DEFAULT_KEYFILE_STUB)-1, - realm->length)); - defkeyfile[sizeof(defkeyfile) - 1] = '\0'; - -#ifdef ANSI_STDIO - if (!(kf = fopen((keyfile) ? keyfile : defkeyfile, "rb"))) -#else - if (!(kf = fopen((keyfile) ? keyfile : defkeyfile, "r"))) -#endif - return KRB5_KDB_CANTREAD_STORED; - if (fread((krb5_pointer) &enctype, 2, 1, kf) != 1) { - retval = KRB5_KDB_CANTREAD_STORED; - goto errout; - } - if (key->enctype == ENCTYPE_UNKNOWN) - key->enctype = enctype; - else if (enctype != key->enctype) { - retval = KRB5_KDB_BADSTORED_MKEY; - goto errout; - } - if (fread((krb5_pointer) &key->length, - sizeof(key->length), 1, kf) != 1) { - retval = KRB5_KDB_CANTREAD_STORED; - goto errout; - } - if (!key->length || ((int) key->length) < 0) { - retval = KRB5_KDB_BADSTORED_MKEY; - goto errout; - } - - if (!(key->contents = (krb5_octet *)malloc(key->length))) { - retval = ENOMEM; - goto errout; - } - if (fread((krb5_pointer) key->contents, - sizeof(key->contents[0]), key->length, kf) - != key->length) { - retval = KRB5_KDB_CANTREAD_STORED; - memset(key->contents, 0, key->length); - free(key->contents); - key->contents = 0; - } else - retval = 0; - - errout: - (void) fclose(kf); - return retval; - } -} diff --git a/src/lib/kdb/kdb5.c b/src/lib/kdb/kdb5.c new file mode 100644 index 000000000..c4afa1b25 --- /dev/null +++ b/src/lib/kdb/kdb5.c @@ -0,0 +1,2051 @@ +/* + * Include files + */ + +#ifdef HAVE_PTHREAD_H +#include +#endif + +#include +#include +#include +#include +#include +#include "kdb5.h" +#include + +/* currently DB2 policy related errors are exported from DAL. But other databases should set_err function to return string */ +#include "adb_err.h" + + +/* + * Type definitions + */ +#define KRB5_TL_DB_ARGS 0x7fff + +/* + * internal static variable + */ + +#ifdef HAVE_PTHREAD_H +/* static pthread_once_t db_inited = PTHREAD_ONCE_INIT; */ +static pthread_mutex_t db_lock = PTHREAD_MUTEX_INITIALIZER; +#else +/* static int db_inited = 0; */ +#endif + + +#ifdef _KDB5_STATIC_LINK +#undef _KDB5_DYNAMIC_LINK +#else +#undef _KDB5_DYNAMIC_LINK +/* to avoid redefinition problem */ +#define _KDB5_DYNAMIC_LINK +#endif + + +static db_library lib_list; + +/* + * Helper Functions + */ +#ifdef HAVE_PTHREAD_H + +/* + * KNOWN ISSUES with locking: This code does not handle a scenario where a library is thread-safe for different DB contexts, + * but not with the same context. It locks the complete DB library. If this is not the scenario, then lock has to be moved from + * db_library to kdb5_dal_handle. For now doing a pessimistic locking. + * + * If any thread does a DB lock, all the other threads are barred from accessing DB using this context (infact library + * because of the previous defect). + * This is with the assumption that, DB's lock code will take care of excluding other processes/machines from + * using the DB. But there could be a scenario where access by some other thread using the same context might corrupt the database. + */ + +static int kdb_lock_list() +{ + return pthread_mutex_lock( &db_lock ); +} + +static int kdb_unlock_list() +{ + return pthread_mutex_unlock( &db_lock ); +} + +static int kdb_init_lib_lock( db_library lib ) +{ + krb5_error_code retval; + if( (retval= pthread_mutex_init( &lib->lib_lock, NULL ))) + { + return retval; + } + + lib->lock_holder = pthread_self(); + lib->excl = 0; + lib->recursive_cnt = 0; + + return pthread_cond_init( &lib->unlocked, NULL ); +} + +static int kdb_destroy_lib_lock ( db_library lib ) +{ + krb5_error_code retval; + if( (retval = pthread_mutex_destroy( &lib->lib_lock )) ) + { + return retval; + } + + return pthread_cond_destroy( &lib->unlocked ); +} + +static int kdb_lock_lib_lock( db_library lib, krb5_boolean exclusive ) +{ + /* since, handle locked by one thread should not allow another thread to continue */ + krb5_error_code retval = 0; + pthread_t myid = pthread_self(); + + if( (retval = pthread_mutex_lock( &lib->lib_lock )) ) + return retval; + + while( (exclusive && (lib->excl || lib->recursive_cnt)) || + (!pthread_equal(lib->lock_holder, myid) && !lib->vftabl.is_thread_safe && lib->recursive_cnt) ) + { + /* exclusive lock held or some one using lock when exclusive is requested or library not-re-entrent */ + if( (retval = pthread_cond_wait(&lib->unlocked, &lib->lib_lock)) ) + return retval; + } + + /* exclusive lock and recursive_cnt allow a thread to lock even it already holds a lock */ + if( exclusive ) + lib->excl++; + + lib->recursive_cnt++; + + lib->lock_holder = myid; + + return pthread_mutex_unlock( &lib->lib_lock ); +} + +static int kdb_unlock_lib_lock( db_library lib, krb5_boolean exclusive ) +{ + krb5_error_code retval = 0; + + if( (retval = pthread_mutex_lock( &lib->lib_lock )) ) + return retval; + + lib->recursive_cnt--; + if( exclusive ) + lib->excl--; + + if( (retval = pthread_cond_broadcast( &lib->unlocked )) ) + return retval; + + return pthread_mutex_unlock( &lib->lib_lock ); +} + +#else /* no PTHREAD */ + +/* program is not using pthread. So, threads wont be there. No need to lock */ +#define kdb_lock_list() 0 +#define kdb_unlock_list() 0 +#define kdb_init_lib_lock(a) 0 +#define kdb_destroy_lib_lock(a) 0 +#define kdb_lock_lib_lock(a, b) 0 +#define kdb_unlock_lib_lock(a, b) 0 + +#endif /* end of HAVE_PTHREAD_H */ + + +static char * kdb_get_conf_section( krb5_context kcontext ) +{ + krb5_error_code status = 0; + char *result = NULL; + char *value = NULL; + + /* profile has to be initialized. If profile is not initialized, expect nothing less than a crash */ + status = profile_get_string( kcontext->profile, KDB_REALM_SECTION, /* realms */ + kcontext->default_realm, KDB_MODULE_POINTER, /* under the realm name, database_module */ + kcontext->default_realm, /* default value is the realm name itself */ + &value ); + + if( status ) + { + /* some problem */ + result = strdup( kcontext->default_realm ); + /* let NULL be handled by the caller */ + } + else + { + result = strdup( value ); + /* free profile string */ + profile_release_string( value ); + } + + return result; +} + +static char * kdb_get_library_name( krb5_context kcontext ) +{ + krb5_error_code status = 0; + char *result = NULL; + char *value = NULL; + char *lib = NULL; + + status = profile_get_string( kcontext->profile, KDB_REALM_SECTION, /* realms */ + kcontext->default_realm, KDB_MODULE_POINTER, /* under the realm name, database_module */ + kcontext->default_realm, /* default value is the realm name itself */ + &value ); + if( status ) + { + goto clean_n_exit; + } + + /* we got the module section. Get the library name from the module */ + status = profile_get_string( kcontext->profile, KDB_MODULE_SECTION, + value, KDB_LIB_POINTER, + "kdb_db2", /* default to db2 */ + &lib ); + + if( status ) + { + goto clean_n_exit; + } + + result = strdup( lib ); + clean_n_exit: + if( value ) + { + /* free profile string */ + profile_release_string( value ); + } + + if( lib ) + { + /* free profile string */ + profile_release_string( lib ); + } + + if( status ) + { + /* any error default to db2 */ + result = strdup( "kdb_db2" ); + } + return result; +} + +static void kdb_setup_opt_functions ( db_library lib ) +{ + if ( lib->vftabl.set_master_key == NULL ) + { + lib->vftabl.set_master_key = kdb_def_set_mkey; + } + + if ( lib->vftabl.get_master_key == NULL ) + { + lib->vftabl.get_master_key = kdb_def_get_mkey; + } + + if( lib->vftabl.fetch_master_key == NULL ) + { + lib->vftabl.fetch_master_key = krb5_db_def_fetch_mkey; + } + + if( lib->vftabl.verify_master_key == NULL ) + { + lib->vftabl.verify_master_key = krb5_def_verify_master_key; + } + + if( lib->vftabl.dbe_search_enctype == NULL ) + { + lib->vftabl.dbe_search_enctype = krb5_dbe_def_search_enctype; + } + + if( lib->vftabl.db_change_pwd == NULL ) + { + lib->vftabl.db_change_pwd = krb5_dbe_def_cpw; + } + + if( lib->vftabl.store_master_key == NULL ) + { + lib->vftabl.store_master_key = krb5_def_store_mkey; + } +} + +static int kdb_db2_pol_err_loaded = 0; +#ifdef _KDB5_STATIC_LINK +#define DEF_SYMBOL(a) extern kdb_vftabl krb5_db_vftabl_ ## a +#define GET_SYMBOL(a) (krb5_db_vftabl_ ## a) +static krb5_error_code kdb_load_library( krb5_context kcontext, char *lib_name, db_library *lib ) +{ + krb5_error_code status; + void *vftabl_addr = NULL; + char buf[KRB5_MAX_ERR_STR]; + + if( !strcmp("kdb_db2", lib_name) && (kdb_db2_pol_err_loaded == 0) ) + { + initialize_adb_error_table(); + kdb_db2_pol_err_loaded = 1; + } + + *lib = calloc( (size_t)1, sizeof(**lib)); + if( *lib == NULL ) + { + status = ENOMEM; + goto clean_n_exit; + } + + status = kdb_init_lib_lock( *lib ); + if( status ) + { + goto clean_n_exit; + } + + strcpy( (*lib)->name, lib_name ); + +#if !defined(KDB5_USE_LIB_KDB_DB2) && !defined(KDB5_USE_LIB_TEST) +#error No database module defined +#endif + +#ifdef KDB5_USE_LIB_KDB_DB2 + if( strcmp( lib_name, "kdb_db2" ) == 0 ) + { + DEF_SYMBOL(kdb_db2); + vftabl_addr = (void*)& GET_SYMBOL(kdb_db2); + } + else +#endif +#ifdef KDB5_USE_LIB_TEST + if( strcmp( lib_name, "test" ) == 0 ) + { + DEF_SYMBOL(test); + vftabl_addr = (void*) &GET_SYMBOL(test); + } else +#endif + { + sprintf( buf, "Program not built to support %s database type\n", lib_name ); + status = -1; + krb5_db_set_err(kcontext, krb5_err_have_str, status, buf); + goto clean_n_exit; + } + + memcpy( &(*lib)->vftabl, vftabl_addr, sizeof(kdb_vftabl)); + + kdb_setup_opt_functions( *lib ); + + if( (status=(*lib)->vftabl.init_library(krb5_set_err)) ) + { + /* ERROR. library not initialized cleanly */ + sprintf( buf, "%s library initialization failed, error code %ld\n", lib_name, status ); + status = -1; + krb5_db_set_err(kcontext, krb5_err_have_str, status, buf); + goto clean_n_exit; + } + + + clean_n_exit: + if( status ) + { + free(*lib), *lib = NULL; + } + return status; +} + +#else + +static char *db_dl_location[] = DEFAULT_KDB_LIB_PATH; + +static krb5_error_code kdb_load_library( krb5_context kcontext, char *lib_name, db_library *lib ) +{ + krb5_error_code status = 0; + char dl_name[1024]; + int ndx; + void *vftabl_addr; + char *err_str = NULL; + + if( !strcmp("kdb_db2", lib_name) && (kdb_db2_pol_err_loaded == 0) ) + { + initialize_adb_error_table(); + kdb_db2_pol_err_loaded = 1; + } + + *lib = calloc( (size_t)1, sizeof(**lib)); + if( *lib == NULL ) + { + status = ENOMEM; + goto clean_n_exit; + } + + status = kdb_init_lib_lock( *lib ); + if( status ) + { + goto clean_n_exit; + } + + strcpy( (*lib)->name, lib_name ); + + for( ndx = 0; db_dl_location[ndx]; ndx++ ) + { + sprintf(dl_name, "%s/lib%s.so", db_dl_location[ndx], lib_name); + (*lib)->dl_handle = dlopen( dl_name, RTLD_NOW ); + if( (*lib)->dl_handle ) + { + /* found the module */ + sprintf( dl_name, "krb5_db_vftabl_%s", lib_name ); + + dlerror(); + vftabl_addr = dlsym( (*lib)->dl_handle, dl_name ); + if( vftabl_addr ) + { + memcpy( &(*lib)->vftabl, vftabl_addr, sizeof(kdb_vftabl)); + + kdb_setup_opt_functions( *lib ); + + if( (status = (*lib)->vftabl.init_library(krb5_set_err)) ) + { + /* ERROR. library not initialized cleanly */ + goto clean_n_exit; + + } + } + else + { + status = -1; + krb5_set_err(kcontext, krb5_err_have_str, status, dlerror()); + goto clean_n_exit; + } + break; + } + else + { + /* set the error. Later if we find everything fine.. we will reset this */ + err_str = dlerror(); +/* fprintf(stderr, "Error loading library %s\n", t); */ + } + } + + if( ! (*lib)->dl_handle ) + { + /* library not found in the given list. Error str is already set */ + status = -1; + krb5_set_err(kcontext, krb5_err_have_str, status, err_str); + goto clean_n_exit; + } + + clean_n_exit: + if( status ) + { + if( *lib ) + { + kdb_destroy_lib_lock( *lib ); + if( (*lib)->dl_handle ) + { + dlclose( (*lib)->dl_handle ); + } + free(*lib); + *lib = NULL; + } + } + return status; +} + +#endif /* end of _KDB5_STATIC_LINK */ + +static krb5_error_code kdb_find_library( krb5_context kcontext, char *lib_name, db_library *lib) +{ + /* lock here so that no two threads try to do the same at the same time */ + krb5_error_code status = 0; + int locked = 0; + db_library curr_elt, prev_elt = NULL; + + if( (status = kdb_lock_list()) != 0 ) + { + goto clean_n_exit; + } + locked = 1; + + curr_elt = lib_list; + while ( curr_elt != NULL ) + { + if( strcmp( lib_name, curr_elt->name ) == 0 ) + { + *lib = curr_elt; + goto clean_n_exit; + } + prev_elt = curr_elt; + curr_elt = curr_elt->next; + } + + /* module not found. create and add to list */ + status = kdb_load_library( kcontext, lib_name, lib); + if( status ) + { + goto clean_n_exit; + } + + if( prev_elt ) + { + /* prev_elt points to the last element in the list */ + prev_elt->next = *lib; + (*lib)->prev = prev_elt; + } + else + { + lib_list = *lib; + } + + clean_n_exit: + if( *lib ) + { + (*lib)->reference_cnt++; + } + + if( locked ) + { + kdb_unlock_list(); + } + + return status; +} + + +static krb5_error_code kdb_free_library( db_library lib) +{ + krb5_error_code status = 0; + int locked = 0; + + if( (status = kdb_lock_list()) != 0 ) + { + goto clean_n_exit; + } + locked = 1; + + lib->reference_cnt--; + + if( lib->reference_cnt == 0 ) + { + status = lib->vftabl.fini_library(); + if( status ) + { + goto clean_n_exit; + } + + /* close the library */ + if( lib->dl_handle ) + { + dlclose( lib->dl_handle ); + } + + kdb_destroy_lib_lock( lib ); + + if( lib->prev == NULL ) + { + /* first element in the list */ + lib_list = lib->next; + } + else + { + lib->prev->next = lib->next; + } + + if( lib->next ) + { + lib->next->prev = lib->prev; + } + free(lib); + } + + clean_n_exit: + if( locked ) + { + kdb_unlock_list(); + } + + return status; +} + +static krb5_error_code kdb_setup_lib_handle( krb5_context kcontext ) +{ + char *library = NULL; + krb5_error_code status = 0; + db_library lib = NULL; + kdb5_dal_handle *dal_handle = NULL; + + dal_handle = calloc( (size_t)1, sizeof(kdb5_dal_handle) ); + if( dal_handle == NULL ) + { + status = ENOMEM; + goto clean_n_exit; + } + + library = kdb_get_library_name( kcontext ); + if( library == NULL ) + { + status = -1; + goto clean_n_exit; + } + + status = kdb_find_library( kcontext, library, &lib ); + if( status ) + { + goto clean_n_exit; + } + + dal_handle->lib_handle = lib; + kcontext->db_context = (void *) dal_handle; + + clean_n_exit: + free(library); + + if( status ) + { + free( dal_handle ); + if( lib ) + { + kdb_free_library( lib ); + } + } + + return status; +} + + +static krb5_error_code kdb_free_lib_handle( krb5_context kcontext ) +{ + krb5_error_code status = 0; + + status = kdb_free_library( ((kdb5_dal_handle *)kcontext->db_context)->lib_handle ); + if( status ) + { + goto clean_n_exit; + } + + free( kcontext->db_context ); + kcontext->db_context = NULL; + + clean_n_exit: + return status; +} + +/* + * External functions... DAL API + */ +void krb5_db_clr_error() +{ + krb5_clr_error(); +} + +krb5_error_code krb5_db_open( krb5_context kcontext, char **db_args, int mode ) +{ + krb5_error_code status = 0; + char *section = NULL; + kdb5_dal_handle *dal_handle; + char buf[KRB5_MAX_ERR_STR]; + + section = kdb_get_conf_section( kcontext ); + if( section == NULL ) + { + sprintf( buf, "unable to determine configuration section for realm %s\n", kcontext->default_realm ); + status = -1; + krb5_set_err(kcontext, krb5_err_have_str, status, buf); + goto clean_n_exit; + } + + if( kcontext->db_context == NULL ) + { + status = kdb_setup_lib_handle( kcontext ); + if( status ) + { + goto clean_n_exit; + } + } + + dal_handle = (kdb5_dal_handle *) kcontext->db_context; + status = kdb_lock_lib_lock( dal_handle->lib_handle, FALSE ); + if( status ) + { + goto clean_n_exit; + } + + status = dal_handle->lib_handle->vftabl.init_module(kcontext, section, db_args, mode ); + + kdb_unlock_lib_lock( dal_handle->lib_handle, FALSE ); + + clean_n_exit: + if( section ) + free(section); + return status; +} + +const char * krb5_db_errcode2string ( krb5_context kcontext, long err_code ) +{ + const char *err_str = NULL; + krb5_error_code status = 0; + kdb5_dal_handle *dal_handle; + + if( kcontext->db_context == NULL ) + { + status = kdb_setup_lib_handle( kcontext ); + if( status ) + { + goto clean_n_exit; + } + } + + dal_handle = (kdb5_dal_handle *) kcontext->db_context; + status = kdb_lock_lib_lock( dal_handle->lib_handle, FALSE ); + if( status ) + { + goto clean_n_exit; + } + + err_str = dal_handle->lib_handle->vftabl.errcode_2_string(kcontext, err_code ); + kdb_unlock_lib_lock( dal_handle->lib_handle, FALSE ); + + clean_n_exit: + return err_str; +} + + +krb5_error_code krb5_db_inited ( krb5_context kcontext ) +{ + return !(kcontext && kcontext->db_context && + ((kdb5_dal_handle*)kcontext->db_context)->db_context); +} + +krb5_error_code krb5_db_create ( krb5_context kcontext, char **db_args ) +{ + krb5_error_code status = 0; + char *section = NULL; + kdb5_dal_handle *dal_handle; + char buf[KRB5_MAX_ERR_STR]; + + section = kdb_get_conf_section( kcontext ); + if( section == NULL ) + { + sprintf( buf, "unable to determine configuration section for realm %s\n", kcontext->default_realm ); + status = -1; + krb5_set_err(kcontext, krb5_err_have_str, status, buf); + goto clean_n_exit; + } + + if( kcontext->db_context == NULL ) + { + status = kdb_setup_lib_handle( kcontext ); + if( status ) + { + goto clean_n_exit; + } + } + + dal_handle = (kdb5_dal_handle *) kcontext->db_context; + status = kdb_lock_lib_lock( dal_handle->lib_handle, FALSE ); + if( status ) + { + goto clean_n_exit; + } + + status = dal_handle->lib_handle->vftabl.db_create(kcontext, section, db_args ); + + kdb_unlock_lib_lock( dal_handle->lib_handle, FALSE ); + + clean_n_exit: + if( section ) + free(section); + return status; +} + +krb5_error_code krb5_db_fini ( krb5_context kcontext ) +{ + krb5_error_code status = 0; + kdb5_dal_handle *dal_handle; + + if( kcontext->db_context == NULL ) + { + /* module not loaded. So nothing to be done */ + goto clean_n_exit; + } + + dal_handle = (kdb5_dal_handle *) kcontext->db_context; + status = kdb_lock_lib_lock( dal_handle->lib_handle, FALSE ); + if( status ) + { + goto clean_n_exit; + } + + status = dal_handle->lib_handle->vftabl.fini_module( kcontext ); + + kdb_unlock_lib_lock( dal_handle->lib_handle, FALSE ); + + if( status ) + { + goto clean_n_exit; + } + + status = kdb_free_lib_handle( kcontext ); + + clean_n_exit: + return status; +} + + +krb5_error_code krb5_db_destroy ( krb5_context kcontext, char **db_args ) +{ + krb5_error_code status = 0; + char * section = NULL; + kdb5_dal_handle *dal_handle; + char buf[KRB5_MAX_ERR_STR]; + + section = kdb_get_conf_section( kcontext ); + if( section == NULL ) + { + sprintf( buf, "unable to determine configuration section for realm %s\n", kcontext->default_realm ); + status = -1; + krb5_set_err(kcontext, krb5_err_have_str, status, buf); + goto clean_n_exit; + } + + if( kcontext->db_context == NULL ) + { + status = kdb_setup_lib_handle( kcontext ); + if( status ) + { + goto clean_n_exit; + } + } + + dal_handle = (kdb5_dal_handle *) kcontext->db_context; + status = kdb_lock_lib_lock( dal_handle->lib_handle, FALSE ); + if( status ) + { + goto clean_n_exit; + } + + status = dal_handle->lib_handle->vftabl.db_destroy(kcontext, section, db_args ); + kdb_unlock_lib_lock( dal_handle->lib_handle, FALSE ); + + clean_n_exit: + if( section ) + free(section); + return status; +} + +krb5_error_code krb5_db_get_age ( krb5_context kcontext, char *db_name, time_t *t ) +{ + krb5_error_code status = 0; + kdb5_dal_handle *dal_handle; + + if( kcontext->db_context == NULL ) + { + status = kdb_setup_lib_handle( kcontext ); + if( status ) + { + goto clean_n_exit; + } + } + + dal_handle = (kdb5_dal_handle *) kcontext->db_context; + status = kdb_lock_lib_lock( dal_handle->lib_handle, FALSE ); + if( status ) + { + goto clean_n_exit; + } + + status = dal_handle->lib_handle->vftabl.db_get_age(kcontext, db_name, t ); + kdb_unlock_lib_lock( dal_handle->lib_handle, FALSE ); + + clean_n_exit: + return status; +} + +krb5_error_code krb5_db_set_option ( krb5_context kcontext, int option, void *value ) +{ + krb5_error_code status = 0; + kdb5_dal_handle *dal_handle; + + if( kcontext->db_context == NULL ) + { + status = kdb_setup_lib_handle( kcontext ); + if( status ) + { + goto clean_n_exit; + } + } + + dal_handle = (kdb5_dal_handle *) kcontext->db_context; + status = kdb_lock_lib_lock( dal_handle->lib_handle, FALSE ); + if( status ) + { + goto clean_n_exit; + } + + status = dal_handle->lib_handle->vftabl.db_set_option(kcontext, option, value ); + kdb_unlock_lib_lock( dal_handle->lib_handle, FALSE ); + + clean_n_exit: + return status; +} + +krb5_error_code krb5_db_lock ( krb5_context kcontext, int lock_mode ) +{ + krb5_error_code status = 0; + kdb5_dal_handle *dal_handle; + + if( kcontext->db_context == NULL ) + { + status = kdb_setup_lib_handle( kcontext ); + if( status ) + { + goto clean_n_exit; + } + } + + dal_handle = (kdb5_dal_handle *) kcontext->db_context; + /* acquire an exclusive lock, ensures no other thread uses this context */ + status = kdb_lock_lib_lock( dal_handle->lib_handle, TRUE ); + if( status ) + { + goto clean_n_exit; + } + + status = dal_handle->lib_handle->vftabl.db_lock(kcontext, lock_mode ); + + /* exclusive lock is still held, so no other thread could use this context */ + kdb_unlock_lib_lock( dal_handle->lib_handle, FALSE ); + + clean_n_exit: + return status; +} + +krb5_error_code krb5_db_unlock ( krb5_context kcontext ) +{ + krb5_error_code status = 0; + kdb5_dal_handle *dal_handle; + + if( kcontext->db_context == NULL ) + { + status = kdb_setup_lib_handle( kcontext ); + if( status ) + { + goto clean_n_exit; + } + } + + dal_handle = (kdb5_dal_handle *) kcontext->db_context; + /* normal lock acquired and exclusive lock released */ + status = kdb_lock_lib_lock( dal_handle->lib_handle, FALSE ); + if( status ) + { + goto clean_n_exit; + } + + status = dal_handle->lib_handle->vftabl.db_unlock( kcontext ); + + kdb_unlock_lib_lock( dal_handle->lib_handle, TRUE ); + + clean_n_exit: + return status; +} + +krb5_error_code krb5_db_get_principal ( krb5_context kcontext, + krb5_const_principal search_for, + krb5_db_entry *entries, + int *nentries, + krb5_boolean *more ) +{ + krb5_error_code status = 0; + kdb5_dal_handle *dal_handle; + + if( kcontext->db_context == NULL ) + { + status = kdb_setup_lib_handle( kcontext ); + if( status ) + { + goto clean_n_exit; + } + } + + dal_handle = (kdb5_dal_handle *) kcontext->db_context; + status = kdb_lock_lib_lock( dal_handle->lib_handle, FALSE ); + if( status ) + { + goto clean_n_exit; + } + + status = dal_handle->lib_handle->vftabl.db_get_principal(kcontext, search_for, + entries, nentries, more); + kdb_unlock_lib_lock( dal_handle->lib_handle, FALSE ); + + clean_n_exit: + return status; +} + +krb5_error_code krb5_db_free_principal ( krb5_context kcontext, + krb5_db_entry *entry, + int count ) +{ + krb5_error_code status = 0; + kdb5_dal_handle *dal_handle; + + if( kcontext->db_context == NULL ) + { + status = kdb_setup_lib_handle( kcontext ); + if( status ) + { + goto clean_n_exit; + } + } + + dal_handle = (kdb5_dal_handle *) kcontext->db_context; + status = kdb_lock_lib_lock( dal_handle->lib_handle, FALSE ); + if( status ) + { + goto clean_n_exit; + } + + status = dal_handle->lib_handle->vftabl.db_free_principal( kcontext, entry, count ); + kdb_unlock_lib_lock( dal_handle->lib_handle, FALSE ); + + clean_n_exit: + return status; +} + + +krb5_error_code krb5_db_put_principal ( krb5_context kcontext, + krb5_db_entry *entries, + int *nentries ) +{ + krb5_error_code status = 0; + kdb5_dal_handle *dal_handle; + char **db_args = NULL; + krb5_tl_data *prev, *curr, *next; + int db_args_size = 0; + + if( kcontext->db_context == NULL ) + { + status = kdb_setup_lib_handle( kcontext ); + if( status ) + { + goto clean_n_exit; + } + } + + /* Giving db_args as part of tl data causes, db2 to store the tl_data as such. + To prevent this, tl_data is collated and passed as a sepearte argument. Currently supports only one principal. + but passing it as a seperate argument makes it difficult for kadmin remote to pass arguments to server */ + prev=NULL, curr=entries->tl_data; + while(curr) + { + if( curr->tl_data_type == KRB5_TL_DB_ARGS ) + { + char **t; + /* since this is expected to be NULL terminated string and this could come from any client, do a check + before passing it to db. */ + if( ((char*) curr->tl_data_contents)[curr->tl_data_length-1] != '\0' ) + { + /* not null terminated. Dangerous input */ + status = EINVAL; + goto clean_n_exit; + } + + db_args_size++; + t = realloc( db_args, sizeof(char*) * (db_args_size+1)); /* 1 for NULL */ + if( t == NULL ) + { + status = ENOMEM; + goto clean_n_exit; + } + + db_args = t; + db_args[db_args_size-1] = (char*)curr->tl_data_contents; + db_args[db_args_size] = NULL; + + next = curr->tl_data_next; + if( prev == NULL ) + { + /* current node is the first in the linked list. remove it */ + entries->tl_data = curr->tl_data_next; + } + else + { + prev->tl_data_next = curr->tl_data_next; + } + entries->n_tl_data--; + krb5_db_free( kcontext, curr ); + + /* previous does not change */ + curr = next; + } + else + { + prev = curr; + curr = curr->tl_data_next; + } + } + + dal_handle = (kdb5_dal_handle *) kcontext->db_context; + status = kdb_lock_lib_lock( dal_handle->lib_handle, FALSE ); + if( status ) + { + goto clean_n_exit; + } + + status = dal_handle->lib_handle->vftabl.db_put_principal( kcontext, entries, + nentries, db_args ); + kdb_unlock_lib_lock( dal_handle->lib_handle, FALSE ); + + clean_n_exit: + while( db_args_size ) + { + if( db_args[db_args_size-1] ) + krb5_db_free(kcontext, db_args[db_args_size-1]); + + db_args_size--; + } + + if( db_args ) + free(db_args); + + return status; +} + +krb5_error_code krb5_db_delete_principal ( krb5_context kcontext, + krb5_principal search_for, + int *nentries ) +{ + krb5_error_code status = 0; + kdb5_dal_handle *dal_handle; + + if( kcontext->db_context == NULL ) + { + status = kdb_setup_lib_handle( kcontext ); + if( status ) + { + goto clean_n_exit; + } + } + + dal_handle = (kdb5_dal_handle *) kcontext->db_context; + status = kdb_lock_lib_lock( dal_handle->lib_handle, FALSE ); + if( status ) + { + goto clean_n_exit; + } + + status = dal_handle->lib_handle->vftabl.db_delete_principal( kcontext, search_for, nentries ); + kdb_unlock_lib_lock( dal_handle->lib_handle, FALSE ); + + clean_n_exit: + return status; +} + +krb5_error_code krb5_db_iterate ( krb5_context kcontext, + char *match_entry, + int (*func) (krb5_pointer, krb5_db_entry *), + krb5_pointer func_arg ) +{ + krb5_error_code status = 0; + kdb5_dal_handle *dal_handle; + + if( kcontext->db_context == NULL ) + { + status = kdb_setup_lib_handle( kcontext ); + if( status ) + { + goto clean_n_exit; + } + } + + dal_handle = (kdb5_dal_handle *) kcontext->db_context; + status = kdb_lock_lib_lock( dal_handle->lib_handle, FALSE ); + if( status ) + { + goto clean_n_exit; + } + + status = dal_handle->lib_handle->vftabl.db_iterate( kcontext, + match_entry, + func, + func_arg ); + kdb_unlock_lib_lock( dal_handle->lib_handle, FALSE ); + + clean_n_exit: + return status; +} + +krb5_error_code krb5_supported_realms ( krb5_context kcontext, + char **realms ) +{ + krb5_error_code status = 0; + kdb5_dal_handle *dal_handle; + + if( kcontext->db_context == NULL ) + { + status = kdb_setup_lib_handle( kcontext ); + if( status ) + { + goto clean_n_exit; + } + } + + dal_handle = (kdb5_dal_handle *) kcontext->db_context; + status = kdb_lock_lib_lock( dal_handle->lib_handle, FALSE ); + if( status ) + { + goto clean_n_exit; + } + + status = dal_handle->lib_handle->vftabl.db_supported_realms( kcontext, realms ); + kdb_unlock_lib_lock( dal_handle->lib_handle, FALSE ); + + clean_n_exit: + return status; +} + +krb5_error_code krb5_free_supported_realms ( krb5_context kcontext, + char **realms ) +{ + krb5_error_code status = 0; + kdb5_dal_handle *dal_handle; + + if( kcontext->db_context == NULL ) + { + status = kdb_setup_lib_handle( kcontext ); + if( status ) + { + goto clean_n_exit; + } + } + + dal_handle = (kdb5_dal_handle *) kcontext->db_context; + status = kdb_lock_lib_lock( dal_handle->lib_handle, FALSE ); + if( status ) + { + goto clean_n_exit; + } + + status = dal_handle->lib_handle->vftabl.db_free_supported_realms( kcontext, realms ); + kdb_unlock_lib_lock( dal_handle->lib_handle, FALSE ); + + clean_n_exit: + return status; +} + +krb5_error_code krb5_db_set_master_key_ext ( krb5_context kcontext, + char *pwd, + krb5_keyblock *key ) +{ + krb5_error_code status = 0; + kdb5_dal_handle *dal_handle; + + if( kcontext->db_context == NULL ) + { + status = kdb_setup_lib_handle( kcontext ); + if( status ) + { + goto clean_n_exit; + } + } + + dal_handle = (kdb5_dal_handle *) kcontext->db_context; + status = kdb_lock_lib_lock( dal_handle->lib_handle, FALSE ); + if( status ) + { + goto clean_n_exit; + } + + status = dal_handle->lib_handle->vftabl.set_master_key( kcontext, + pwd, + key ); + + kdb_unlock_lib_lock( dal_handle->lib_handle, FALSE ); + + + clean_n_exit: + return status; +} + +krb5_error_code krb5_db_set_mkey ( krb5_context context, + krb5_keyblock *key) +{ + return krb5_db_set_master_key_ext ( context, NULL, key ); +} + + +krb5_error_code krb5_db_get_mkey ( krb5_context kcontext, + krb5_keyblock **key ) +{ + krb5_error_code status = 0; + kdb5_dal_handle *dal_handle; + + if( kcontext->db_context == NULL ) + { + status = kdb_setup_lib_handle( kcontext ); + if( status ) + { + goto clean_n_exit; + } + } + + dal_handle = (kdb5_dal_handle *) kcontext->db_context; + status = kdb_lock_lib_lock( dal_handle->lib_handle, FALSE ); + if( status ) + { + goto clean_n_exit; + } + + /* lets use temp key and copy it later to avoid memory problems when freed by the caller */ + status = dal_handle->lib_handle->vftabl.get_master_key( kcontext, + key ); + kdb_unlock_lib_lock( dal_handle->lib_handle, FALSE ); + + clean_n_exit: + return status; +} + +krb5_error_code krb5_db_store_master_key ( krb5_context kcontext, + char *db_arg, + krb5_principal mname, + krb5_keyblock *key, + char *master_pwd) +{ + krb5_error_code status = 0; + kdb5_dal_handle *dal_handle; + + if( kcontext->db_context == NULL ) + { + status = kdb_setup_lib_handle( kcontext ); + if( status ) + { + goto clean_n_exit; + } + } + + dal_handle = (kdb5_dal_handle *) kcontext->db_context; + status = kdb_lock_lib_lock( dal_handle->lib_handle, FALSE ); + if( status ) + { + goto clean_n_exit; + } + + status = dal_handle->lib_handle->vftabl.store_master_key( kcontext, + db_arg, + mname, + key, + master_pwd); + kdb_unlock_lib_lock( dal_handle->lib_handle, FALSE ); + + clean_n_exit: + return status; +} + + +char *krb5_mkey_pwd_prompt1 = KRB5_KDC_MKEY_1; +char *krb5_mkey_pwd_prompt2 = KRB5_KDC_MKEY_2; + + +krb5_error_code krb5_db_fetch_mkey ( krb5_context context, + krb5_principal mname, + krb5_enctype etype, + krb5_boolean fromkeyboard, + krb5_boolean twice, + char *db_args, + krb5_data *salt, + krb5_keyblock *key) +{ + krb5_error_code retval; + char password[BUFSIZ]; + krb5_data pwd; + unsigned int size = sizeof(password); + int kvno; + krb5_keyblock tmp_key; + + memset( &tmp_key, 0, sizeof(tmp_key) ); + + if (fromkeyboard) { + krb5_data scratch; + + if ((retval = krb5_read_password(context, krb5_mkey_pwd_prompt1, + twice ? krb5_mkey_pwd_prompt2 : 0, + password, &size))) + { + goto clean_n_exit; + } + + pwd.data = password; + pwd.length = size; + if (!salt) { + retval = krb5_principal2salt(context, mname, &scratch); + if (retval) + goto clean_n_exit; + } + retval = krb5_c_string_to_key(context, etype, &pwd, salt?salt:&scratch, + key); + + if (!salt) + krb5_xfree(scratch.data); + memset(password, 0, sizeof(password)); /* erase it */ + + } else { + kdb5_dal_handle *dal_handle; + + if( context->db_context == NULL ) + { + retval = kdb_setup_lib_handle( context ); + if( retval ) + { + goto clean_n_exit; + } + } + + dal_handle = (kdb5_dal_handle *) context->db_context; + retval = kdb_lock_lib_lock( dal_handle->lib_handle, FALSE ); + if( retval ) + { + goto clean_n_exit; + } + + tmp_key.enctype = key->enctype; + retval = dal_handle->lib_handle->vftabl.fetch_master_key( context, + mname, + &tmp_key, + &kvno, + db_args); + kdb_unlock_lib_lock( dal_handle->lib_handle, FALSE ); + + if( retval ) + { + goto clean_n_exit; + } + + key->contents = malloc( tmp_key.length ); + if( key->contents == NULL ) + { + retval = ENOMEM; + goto clean_n_exit; + } + + key->magic = tmp_key.magic; + key->enctype = tmp_key.enctype; + key->length = tmp_key.length; + memcpy(key->contents, tmp_key.contents, tmp_key.length); + } + + clean_n_exit: + if( tmp_key.contents ) + { + memset( tmp_key.contents, 0, tmp_key.length ); + krb5_db_free( context, tmp_key.contents ); + } + return retval; +} + + +krb5_error_code krb5_db_verify_master_key ( krb5_context kcontext, + krb5_principal mprinc, + krb5_keyblock *mkey ) +{ + krb5_error_code status = 0; + kdb5_dal_handle *dal_handle; + + if( kcontext->db_context == NULL ) + { + status = kdb_setup_lib_handle( kcontext ); + if( status ) + { + goto clean_n_exit; + } + } + + dal_handle = (kdb5_dal_handle *) kcontext->db_context; + status = kdb_lock_lib_lock( dal_handle->lib_handle, FALSE ); + if( status ) + { + goto clean_n_exit; + } + + status = dal_handle->lib_handle->vftabl.verify_master_key( kcontext, + mprinc, + mkey ); + kdb_unlock_lib_lock( dal_handle->lib_handle, FALSE ); + + clean_n_exit: + return status; +} + + +void *krb5_db_alloc( krb5_context kcontext, + void *ptr, + size_t size ) +{ + krb5_error_code status; + kdb5_dal_handle *dal_handle; + void *new_ptr = NULL; + + if( kcontext->db_context == NULL ) + { + status = kdb_setup_lib_handle( kcontext ); + if( status ) + { + goto clean_n_exit; + } + } + + dal_handle = (kdb5_dal_handle *) kcontext->db_context; + + new_ptr = dal_handle->lib_handle->vftabl.db_alloc( kcontext, + ptr, + size ); + + clean_n_exit: + return new_ptr; +} + +void krb5_db_free( krb5_context kcontext, + void *ptr) +{ + krb5_error_code status; + kdb5_dal_handle *dal_handle; + + if( kcontext->db_context == NULL ) + { + status = kdb_setup_lib_handle( kcontext ); + if( status ) + { + goto clean_n_exit; + } + } + + dal_handle = (kdb5_dal_handle *) kcontext->db_context; + + dal_handle->lib_handle->vftabl.db_free( kcontext, + ptr ); + + clean_n_exit: + return; +} + +/* has to be modified */ + +krb5_error_code +krb5_dbe_find_enctype( krb5_context kcontext, + krb5_db_entry *dbentp, + krb5_int32 ktype, + krb5_int32 stype, + krb5_int32 kvno, + krb5_key_data **kdatap) +{ + krb5_int32 start = 0; + return krb5_dbe_search_enctype( kcontext, dbentp, &start, ktype, stype, kvno, kdatap ); +} + + +krb5_error_code krb5_dbe_search_enctype ( krb5_context kcontext, + krb5_db_entry *dbentp, + krb5_int32 *start, + krb5_int32 ktype, + krb5_int32 stype, + krb5_int32 kvno, + krb5_key_data **kdatap) +{ + krb5_error_code status = 0; + kdb5_dal_handle *dal_handle; + + if( kcontext->db_context == NULL ) + { + status = kdb_setup_lib_handle( kcontext ); + if( status ) + { + goto clean_n_exit; + } + } + + dal_handle = (kdb5_dal_handle *) kcontext->db_context; + status = kdb_lock_lib_lock( dal_handle->lib_handle, FALSE ); + if( status ) + { + goto clean_n_exit; + } + + status = dal_handle->lib_handle->vftabl.dbe_search_enctype( kcontext, + dbentp, + start, + ktype, + stype, + kvno, + kdatap ); + kdb_unlock_lib_lock( dal_handle->lib_handle, FALSE ); + + clean_n_exit: + return status; +} + + +#define REALM_SEP_STRING "@" + +krb5_error_code +krb5_db_setup_mkey_name ( krb5_context context, + const char *keyname, + const char *realm, + char **fullname, + krb5_principal *principal) +{ + krb5_error_code retval; + size_t keylen; + size_t rlen = strlen(realm); + char *fname; + + if (!keyname) + keyname = KRB5_KDB_M_NAME; /* XXX external? */ + + keylen = strlen(keyname); + + fname = malloc(keylen+rlen+strlen(REALM_SEP_STRING)+1); + if (!fname) + return ENOMEM; + + strcpy(fname, keyname); + strcat(fname, REALM_SEP_STRING); + strcat(fname, realm); + + if ((retval = krb5_parse_name(context, fname, principal))) + return retval; + if (fullname) + *fullname = fname; + else + free(fname); + return 0; +} + + + + +krb5_error_code +krb5_dbe_lookup_last_pwd_change(context, entry, stamp) + krb5_context context; + krb5_db_entry * entry; + krb5_timestamp * stamp; +{ + krb5_tl_data tl_data; + krb5_error_code code; + krb5_int32 tmp; + + tl_data.tl_data_type = KRB5_TL_LAST_PWD_CHANGE; + + if ((code = krb5_dbe_lookup_tl_data(context, entry, &tl_data))) + return(code); + + if (tl_data.tl_data_length != 4) { + *stamp = 0; + return(0); + } + + krb5_kdb_decode_int32(tl_data.tl_data_contents, tmp); + + *stamp = (krb5_timestamp) tmp; + + return(0); +} + +krb5_error_code +krb5_dbe_lookup_tl_data(context, entry, ret_tl_data) + krb5_context context; + krb5_db_entry * entry; + krb5_tl_data * ret_tl_data; +{ + krb5_tl_data *tl_data; + + for (tl_data = entry->tl_data; tl_data; tl_data = tl_data->tl_data_next) { + if (tl_data->tl_data_type == ret_tl_data->tl_data_type) { + *ret_tl_data = *tl_data; + return(0); + } + } + + /* if the requested record isn't found, return zero bytes. + if it ever means something to have a zero-length tl_data, + this code and its callers will have to be changed */ + + ret_tl_data->tl_data_length = 0; + ret_tl_data->tl_data_contents = NULL; + return(0); +} + +krb5_error_code +krb5_dbe_create_key_data(context, entry) + krb5_context context; + krb5_db_entry * entry; +{ + if ((entry->key_data = + (krb5_key_data *) krb5_db_alloc(context, entry->key_data, + (sizeof(krb5_key_data)* + (entry->n_key_data + 1)))) == NULL) + return(ENOMEM); + + + memset(entry->key_data + entry->n_key_data, 0, sizeof(krb5_key_data)); + entry->n_key_data++; + + return 0; +} + +krb5_error_code +krb5_dbe_update_mod_princ_data(context, entry, mod_date, mod_princ) + krb5_context context; + krb5_db_entry * entry; + krb5_timestamp mod_date; + krb5_const_principal mod_princ; +{ + krb5_tl_data tl_data; + + krb5_error_code retval = 0; + krb5_octet * nextloc = 0; + char * unparse_mod_princ = 0; + unsigned int unparse_mod_princ_size; + + if ((retval = krb5_unparse_name(context, mod_princ, + &unparse_mod_princ))) + return(retval); + + unparse_mod_princ_size = strlen(unparse_mod_princ) + 1; + + if ((nextloc = (krb5_octet *) malloc(unparse_mod_princ_size + 4)) + == NULL) { + free(unparse_mod_princ); + return(ENOMEM); + } + + tl_data.tl_data_type = KRB5_TL_MOD_PRINC; + tl_data.tl_data_length = unparse_mod_princ_size + 4; + tl_data.tl_data_contents = nextloc; + + /* Mod Date */ + krb5_kdb_encode_int32(mod_date, nextloc); + + /* Mod Princ */ + memcpy(nextloc+4, unparse_mod_princ, unparse_mod_princ_size); + + retval = krb5_dbe_update_tl_data(context, entry, &tl_data); + + free(unparse_mod_princ); + free(nextloc); + + return(retval); +} + +krb5_error_code +krb5_dbe_lookup_mod_princ_data(context, entry, mod_time, mod_princ) + krb5_context context; + krb5_db_entry * entry; + krb5_timestamp * mod_time; + krb5_principal * mod_princ; +{ + krb5_tl_data tl_data; + krb5_error_code code; + + tl_data.tl_data_type = KRB5_TL_MOD_PRINC; + + if ((code = krb5_dbe_lookup_tl_data(context, entry, &tl_data))) + return(code); + + if ((tl_data.tl_data_length < 5) || + (tl_data.tl_data_contents[tl_data.tl_data_length-1] != '\0')) + return(KRB5_KDB_TRUNCATED_RECORD); + + /* Mod Date */ + krb5_kdb_decode_int32(tl_data.tl_data_contents, *mod_time); + + /* Mod Princ */ + if ((code = krb5_parse_name(context, + (const char *) (tl_data.tl_data_contents+4), + mod_princ))) + return(code); + + return(0); +} + + +krb5_error_code +krb5_dbe_update_last_pwd_change(context, entry, stamp) + krb5_context context; + krb5_db_entry * entry; + krb5_timestamp stamp; +{ + krb5_tl_data tl_data; + krb5_octet buf[4]; /* this is the encoded size of an int32 */ + + tl_data.tl_data_type = KRB5_TL_LAST_PWD_CHANGE; + tl_data.tl_data_length = sizeof(buf); + krb5_kdb_encode_int32((krb5_int32) stamp, buf); + tl_data.tl_data_contents = buf; + + return(krb5_dbe_update_tl_data(context, entry, &tl_data)); +} + + +krb5_error_code +krb5_dbe_update_tl_data(context, entry, new_tl_data) + krb5_context context; + krb5_db_entry * entry; + krb5_tl_data * new_tl_data; +{ + krb5_tl_data * tl_data = NULL; + krb5_octet * tmp; + + /* copy the new data first, so we can fail cleanly if malloc() + fails */ + if ((tmp = (krb5_octet *) krb5_db_alloc(context, NULL, new_tl_data->tl_data_length)) == NULL) + return(ENOMEM); + + /* Find an existing entry of the specified type and point at + it, or NULL if not found */ + + if( new_tl_data->tl_data_type != KRB5_TL_DB_ARGS ) /* db_args can be multiple */ + { + for (tl_data = entry->tl_data; tl_data; tl_data = tl_data->tl_data_next) + if (tl_data->tl_data_type == new_tl_data->tl_data_type) + break; + } + + /* if necessary, chain a new record in the beginning and point at it */ + + if (!tl_data) { + if ((tl_data = (krb5_tl_data *) krb5_db_alloc(context, NULL, sizeof(krb5_tl_data))) + == NULL) { + free(tmp); + return(ENOMEM); + } + memset( tl_data, 0, sizeof(krb5_tl_data)); + tl_data->tl_data_next = entry->tl_data; + entry->tl_data = tl_data; + entry->n_tl_data++; + } + + /* fill in the record */ + + if (tl_data->tl_data_contents) + krb5_db_free(context, tl_data->tl_data_contents); + + tl_data->tl_data_type = new_tl_data->tl_data_type; + tl_data->tl_data_length = new_tl_data->tl_data_length; + tl_data->tl_data_contents = tmp; + memcpy(tmp, new_tl_data->tl_data_contents, tl_data->tl_data_length); + + return(0); +} + + + +/* change password functions */ +krb5_error_code +krb5_dbe_cpw( krb5_context kcontext, + krb5_keyblock * master_key, + krb5_key_salt_tuple * ks_tuple, + int ks_tuple_count, + char * passwd, + int new_kvno, + krb5_boolean keepold, + krb5_db_entry * db_entry) +{ + krb5_error_code status = 0; + kdb5_dal_handle *dal_handle; + + if( kcontext->db_context == NULL ) + { + status = kdb_setup_lib_handle( kcontext ); + if( status ) + { + goto clean_n_exit; + } + } + + dal_handle = (kdb5_dal_handle *) kcontext->db_context; + status = kdb_lock_lib_lock( dal_handle->lib_handle, FALSE ); + if( status ) + { + goto clean_n_exit; + } + + status = dal_handle->lib_handle->vftabl.db_change_pwd( kcontext, + master_key, + ks_tuple, + ks_tuple_count, + passwd, + new_kvno, + keepold, + db_entry ); + kdb_unlock_lib_lock( dal_handle->lib_handle, FALSE ); + + clean_n_exit: + return status; +} + + +/* policy management functions */ +krb5_error_code krb5_db_create_policy( krb5_context kcontext, osa_policy_ent_t policy) +{ + krb5_error_code status = 0; + kdb5_dal_handle *dal_handle; + + if( kcontext->db_context == NULL ) + { + status = kdb_setup_lib_handle( kcontext ); + if( status ) + { + goto clean_n_exit; + } + } + + dal_handle = (kdb5_dal_handle *) kcontext->db_context; + status = kdb_lock_lib_lock( dal_handle->lib_handle, FALSE ); + if( status ) + { + goto clean_n_exit; + } + + status = dal_handle->lib_handle->vftabl.db_create_policy(kcontext, policy); + kdb_unlock_lib_lock( dal_handle->lib_handle, FALSE ); + + clean_n_exit: + return status; +} + +krb5_error_code krb5_db_get_policy ( krb5_context kcontext, char *name, osa_policy_ent_t *policy, int *cnt) +{ + krb5_error_code status = 0; + kdb5_dal_handle *dal_handle; + + if( kcontext->db_context == NULL ) + { + status = kdb_setup_lib_handle( kcontext ); + if( status ) + { + goto clean_n_exit; + } + } + + dal_handle = (kdb5_dal_handle *) kcontext->db_context; + status = kdb_lock_lib_lock( dal_handle->lib_handle, FALSE ); + if( status ) + { + goto clean_n_exit; + } + + status = dal_handle->lib_handle->vftabl.db_get_policy(kcontext, name, policy, cnt); + kdb_unlock_lib_lock( dal_handle->lib_handle, FALSE ); + + clean_n_exit: + return status; +} + +krb5_error_code krb5_db_put_policy( krb5_context kcontext, osa_policy_ent_t policy) +{ + krb5_error_code status = 0; + kdb5_dal_handle *dal_handle; + + if( kcontext->db_context == NULL ) + { + status = kdb_setup_lib_handle( kcontext ); + if( status ) + { + goto clean_n_exit; + } + } + + dal_handle = (kdb5_dal_handle *) kcontext->db_context; + status = kdb_lock_lib_lock( dal_handle->lib_handle, FALSE ); + if( status ) + { + goto clean_n_exit; + } + + status = dal_handle->lib_handle->vftabl.db_put_policy(kcontext, policy); + kdb_unlock_lib_lock( dal_handle->lib_handle, FALSE ); + + clean_n_exit: + return status; +} + +krb5_error_code krb5_db_iter_policy( krb5_context kcontext, char *match_entry, osa_adb_iter_policy_func func, void *data) +{ + krb5_error_code status = 0; + kdb5_dal_handle *dal_handle; + + if( kcontext->db_context == NULL ) + { + status = kdb_setup_lib_handle( kcontext ); + if( status ) + { + goto clean_n_exit; + } + } + + dal_handle = (kdb5_dal_handle *) kcontext->db_context; + status = kdb_lock_lib_lock( dal_handle->lib_handle, FALSE ); + if( status ) + { + goto clean_n_exit; + } + + status = dal_handle->lib_handle->vftabl.db_iter_policy(kcontext, match_entry, func, data); + kdb_unlock_lib_lock( dal_handle->lib_handle, FALSE ); + + clean_n_exit: + return status; +} + +krb5_error_code krb5_db_delete_policy( krb5_context kcontext, char *policy) +{ + krb5_error_code status = 0; + kdb5_dal_handle *dal_handle; + + if( kcontext->db_context == NULL ) + { + status = kdb_setup_lib_handle( kcontext ); + if( status ) + { + goto clean_n_exit; + } + } + + dal_handle = (kdb5_dal_handle *) kcontext->db_context; + status = kdb_lock_lib_lock( dal_handle->lib_handle, FALSE ); + if( status ) + { + goto clean_n_exit; + } + + status = dal_handle->lib_handle->vftabl.db_delete_policy(kcontext, policy); + kdb_unlock_lib_lock( dal_handle->lib_handle, FALSE ); + + clean_n_exit: + return status; +} + +void krb5_db_free_policy( krb5_context kcontext, osa_policy_ent_t policy) +{ + krb5_error_code status = 0; + kdb5_dal_handle *dal_handle; + + if( kcontext->db_context == NULL ) + { + status = kdb_setup_lib_handle( kcontext ); + if( status ) + { + goto clean_n_exit; + } + } + + dal_handle = (kdb5_dal_handle *) kcontext->db_context; + status = kdb_lock_lib_lock( dal_handle->lib_handle, FALSE ); + if( status ) + { + goto clean_n_exit; + } + + dal_handle->lib_handle->vftabl.db_free_policy(kcontext, policy); + kdb_unlock_lib_lock( dal_handle->lib_handle, FALSE ); + + clean_n_exit: + return; +} + diff --git a/src/lib/kdb/kdb5.h b/src/lib/kdb/kdb5.h new file mode 100644 index 000000000..93b594a52 --- /dev/null +++ b/src/lib/kdb/kdb5.h @@ -0,0 +1,219 @@ +#ifndef _KRB5_KDB5_H_ +#define _KRB5_KDB5_H_ + +#if HAVE_UNISTD_H +#include +#endif + +#include +#include +#include +#include +#include "err_handle.h" + +#define KDB_MAX_DB_NAME 128 +#define KDB_REALM_SECTION "realms" +#define KDB_MODULE_POINTER "database_module" +#define KDB_MODULE_SECTION "db_modules" +#define KDB_LIB_POINTER "db_library" +#define KDB_DATABASE_CONF_FILE DEFAULT_SECURE_PROFILE_PATH +#define KDB_DATABASE_ENV_PROF KDC_PROFILE_ENV + +#define KRB5_KDB_OPEN_RW 0 +#define KRB5_KDB_OPEN_RO 1 + +#define KRB5_KDB_OPT_SET_DB_NAME 0 +#define KRB5_KDB_OPT_SET_LOCK_MODE 1 + +#define KRB5_DB_GET_DB_CONTEXT(kcontext) ( ((kdb5_dal_handle*) (kcontext)->db_context)->db_context ) +#define KRB5_DB_GET_PROFILE(kcontext) ( (kcontext)->profile ) +#define KRB5_DB_GET_REALM(kcontext) ( (kcontext)->default_realm ) + +#ifndef KRB5_DB_LOCKMODE_SHARED +#define KRB5_DB_LOCKMODE_SHARED 0x0001 +#endif + +#ifndef KRB5_DB_LOCKMODE_EXCLUSIVE +#define KRB5_DB_LOCKMODE_EXCLUSIVE 0x0002 +#endif + +#ifndef KRB5_DB_LOCKMODE_DONTBLOCK +#define KRB5_DB_LOCKMODE_DONTBLOCK 0x0004 +#endif + +#ifndef KRB5_DB_LOCKMODE_PERMANENT +#define KRB5_DB_LOCKMODE_PERMANENT 0x0008 +#endif + +typedef struct _kdb_vftabl{ + short int maj_ver; + short int min_ver; + + short int is_thread_safe; + + krb5_error_code (*init_library)(krb5_set_err_func_t); + krb5_error_code (*fini_library)(); + krb5_error_code (*init_module) ( krb5_context kcontext, + char * conf_section, + char ** db_args, + int mode ); + + krb5_error_code (*fini_module) ( krb5_context kcontext ); + + krb5_error_code (*db_create) ( krb5_context kcontext, + char * conf_section, + char ** db_args ); + + krb5_error_code (*db_destroy) ( krb5_context kcontext, + char *conf_section, + char ** db_args ); + + krb5_error_code (*db_get_age) ( krb5_context kcontext, + char *db_name, + time_t *age ); + + krb5_error_code (*db_set_option) ( krb5_context kcontext, + int option, + void *value ); + + krb5_error_code (*db_lock) ( krb5_context kcontext, + int mode ); + + krb5_error_code (*db_unlock) ( krb5_context kcontext); + + krb5_error_code (*db_get_principal) ( krb5_context kcontext, + krb5_const_principal search_for, + krb5_db_entry *entries, + int *nentries, + krb5_boolean *more ); + + krb5_error_code (*db_free_principal) ( krb5_context kcontext, + krb5_db_entry *entry, + int count ); + + krb5_error_code (*db_put_principal) ( krb5_context kcontext, + krb5_db_entry *entries, + int *nentries, + char **db_args); + + krb5_error_code (*db_delete_principal) ( krb5_context kcontext, + krb5_const_principal search_for, + int *nentries ); + + krb5_error_code (*db_iterate) ( krb5_context kcontext, + char *match_entry, + int (*func) (krb5_pointer, krb5_db_entry *), + krb5_pointer func_arg ); + + krb5_error_code (*db_create_policy) ( krb5_context kcontext, + osa_policy_ent_t policy ); + + krb5_error_code (*db_get_policy) ( krb5_context kcontext, + char *name, + osa_policy_ent_t *policy, + int *cnt); + + krb5_error_code (*db_put_policy) ( krb5_context kcontext, + osa_policy_ent_t policy ); + + krb5_error_code (*db_iter_policy) ( krb5_context kcontext, + char *match_entry, + osa_adb_iter_policy_func func, + void *data ); + + + krb5_error_code (*db_delete_policy) ( krb5_context kcontext, + char *policy ); + + void (*db_free_policy) ( krb5_context kcontext, + osa_policy_ent_t val ); + + krb5_error_code (*db_supported_realms) ( krb5_context kcontext, + char **realms ); + + krb5_error_code (*db_free_supported_realms) ( krb5_context kcontext, + char **realms ); + + + const char * (*errcode_2_string) ( krb5_context kcontext, + long err_code ); + + void * (*db_alloc) (krb5_context kcontext, void *ptr, size_t size); + void (*db_free) (krb5_context kcontext, void *ptr); + + + + /* optional functions */ + krb5_error_code (*set_master_key) ( krb5_context kcontext, + char *pwd, + krb5_keyblock *key); + + krb5_error_code (*get_master_key) ( krb5_context kcontext, + krb5_keyblock **key); + + + krb5_error_code (*setup_master_key_name) ( krb5_context kcontext, + char *keyname, + char *realm, + char **fullname, + krb5_principal *principal); + + krb5_error_code (*store_master_key) ( krb5_context kcontext, + char *db_arg, + krb5_principal mname, + krb5_keyblock *key, + char *master_pwd); + + krb5_error_code (*fetch_master_key) ( krb5_context kcontext, + krb5_principal mname, + krb5_keyblock *key, + int *kvno, + char *db_args); + + krb5_error_code (*verify_master_key) ( krb5_context kcontext, + krb5_principal mprinc, + krb5_keyblock *mkey ); + + krb5_error_code (*dbe_search_enctype) ( krb5_context kcontext, + krb5_db_entry *dbentp, + krb5_int32 *start, + krb5_int32 ktype, + krb5_int32 stype, + krb5_int32 kvno, + krb5_key_data **kdatap); + + + krb5_error_code + (*db_change_pwd) ( krb5_context context, + krb5_keyblock * master_key, + krb5_key_salt_tuple * ks_tuple, + int ks_tuple_count, + char * passwd, + int new_kvno, + krb5_boolean keepold, + krb5_db_entry * db_entry); + +} kdb_vftabl; + +typedef struct _db_library { + char name[KDB_MAX_DB_NAME]; + int reference_cnt; +#ifdef HAVE_PTHREAD_H + pthread_mutex_t lib_lock; + pthread_cond_t unlocked; /* To check whether some one has called db_unlock */ + int recursive_cnt; /* this is used as lock to help recursive locking */ + pthread_t lock_holder; + int excl; +#endif + void *dl_handle; + kdb_vftabl vftabl; + struct _db_library *next, *prev; +} *db_library; + +typedef struct _kdb5_dal_handle +{ + void *db_context; /* helps us to change db_library without affecting modules to some extend */ + db_library lib_handle; +} kdb5_dal_handle; + +#endif /* end of _KRB5_KDB5_H_ */ diff --git a/src/lib/kdb/kdb_cpw.c b/src/lib/kdb/kdb_cpw.c index 962a2b540..f873a3945 100644 --- a/src/lib/kdb/kdb_cpw.c +++ b/src/lib/kdb/kdb_cpw.c @@ -52,7 +52,6 @@ */ #include "k5-int.h" -#include "krb5/adm.h" #include #include @@ -86,11 +85,11 @@ cleanup_key_data(context, count, data) for (i = 0; i < count; i++) { for (j = 0; j < data[i].key_data_ver; j++) { if (data[i].key_data_length[j]) { - free(data[i].key_data_contents[j]); + krb5_db_free(context, data[i].key_data_contents[j]); } } } - free(data); + krb5_db_free(context, data); } static krb5_error_code @@ -106,8 +105,13 @@ add_key_rnd(context, master_key, ks_tuple, ks_tuple_count, db_entry, kvno) krb5_keyblock key; krb5_db_entry krbtgt_entry; krb5_boolean more; - int max_kvno, one, i, j; + int max_kvno, one, i, j, k; krb5_error_code retval; + krb5_key_data tmp_key_data; + krb5_key_data *tptr; + + memset( &tmp_key_data, 0, sizeof(tmp_key_data)); + retval = krb5_build_principal_ext(context, &krbtgt_princ, db_entry->princ->realm.length, @@ -176,19 +180,59 @@ add_key_rnd(context, master_key, ks_tuple, ks_tuple_count, db_entry, kvno) &key))) goto add_key_rnd_err; + + /* db library will free this. Since, its a so, it could actually be using different memory management + function. So, its better if the memory is allocated by the db's malloc. So, a temporary memory is used + here which will later be copied to the db_entry */ retval = krb5_dbekd_encrypt_key_data(context, master_key, &key, NULL, kvno, - &db_entry->key_data[db_entry->n_key_data-1]); + &tmp_key_data); krb5_free_keyblock_contents(context, &key); - - if (retval) + if( retval ) goto add_key_rnd_err; + + tptr = &db_entry->key_data[db_entry->n_key_data-1]; + + tptr->key_data_ver = tmp_key_data.key_data_ver; + tptr->key_data_kvno = tmp_key_data.key_data_kvno; + + for( k = 0; k < tmp_key_data.key_data_ver; k++ ) + { + tptr->key_data_type[k] = tmp_key_data.key_data_type[k]; + tptr->key_data_length[k] = tmp_key_data.key_data_length[k]; + if( tmp_key_data.key_data_contents[k] ) + { + tptr->key_data_contents[k] = krb5_db_alloc(context, NULL, tmp_key_data.key_data_length[k]); + if( tptr->key_data_contents[k] == NULL ) + { + cleanup_key_data(context, db_entry->n_key_data, db_entry->key_data); + db_entry->key_data = NULL; + db_entry->n_key_data = 0; + retval = ENOMEM; + goto add_key_rnd_err; + } + memcpy( tptr->key_data_contents[k], tmp_key_data.key_data_contents[k], tmp_key_data.key_data_length[k]); + + memset( tmp_key_data.key_data_contents[k], 0, tmp_key_data.key_data_length[k]); + free( tmp_key_data.key_data_contents[k] ); + tmp_key_data.key_data_contents[k] = NULL; + } + } + } add_key_rnd_err: krb5_db_free_principal(context, &krbtgt_entry, one); + for( i = 0; i < tmp_key_data.key_data_ver; i++ ) + { + if( tmp_key_data.key_data_contents[i] ) + { + memset( tmp_key_data.key_data_contents[i], 0, tmp_key_data.key_data_length[i]); + free( tmp_key_data.key_data_contents[i] ); + } + } return(retval); } @@ -242,6 +286,7 @@ krb5_dbe_crk(context, master_key, ks_tuple, ks_tuple_count, keepold, db_entry) db_entry->key_data[i+n_new_key_data] = key_data[i]; memset(&key_data[i], 0, sizeof(krb5_key_data)); } + krb5_db_free(context, key_data); /* we moved the cotents to new memory. But, the original block which contained the data */ } else { cleanup_key_data(context, key_data_count, key_data); } @@ -321,7 +366,11 @@ add_key_pwd(context, master_key, ks_tuple, ks_tuple_count, passwd, krb5_keysalt key_salt; krb5_keyblock key; krb5_data pwd; - int i, j; + int i, j, k; + krb5_key_data tmp_key_data; + krb5_key_data *tptr; + + memset( &tmp_key_data, 0, sizeof(tmp_key_data)); retval = 0; @@ -424,18 +473,56 @@ add_key_pwd(context, master_key, ks_tuple, ks_tuple_count, passwd, key_salt.data.length = krb5_princ_realm(context, db_entry->princ)->length; - if ((retval = krb5_dbekd_encrypt_key_data(context, master_key, &key, - (const krb5_keysalt *)&key_salt, - kvno, &db_entry->key_data[db_entry->n_key_data-1]))) { - if (key_salt.data.data) - free(key_salt.data.data); - krb5_xfree(key.contents); - return(retval); - } + /* memory allocation to be done by db. So, use temporary block and later copy + it to the memory allocated by db */ + retval = krb5_dbekd_encrypt_key_data(context, master_key, &key, + (const krb5_keysalt *)&key_salt, + kvno, &tmp_key_data); if (key_salt.data.data) - free(key_salt.data.data); + free(key_salt.data.data); krb5_xfree(key.contents); + + if( retval ) + return retval; + + tptr = &db_entry->key_data[db_entry->n_key_data-1]; + + tptr->key_data_ver = tmp_key_data.key_data_ver; + tptr->key_data_kvno = tmp_key_data.key_data_kvno; + + for( k = 0; k < tmp_key_data.key_data_ver; k++ ) + { + tptr->key_data_type[k] = tmp_key_data.key_data_type[k]; + tptr->key_data_length[k] = tmp_key_data.key_data_length[k]; + if( tmp_key_data.key_data_contents[k] ) + { + tptr->key_data_contents[k] = krb5_db_alloc(context, NULL, tmp_key_data.key_data_length[k]); + if( tptr->key_data_contents[k] == NULL ) + { + cleanup_key_data(context, db_entry->n_key_data, db_entry->key_data); + db_entry->key_data = NULL; + db_entry->n_key_data = 0; + retval = ENOMEM; + goto add_key_pwd_err; + } + memcpy( tptr->key_data_contents[k], tmp_key_data.key_data_contents[k], tmp_key_data.key_data_length[k]); + + memset( tmp_key_data.key_data_contents[k], 0, tmp_key_data.key_data_length[k]); + free( tmp_key_data.key_data_contents[k] ); + tmp_key_data.key_data_contents[k] = NULL; + } + } + } + add_key_pwd_err: + for( i = 0; i < tmp_key_data.key_data_ver; i++ ) + { + if( tmp_key_data.key_data_contents[i] ) + { + memset( tmp_key_data.key_data_contents[i], 0, tmp_key_data.key_data_length[i]); + free( tmp_key_data.key_data_contents[i] ); + } } + return(retval); } @@ -446,7 +533,7 @@ add_key_pwd(context, master_key, ks_tuple, ks_tuple_count, passwd, * As a side effect all old keys are nuked if keepold is false. */ krb5_error_code -krb5_dbe_cpw(context, master_key, ks_tuple, ks_tuple_count, passwd, +krb5_dbe_def_cpw(context, master_key, ks_tuple, ks_tuple_count, passwd, new_kvno, keepold, db_entry) krb5_context context; krb5_keyblock * master_key; @@ -495,6 +582,7 @@ krb5_dbe_cpw(context, master_key, ks_tuple, ks_tuple_count, passwd, db_entry->key_data[i+n_new_key_data] = key_data[i]; memset(&key_data[i], 0, sizeof(krb5_key_data)); } + krb5_db_free( context, key_data ); } else { cleanup_key_data(context, key_data_count, key_data); } @@ -556,3 +644,5 @@ krb5_dbe_apw(context, master_key, ks_tuple, ks_tuple_count, passwd, db_entry) } return(retval); } + + diff --git a/src/lib/kdb/kdb_db2/ChangeLog b/src/lib/kdb/kdb_db2/ChangeLog new file mode 100644 index 000000000..6ebc2a0e8 --- /dev/null +++ b/src/lib/kdb/kdb_db2/ChangeLog @@ -0,0 +1,17 @@ +2005-06-20 Ken Raeburn + + Novell merge. + * Makefile.in: + * adb_openclose.c: + * adb_policy.c: + * configure.in: + * db2_exp.c: + * kdb_compat.h: + * kdb_db2.c: + * kdb_db2.h: + * kdb_xdr.c: + * kdb_xdr.h: + * libkdb_db2.exports: + * pol_xdr.c: + * policy_db.h: + diff --git a/src/lib/kdb/kdb_db2/Makefile.in b/src/lib/kdb/kdb_db2/Makefile.in new file mode 100644 index 000000000..ebd39f0c7 --- /dev/null +++ b/src/lib/kdb/kdb_db2/Makefile.in @@ -0,0 +1,150 @@ +thisconfigdir=. +myfulldir=lib/kdb/kdb_db2 +mydir=. +BUILDTOP=$(REL)..$(S)..$(S).. +KRB5_RUN_ENV = @KRB5_RUN_ENV@ +KRB5_CONFIG_SETUP = KRB5_CONFIG=$(SRCTOP)/config-files/krb5.conf ; export KRB5_CONFIG ; +PROG_LIBPATH=-L$(TOPLIBD) +PROG_RPATH=$(KRB5_LIBDIR) + +LOCALINCLUDES = -I.. + +LIBBASE=kdb_db2 +LIB=$(LIBBASE) +LIBMAJOR=4 +LIBMINOR=0 +RELDIR=kdb/kdb_db2 +SO_EXT=.so +# Depends on libk5crypto and libkrb5 + +SHLIB_EXPDEPS = \ + $(TOPLIBD)/libk5crypto$(SHLIBEXT) \ + $(TOPLIBD)/libkrb5$(SHLIBEXT) +SHLIB_EXPLIBS=-lkrb5 -lcom_err -lk5crypto $(KDB5_DB_LIB) $(LIBS) +SHLIB_DIRS=-L$(TOPLIBD) +SHLIB_RDIRS=$(KRB5_LIBDIR) + +DBDIR = $(BUILDTOP)/util/db2 +DBOBJLISTS = $(DBOBJLISTS-@DB_VERSION@) +DBOBJLISTS-sys = +DBOBJLISTS-k5 = $(DBDIR)/hash/OBJS.ST $(DBDIR)/btree/OBJS.ST \ + $(DBDIR)/db/OBJS.ST $(DBDIR)/mpool/OBJS.ST $(DBDIR)/recno/OBJS.ST \ + $(DBDIR)/clib/OBJS.ST + +all:: lib$(LIB)$(SO_EXT) + +SRCS= \ + $(srcdir)/kdb_xdr.c \ + $(srcdir)/adb_openclose.c \ + $(srcdir)/adb_policy.c \ + $(srcdir)/kdb_db2.c \ + $(srcdir)/pol_xdr.c \ + $(srcdir)/db2_exp.c + +STOBJLISTS=OBJS.ST $(DBOBJLISTS) +STLIBOBJS= \ + kdb_xdr.o \ + adb_openclose.o \ + adb_policy.o \ + kdb_db2.o \ + pol_xdr.o \ + db2_exp.o + +all-unix:: all-liblinks +install-unix:: install-libs +clean-unix:: clean-liblinks clean-libs clean-libobjs + +lib$(LIB)$(SO_EXT): db2_exp.o # lib$(LIB)$(STLIBEXT) + $(CC) -shared -o $@ -L$(TOPLIBD) $^ -lgssrpc -ldb $(SHLIB_EXPLIBS) + +clean:: + $(RM) lib$(LIB)$(SO_EXT) db2_exp.o + + +t_kdb: t_kdb.o $(OBJS) $(KDB5_DEPLIBS) $(KRB5_BASE_DEPLIBS) + $(CC_LINK) -o t_kdb t_kdb.o $(OBJS) $(KDB5_LIBS) $(KRB5_BASE_LIBS) + +check:: t_kdb + $(RM) test_db + $(KRB5_CONFIG_SETUP) $(KRB5_RUN_ENV) ./t_kdb -tcv + $(KRB5_CONFIG_SETUP) $(KRB5_RUN_ENV) ./t_kdb -tcvr + +clean:: + $(RM) t_kdb t_kdb.o + + +adb_openclose.c adb_policy.c : ../adb_err.h + +# @lib_frag@ +# @libobj_frag@ + +# +++ Dependency line eater +++ +# +# Makefile dependencies follow. This must be the last section in +# the Makefile.in file +# +kdb_xdr.so kdb_xdr.po $(OUTPRE)kdb_xdr.$(OBJEXT): kdb_xdr.c \ + $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/krb5/osconf.h \ + $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/k5-platform.h \ + $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/k5-thread.h \ + $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h \ + $(SRCTOP)/include/port-sockets.h $(BUILDTOP)/include/krb5/autoconf.h \ + $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \ + kdb_xdr.h +adb_openclose.so adb_openclose.po $(OUTPRE)adb_openclose.$(OBJEXT): \ + adb_openclose.c $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/krb5/osconf.h \ + $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/k5-platform.h \ + $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/k5-thread.h \ + $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h \ + $(SRCTOP)/include/port-sockets.h $(BUILDTOP)/include/krb5/autoconf.h \ + $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \ + policy_db.h $(SRCTOP)/include/krb5/kdb.h $(DB_DEPS) \ + $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/gssrpc/rename.h \ + $(BUILDTOP)/include/gssrpc/xdr.h ../adb_err.h +adb_policy.so adb_policy.po $(OUTPRE)adb_policy.$(OBJEXT): \ + adb_policy.c policy_db.h $(SRCTOP)/include/k5-int.h \ + $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \ + $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5/autoconf.h \ + $(SRCTOP)/include/k5-thread.h $(BUILDTOP)/include/krb5.h \ + $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \ + $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/socket-utils.h \ + $(SRCTOP)/include/krb5/kdb.h $(SRCTOP)/include/krb5/kdb.h \ + $(DB_DEPS) $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/gssrpc/rename.h \ + $(BUILDTOP)/include/gssrpc/xdr.h ../adb_err.h +kdb_db2.so kdb_db2.po $(OUTPRE)kdb_db2.$(OBJEXT): kdb_db2.c \ + $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/krb5/osconf.h \ + $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/k5-platform.h \ + $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/k5-thread.h \ + $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h \ + $(SRCTOP)/include/port-sockets.h $(BUILDTOP)/include/krb5/autoconf.h \ + $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \ + $(DB_DEPS) $(srcdir)/../kdb5.h $(SRCTOP)/include/k5-int.h \ + $(srcdir)/../err_handle.h kdb_db2.h policy_db.h $(SRCTOP)/include/krb5/kdb.h \ + $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/gssrpc/rename.h \ + $(BUILDTOP)/include/gssrpc/xdr.h ../adb_err.h kdb_xdr.h \ + kdb_compat.h +pol_xdr.so pol_xdr.po $(OUTPRE)pol_xdr.$(OBJEXT): pol_xdr.c \ + $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(BUILDTOP)/include/gssrpc/rpc.h \ + $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/gssrpc/rename.h \ + $(BUILDTOP)/include/gssrpc/xdr.h $(BUILDTOP)/include/gssrpc/auth.h \ + $(BUILDTOP)/include/gssrpc/clnt.h $(BUILDTOP)/include/gssrpc/rpc_msg.h \ + $(BUILDTOP)/include/gssrpc/auth_unix.h $(BUILDTOP)/include/gssrpc/auth_gss.h \ + $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/svc_auth.h \ + $(BUILDTOP)/include/gssrpc/svc.h $(SRCTOP)/include/krb5/kdb.h \ + policy_db.h $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/krb5/osconf.h \ + $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/k5-platform.h \ + $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/k5-thread.h \ + $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \ + $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/socket-utils.h \ + $(SRCTOP)/include/krb5/kdb.h $(DB_DEPS) ../adb_err.h +db2_exp.so db2_exp.po $(OUTPRE)db2_exp.$(OBJEXT): db2_exp.c \ + $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/krb5/osconf.h \ + $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/k5-platform.h \ + $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/k5-thread.h \ + $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h \ + $(SRCTOP)/include/port-sockets.h $(BUILDTOP)/include/krb5/autoconf.h \ + $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \ + $(DB_DEPS) $(srcdir)/../kdb5.h $(SRCTOP)/include/k5-int.h \ + $(srcdir)/../err_handle.h kdb_db2.h policy_db.h $(SRCTOP)/include/krb5/kdb.h \ + $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/gssrpc/rename.h \ + $(BUILDTOP)/include/gssrpc/xdr.h ../adb_err.h kdb_xdr.h diff --git a/src/lib/kadm5/srv/adb_openclose.c b/src/lib/kdb/kdb_db2/adb_openclose.c similarity index 89% rename from src/lib/kadm5/srv/adb_openclose.c rename to src/lib/kdb/kdb_db2/adb_openclose.c index 7bb671e9c..97ce1123b 100644 --- a/src/lib/kadm5/srv/adb_openclose.c +++ b/src/lib/kdb/kdb_db2/adb_openclose.c @@ -11,8 +11,10 @@ static char *rcsid = "$Header$"; #include #include #include -#include "adb.h" +#include +#include "policy_db.h" #include +#include #define MAX_LOCK_TRIES 5 @@ -21,8 +23,8 @@ struct _locklist { struct _locklist *next; }; -osa_adb_ret_t osa_adb_create_db(char *filename, char *lockfilename, - int magic) +krb5_error_code osa_adb_create_db(char *filename, char *lockfilename, + int magic) { int lf; DB *db; @@ -51,7 +53,7 @@ osa_adb_ret_t osa_adb_create_db(char *filename, char *lockfilename, return OSA_ADB_OK; } -osa_adb_ret_t osa_adb_destroy_db(char *filename, char *lockfilename, +krb5_error_code osa_adb_destroy_db(char *filename, char *lockfilename, int magic) { /* the admin databases do not contain security-critical data */ @@ -61,11 +63,11 @@ osa_adb_ret_t osa_adb_destroy_db(char *filename, char *lockfilename, return OSA_ADB_OK; } -osa_adb_ret_t osa_adb_rename_db(char *filefrom, char *lockfrom, +krb5_error_code osa_adb_rename_db(char *filefrom, char *lockfrom, char *fileto, char *lockto, int magic) { osa_adb_db_t fromdb, todb; - osa_adb_ret_t ret; + krb5_error_code ret; /* make sure todb exists */ if ((ret = osa_adb_create_db(fileto, lockto, magic)) && @@ -78,12 +80,12 @@ osa_adb_ret_t osa_adb_rename_db(char *filefrom, char *lockfrom, (void) osa_adb_fini_db(fromdb, magic); return ret; } - if ((ret = osa_adb_get_lock(fromdb, OSA_ADB_PERMANENT))) { + if ((ret = osa_adb_get_lock(fromdb, KRB5_DB_LOCKMODE_PERMANENT))) { (void) osa_adb_fini_db(fromdb, magic); (void) osa_adb_fini_db(todb, magic); return ret; } - if ((ret = osa_adb_get_lock(todb, OSA_ADB_PERMANENT))) { + if ((ret = osa_adb_get_lock(todb, KRB5_DB_LOCKMODE_PERMANENT))) { (void) osa_adb_fini_db(fromdb, magic); (void) osa_adb_fini_db(todb, magic); return ret; @@ -108,7 +110,7 @@ osa_adb_ret_t osa_adb_rename_db(char *filefrom, char *lockfrom, return 0; } -osa_adb_ret_t osa_adb_init_db(osa_adb_db_t *dbp, char *filename, +krb5_error_code osa_adb_init_db(osa_adb_db_t *dbp, char *filename, char *lockfilename, int magic) { osa_adb_db_t db; @@ -188,7 +190,7 @@ osa_adb_ret_t osa_adb_init_db(osa_adb_db_t *dbp, char *filename, if (lockp->lockinfo.lockfile == NULL) { if ((code = krb5_init_context(&lockp->lockinfo.context))) { free(db); - return((osa_adb_ret_t) code); + return((krb5_error_code) code); } /* @@ -223,7 +225,7 @@ osa_adb_ret_t osa_adb_init_db(osa_adb_db_t *dbp, char *filename, return OSA_ADB_OK; } -osa_adb_ret_t osa_adb_fini_db(osa_adb_db_t db, int magic) +krb5_error_code osa_adb_fini_db(osa_adb_db_t db, int magic) { if (db->magic != magic) return EINVAL; @@ -242,7 +244,7 @@ osa_adb_ret_t osa_adb_fini_db(osa_adb_db_t db, int magic) * after trashing it. This has to be allowed, so don't * generate an error. */ - if (db->lock->lockmode != OSA_ADB_PERMANENT) + if (db->lock->lockmode != KRB5_DB_LOCKMODE_PERMANENT) (void) fclose(db->lock->lockfile); db->lock->lockfile = NULL; krb5_free_context(db->lock->context); @@ -254,9 +256,9 @@ osa_adb_ret_t osa_adb_fini_db(osa_adb_db_t db, int magic) return OSA_ADB_OK; } -osa_adb_ret_t osa_adb_get_lock(osa_adb_db_t db, int mode) +krb5_error_code osa_adb_get_lock(osa_adb_db_t db, int mode) { - int tries, gotlock, perm, krb5_mode, ret; + int tries, gotlock, perm, krb5_mode, ret = 0; if (db->lock->lockmode >= mode) { /* No need to upgrade lock, just incr refcnt and return */ @@ -266,12 +268,12 @@ osa_adb_ret_t osa_adb_get_lock(osa_adb_db_t db, int mode) perm = 0; switch (mode) { - case OSA_ADB_PERMANENT: + case KRB5_DB_LOCKMODE_PERMANENT: perm = 1; - case OSA_ADB_EXCLUSIVE: + case KRB5_DB_LOCKMODE_EXCLUSIVE: krb5_mode = KRB5_LOCKMODE_EXCLUSIVE; break; - case OSA_ADB_SHARED: + case KRB5_DB_LOCKMODE_SHARED: krb5_mode = KRB5_LOCKMODE_SHARED; break; default: @@ -284,7 +286,7 @@ osa_adb_ret_t osa_adb_get_lock(osa_adb_db_t db, int mode) krb5_mode|KRB5_LOCKMODE_DONTBLOCK)) == 0) { gotlock++; break; - } else if (ret == EBADF && mode == OSA_ADB_EXCLUSIVE) + } else if (ret == EBADF && mode == KRB5_DB_LOCKMODE_EXCLUSIVE) /* tried to exclusive-lock something we don't have */ /* write access to */ return OSA_ADB_NOEXCL_PERM; @@ -339,7 +341,7 @@ osa_adb_ret_t osa_adb_get_lock(osa_adb_db_t db, int mode) return OSA_ADB_OK; } -osa_adb_ret_t osa_adb_release_lock(osa_adb_db_t db) +krb5_error_code osa_adb_release_lock(osa_adb_db_t db) { int ret, fd; @@ -347,7 +349,7 @@ osa_adb_ret_t osa_adb_release_lock(osa_adb_db_t db) return OSA_ADB_NOTLOCKED; if (--db->lock->lockcnt == 0) { - if (db->lock->lockmode == OSA_ADB_PERMANENT) { + if (db->lock->lockmode == KRB5_DB_LOCKMODE_PERMANENT) { /* now we need to create the file since it does not exist */ fd = THREEPARAMOPEN(db->lock->filename,O_RDWR | O_CREAT | O_EXCL, 0600); @@ -363,7 +365,7 @@ osa_adb_ret_t osa_adb_release_lock(osa_adb_db_t db) return OSA_ADB_OK; } -osa_adb_ret_t osa_adb_open_and_lock(osa_adb_princ_t db, int locktype) +krb5_error_code osa_adb_open_and_lock(osa_adb_princ_t db, int locktype) { int ret; @@ -395,7 +397,7 @@ open_ok: return OSA_ADB_OK; } -osa_adb_ret_t osa_adb_close_and_unlock(osa_adb_princ_t db) +krb5_error_code osa_adb_close_and_unlock(osa_adb_princ_t db) { if (--db->opencnt) return osa_adb_release_lock(db); diff --git a/src/lib/kadm5/srv/adb_policy.c b/src/lib/kdb/kdb_db2/adb_policy.c similarity index 82% rename from src/lib/kadm5/srv/adb_policy.c rename to src/lib/kdb/kdb_db2/adb_policy.c index f081551d7..e338cbbd0 100644 --- a/src/lib/kadm5/srv/adb_policy.c +++ b/src/lib/kdb/kdb_db2/adb_policy.c @@ -10,12 +10,11 @@ static char *rcsid = "$Header$"; #include #include -#include "adb.h" +#include "policy_db.h" #include #include #include - #define OPENLOCK(db, mode) \ { \ int olret; \ @@ -34,42 +33,6 @@ static char *rcsid = "$Header$"; return cl_ret; \ } -osa_adb_ret_t osa_adb_create_policy_db(kadm5_config_params *params) -{ - return osa_adb_create_db(params->admin_dbname, - params->admin_lockfile, - OSA_ADB_POLICY_DB_MAGIC); -} - -osa_adb_ret_t osa_adb_rename_policy_db(kadm5_config_params *fromparams, - kadm5_config_params *toparams) -{ - return osa_adb_rename_db(fromparams->admin_dbname, - fromparams->admin_lockfile, - toparams->admin_dbname, - toparams->admin_lockfile, - OSA_ADB_POLICY_DB_MAGIC); -} - -osa_adb_ret_t osa_adb_destroy_policy_db(kadm5_config_params *params) -{ - return osa_adb_destroy_db(params->admin_dbname, - params->admin_lockfile, - OSA_ADB_POLICY_DB_MAGIC); -} - -osa_adb_ret_t osa_adb_open_policy(osa_adb_princ_t *dbp, - kadm5_config_params *rparams) -{ - return osa_adb_init_db(dbp, rparams->admin_dbname, - rparams->admin_lockfile, - OSA_ADB_POLICY_DB_MAGIC); -} - -osa_adb_ret_t osa_adb_close_policy(osa_adb_princ_t db) -{ - return osa_adb_fini_db(db, OSA_ADB_POLICY_DB_MAGIC); -} /* * Function: osa_adb_create_policy @@ -90,7 +53,7 @@ osa_adb_ret_t osa_adb_close_policy(osa_adb_princ_t db) * the policy db. * */ -osa_adb_ret_t +krb5_error_code osa_adb_create_policy(osa_adb_policy_t db, osa_policy_ent_t entry) { DBT dbkey; @@ -98,7 +61,7 @@ osa_adb_create_policy(osa_adb_policy_t db, osa_policy_ent_t entry) XDR xdrs; int ret; - OPENLOCK(db, OSA_ADB_EXCLUSIVE); + OPENLOCK(db, KRB5_DB_LOCKMODE_EXCLUSIVE); if(entry->name == NULL) { ret = EINVAL; @@ -165,13 +128,13 @@ error: * policy db. * */ -osa_adb_ret_t -osa_adb_destroy_policy(osa_adb_policy_t db, kadm5_policy_t name) +krb5_error_code +osa_adb_destroy_policy(osa_adb_policy_t db, char *name) { DBT dbkey; int status, ret; - OPENLOCK(db, OSA_ADB_EXCLUSIVE); + OPENLOCK(db, KRB5_DB_LOCKMODE_EXCLUSIVE); if(name == NULL) { ret = EINVAL; @@ -211,15 +174,16 @@ error: * db (input) db handle * name (input) name of policy * entry (output) policy entry + * cnt (inout) Number of entries * 0 on success, error code on failure. * * Requires: * Effects: * Modifies: */ -osa_adb_ret_t -osa_adb_get_policy(osa_adb_policy_t db, kadm5_policy_t name, - osa_policy_ent_t *entry) +krb5_error_code +osa_adb_get_policy(osa_adb_policy_t db, char *name, + osa_policy_ent_t *entry, int *cnt) { DBT dbkey; DBT dbdata; @@ -227,7 +191,9 @@ osa_adb_get_policy(osa_adb_policy_t db, kadm5_policy_t name, int ret; char *aligned_data; - OPENLOCK(db, OSA_ADB_SHARED); + OPENLOCK(db, KRB5_DB_LOCKMODE_SHARED); + + *cnt = 1; if(name == NULL) { ret = EINVAL; @@ -239,7 +205,8 @@ osa_adb_get_policy(osa_adb_policy_t db, kadm5_policy_t name, dbdata.size = 0; switch((db->db->get(db->db, &dbkey, &dbdata, 0))) { case 1: - ret = OSA_ADB_NOENT; + ret = 0; + *cnt = 0; goto error; case 0: break; @@ -289,7 +256,7 @@ error: * [modifies] * */ -osa_adb_ret_t +krb5_error_code osa_adb_put_policy(osa_adb_policy_t db, osa_policy_ent_t entry) { DBT dbkey; @@ -298,7 +265,7 @@ osa_adb_put_policy(osa_adb_policy_t db, osa_policy_ent_t entry) XDR xdrs; int ret; - OPENLOCK(db, OSA_ADB_EXCLUSIVE); + OPENLOCK(db, KRB5_DB_LOCKMODE_EXCLUSIVE); if(entry->name == NULL) { ret = EINVAL; @@ -356,7 +323,7 @@ error: * Effects: * Modifies: */ -osa_adb_ret_t +krb5_error_code osa_adb_iter_policy(osa_adb_policy_t db, osa_adb_iter_policy_func func, void *data) { @@ -367,7 +334,7 @@ osa_adb_iter_policy(osa_adb_policy_t db, osa_adb_iter_policy_func func, osa_policy_ent_t entry; char *aligned_data; - OPENLOCK(db, OSA_ADB_EXCLUSIVE); /* hmmm */ + OPENLOCK(db, KRB5_DB_LOCKMODE_EXCLUSIVE); /* hmmm */ if((ret = db->db->seq(db->db, &dbkey, &dbdata, R_FIRST)) == -1) { ret = errno; @@ -408,3 +375,15 @@ error: CLOSELOCK(db); return ret; } + +void +osa_free_policy_ent(osa_policy_ent_t val) +{ + XDR xdrs; + + xdrmem_create(&xdrs, NULL, 0, XDR_FREE); + + xdr_osa_policy_ent_rec(&xdrs, val); + + free(val); +} diff --git a/src/lib/kdb/kdb_db2/configure.in b/src/lib/kdb/kdb_db2/configure.in new file mode 100644 index 000000000..dc002d878 --- /dev/null +++ b/src/lib/kdb/kdb_db2/configure.in @@ -0,0 +1,22 @@ +AC_INIT(configure.in) +CONFIG_RULES +AC_CHECK_HEADERS(unistd.h) +AC_TYPE_MODE_T +AC_TYPE_OFF_T + +AC_CHECK_FUNCS(srand48 srand srandom umask) + +dnl AIX is unusual in that it wants all symbols resolved at link time +dnl Fortunately, it will allow us to link the kdb library now, even if +dnl it is linked again later. +case $krb5_cv_host in +*-*-aix*) + LIBS="$LIBS -ldb" + ;; +esac +KRB5_RUN_FLAGS +dnl The following is for check... +KRB5_BUILD_PROGRAM +KRB5_BUILD_LIBOBJS +KRB5_BUILD_LIBRARY_WITH_DEPS +V5_AC_OUTPUT_MAKEFILE diff --git a/src/lib/kdb/kdb_db2/db2_exp.c b/src/lib/kdb/kdb_db2/db2_exp.c new file mode 100644 index 000000000..f511487f1 --- /dev/null +++ b/src/lib/kdb/kdb_db2/db2_exp.c @@ -0,0 +1,64 @@ +/********************************************************************** +* +* C %name: db2_exp.c % +* Instance: idc_sec_2 +* Description: +* %created_by: spradeep % +* %date_created: Tue Apr 5 11:44:00 2005 % +* +**********************************************************************/ +#ifndef lint +static char *_csrc = "@(#) %filespec: db2_exp.c~5 % (%full_filespec: db2_exp.c~5:csrc:idc_sec#2 %)"; +#endif + +#if HAVE_UNISTD_H +#include +#endif + +#include "k5-int.h" +#include +#include +#include +#include +#include "../kdb5.h" +#include "kdb_db2.h" +#include "kdb_xdr.h" +#include "policy_db.h" + +/* + * Exposed API + */ + +kdb_vftabl krb5_db_vftabl_kdb_db2 = { + 1, /* major version number 1 */ + 0, /* minor version number 0 */ + 0, /* TBD. Not sure whether thread safe. For now, its not */ + /* init_library */ krb5_db2_lib_init, + /* fini_library */ krb5_db2_lib_cleanup, + /* init_module */ krb5_db2_open, + /* fini_module */ krb5_db2_db_fini, + /* db_create */ krb5_db2_create, + /* db_destroy */ krb5_db2_destroy, + /* db_get_age */ krb5_db2_db_get_age, + /* db_set_option */ krb5_db2_db_set_option, + /* db_lock */ krb5_db2_db_lock, + /* db_unlock */ krb5_db2_db_unlock, + /* db_get_principal */ krb5_db2_db_get_principal, + /* db_free_principal */ krb5_db2_db_free_principal, + /* db_put_principal */ krb5_db2_db_put_principal, + /* db_delete_principal */ krb5_db2_db_delete_principal, + /* db_iterate */ krb5_db2_db_iterate, + /* db_create_policy */ krb5_db2_create_policy, + /* db_get_policy */ krb5_db2_get_policy, + /* db_put_policy */ krb5_db2_put_policy, + /* db_iter_policy */ krb5_db2_iter_policy, + /* db_delete_policy */ krb5_db2_delete_policy, + /* db_free_policy */ krb5_db2_free_policy, + /* db_supported_realms */ NULL, + /* db_free_supported_realms */ NULL, + /* errcode_2_string */ NULL, + /* db_alloc */ krb5_db2_alloc, + /* db_free */ krb5_db2_free, + /* set_master_key */ krb5_db2_set_master_key_ext, + /* get_master_key */ krb5_db2_db_get_mkey +}; diff --git a/src/lib/kdb/kdb_compat.h b/src/lib/kdb/kdb_db2/kdb_compat.h similarity index 100% rename from src/lib/kdb/kdb_compat.h rename to src/lib/kdb/kdb_db2/kdb_compat.h diff --git a/src/lib/kdb/kdb_db2.c b/src/lib/kdb/kdb_db2/kdb_db2.c similarity index 68% rename from src/lib/kdb/kdb_db2.c rename to src/lib/kdb/kdb_db2/kdb_db2.c index bcd08a2fb..2ac462e89 100644 --- a/src/lib/kdb/kdb_db2.c +++ b/src/lib/kdb/kdb_db2/kdb_db2.c @@ -60,6 +60,12 @@ #include #include #include +#include "../kdb5.h" +#include "kdb_db2.h" +#include "kdb_xdr.h" +#include "policy_db.h" + +#define KDB_DB2_DATABASE_NAME "database_name" #define OLD_COMPAT_VERSION_1 @@ -71,14 +77,23 @@ static char *gen_dbsuffix (char *, char * ); -static krb5_error_code krb5_db2_db_start_update + +static krb5_error_code krb5_db2_db_start_update (krb5_context); -static krb5_error_code krb5_db2_db_end_update +static krb5_error_code krb5_db2_db_end_update (krb5_context); + +krb5_error_code +krb5_db2_db_set_name(krb5_context,char*); + +krb5_error_code krb5_db2_db_lock +( krb5_context, int ); + static krb5_error_code krb5_db2_db_set_hashfirst (krb5_context, int); static char default_db_name[] = DEFAULT_KDB_FILE; +krb5_set_err_func_t krb5_db2_dal_err_funcp = NULL; /* * Locking: @@ -129,8 +144,39 @@ static char default_db_name[] = DEFAULT_KDB_FILE; /* * Routines to deal with context. */ -#define k5db2_inited(c) (c && c->db_context && \ - ((krb5_db2_context *) c->db_context)->db_inited) +#define k5db2_inited(c) (c && c->db_context \ + && ((kdb5_dal_handle*)c->db_context)->db_context \ + && ((krb5_db2_context *) ((kdb5_dal_handle*)c->db_context)->db_context)->db_inited) + + +static +krb5_error_code +krb5_db2_get_db_opt( char *input, char **opt, char **val ) +{ + char *pos = strchr(input, '='); + if( pos == NULL ) + { + *opt = NULL; + *val = strdup(input); + if( *val == NULL ) + { + return ENOMEM; + } + } + else + { + *opt = malloc( (pos - input) + 1 ); + *val = strdup( pos + 1 ); + if( !*opt || !*val ) + { + return ENOMEM; + } + memcpy( *opt, input, pos - input); + (*opt)[pos - input] = '\0'; + } + return (0); + +} /* * Restore the default context. @@ -155,25 +201,30 @@ k5db2_clear_context(dbctx) dbctx->db_nb_locks = FALSE; } + static krb5_error_code k5db2_init_context(context) krb5_context context; { krb5_db2_context *db_ctx; + kdb5_dal_handle *dal_handle; + + dal_handle = (kdb5_dal_handle*) context->db_context; - if (context->db_context == NULL) { + if ( dal_handle->db_context == NULL) { db_ctx = (krb5_db2_context *) malloc(sizeof(krb5_db2_context)); if (db_ctx == NULL) return ENOMEM; else { memset((char *) db_ctx, 0, sizeof(krb5_db2_context)); k5db2_clear_context((krb5_db2_context *)db_ctx); - context->db_context = (void *) db_ctx; + dal_handle->db_context = (void *) db_ctx; } } return(0); } + /* * Utility routine: generate name of database file. */ @@ -196,6 +247,7 @@ gen_dbsuffix(db_name, sfx) return dbsuffix; } + static DB * k5db2_dbopen(dbc, fname, flags, mode) krb5_db2_context *dbc; @@ -248,10 +300,12 @@ krb5_db2_db_set_hashfirst(context, hashfirst) int hashfirst; { krb5_db2_context *dbc; + kdb5_dal_handle *dal_handle; if (k5db2_inited(context)) return KRB5_KDB_DBNOTINITED; - dbc = (krb5_db2_context *) context->db_context; + dal_handle = (kdb5_dal_handle*) context->db_context; + dbc = (krb5_db2_context *) dal_handle->db_context; dbc->hashfirst = hashfirst; return 0; } @@ -267,6 +321,8 @@ krb5_db2_db_init(context) char *filename = NULL; krb5_db2_context *db_ctx; krb5_error_code retval; + kdb5_dal_handle *dal_handle; + char policy_db_name[1024], policy_lock_name[1024]; if (k5db2_inited(context)) return 0; @@ -275,7 +331,8 @@ krb5_db2_db_init(context) if ((retval = k5db2_init_context(context))) return(retval); - db_ctx = context->db_context; + dal_handle = (kdb5_dal_handle*) context->db_context; + db_ctx = dal_handle->db_context; db_ctx->db = NULL; if (!(filename = gen_dbsuffix(db_ctx->db_name, KDB2_LOCK_EXT))) @@ -297,6 +354,14 @@ krb5_db2_db_init(context) if ((retval = krb5_db2_db_get_age(context, NULL, &db_ctx->db_lf_time))) goto err_out; + sprintf( policy_db_name, "%s.kadm5", db_ctx->db_name ); + sprintf( policy_lock_name, "%s.lock", policy_db_name ); + + if( (retval = osa_adb_init_db(&db_ctx->policy_db, policy_db_name, + policy_lock_name, OSA_ADB_POLICY_DB_MAGIC)) ) + { + goto err_out; + } return 0; err_out: @@ -305,6 +370,7 @@ err_out: return (retval); } + /* * gracefully shut down database--must be called by ANY program that does * a krb5_db2_db_init @@ -315,8 +381,15 @@ krb5_db2_db_fini(context) { krb5_error_code retval = 0; krb5_db2_context *db_ctx; + kdb5_dal_handle *dal_handle; - db_ctx = (krb5_db2_context *) context->db_context; + dal_handle = (kdb5_dal_handle*) context->db_context; + if( dal_handle == NULL ) + { + return 0; + } + + db_ctx = (krb5_db2_context *) dal_handle->db_context; if (k5db2_inited(context)) { if (close(db_ctx->db_lf_file)) @@ -325,13 +398,22 @@ krb5_db2_db_fini(context) retval = 0; } if (db_ctx) { + if( db_ctx->policy_db ) + { + retval = osa_adb_fini_db(db_ctx->policy_db, OSA_ADB_POLICY_DB_MAGIC); + if( retval ) + return retval; + } + k5db2_clear_context(db_ctx); - free(context->db_context); - context->db_context = NULL; + /* free(dal_handle->db_context); */ + dal_handle->db_context = NULL; } return retval; } +#if 0 // pradx + krb5_error_code krb5_db2_db_open_database(context) krb5_context context; @@ -350,6 +432,8 @@ krb5_db2_db_close_database(context) return 0; } +#endif // 0 -pradx + /* * Set/Get the master key associated with the database */ @@ -359,11 +443,13 @@ krb5_db2_db_set_mkey(context, key) krb5_keyblock *key; { krb5_db2_context *db_ctx; + kdb5_dal_handle *dal_handle; if (!k5db2_inited(context)) return(KRB5_KDB_DBNOTINITED); - db_ctx = context->db_context; + dal_handle = (kdb5_dal_handle*) context->db_context; + db_ctx = dal_handle->db_context; db_ctx->db_master_key = key; return 0; } @@ -374,11 +460,13 @@ krb5_db2_db_get_mkey(context, key) krb5_keyblock **key; { krb5_db2_context *db_ctx; + kdb5_dal_handle *dal_handle; if (!k5db2_inited(context)) return(KRB5_KDB_DBNOTINITED); - db_ctx = context->db_context; + dal_handle = (kdb5_dal_handle*)context->db_context; + db_ctx = dal_handle->db_context; *key = db_ctx->db_master_key; return 0; @@ -401,6 +489,7 @@ krb5_db2_db_set_name(context, name) DB *db; krb5_db2_context *db_ctx; krb5_error_code kret; + kdb5_dal_handle *dal_handle; if (k5db2_inited(context)) return KRB5_KDB_DBINITED; @@ -412,7 +501,8 @@ krb5_db2_db_set_name(context, name) if (name == NULL) name = default_db_name; - db_ctx = context->db_context; + dal_handle = (kdb5_dal_handle*)context->db_context; + db_ctx = dal_handle->db_context; db = k5db2_dbopen(db_ctx, name, O_RDONLY, 0); if (db == NULL) return errno; @@ -435,11 +525,14 @@ krb5_db2_db_get_age(context, db_name, age) time_t *age; { krb5_db2_context *db_ctx; + kdb5_dal_handle *dal_handle; struct stat st; if (!k5db2_inited(context)) return(KRB5_KDB_DBNOTINITED); - db_ctx = (krb5_db2_context *) context->db_context; + dal_handle = (kdb5_dal_handle *) context->db_context; + db_ctx = (krb5_db2_context *) dal_handle->db_context; + if (fstat (db_ctx->db_lf_file, &st) < 0) *age = -1; else @@ -468,6 +561,7 @@ krb5_db2_db_end_update(context) { krb5_error_code retval; krb5_db2_context *db_ctx; + kdb5_dal_handle *dal_handle; struct stat st; time_t now; struct utimbuf utbuf; @@ -476,7 +570,8 @@ krb5_db2_db_end_update(context) return(KRB5_KDB_DBNOTINITED); retval = 0; - db_ctx = context->db_context; + dal_handle = (kdb5_dal_handle*) context->db_context; + db_ctx = dal_handle->db_context; now = time((time_t *) NULL); if (fstat(db_ctx->db_lf_file, &st) == 0) { if (st.st_mtime >= now) { @@ -502,24 +597,43 @@ krb5_db2_db_end_update(context) } krb5_error_code -krb5_db2_db_lock(context, mode) +krb5_db2_db_lock(context, in_mode) krb5_context context; - int mode; + int in_mode; { krb5_db2_context *db_ctx; int krb5_lock_mode; DB *db; krb5_error_code retval; time_t mod_time; + kdb5_dal_handle *dal_handle; + int mode = in_mode & ~KRB5_DB_LOCKMODE_PERMANENT; /* permanent is not available for principal db */ + + switch( in_mode ) + { + case KRB5_DB_LOCKMODE_PERMANENT: + mode = KRB5_DB_LOCKMODE_EXCLUSIVE; + break; + case KRB5_DB_LOCKMODE_EXCLUSIVE: + mode = KRB5_LOCKMODE_EXCLUSIVE; + break; + + case KRB5_DB_LOCKMODE_SHARED: + mode = KRB5_LOCKMODE_SHARED; + break; + default: + return EINVAL; + } if (!k5db2_inited(context)) return KRB5_KDB_DBNOTINITED; - db_ctx = (krb5_db2_context *) context->db_context; + dal_handle = (kdb5_dal_handle*) context->db_context; + db_ctx = (krb5_db2_context *) dal_handle->db_context; if (db_ctx->db_locks_held && (db_ctx->db_lock_mode >= mode)) { /* No need to upgrade lock, just return */ db_ctx->db_locks_held++; - return(0); + goto policy_lock; } if ((mode != KRB5_LOCKMODE_SHARED) && (mode != KRB5_LOCKMODE_EXCLUSIVE)) @@ -557,27 +671,42 @@ krb5_db2_db_lock(context, mode) db_ctx->db_lock_mode = mode; db_ctx->db_locks_held++; - return 0; + + policy_lock: + if((retval=osa_adb_get_lock(db_ctx->policy_db, in_mode))) + { + krb5_db2_db_unlock(context); + } + return retval; lock_error:; db_ctx->db_lock_mode = 0; db_ctx->db_locks_held = 0; - (void) krb5_db2_db_unlock(context); + krb5_db2_db_unlock(context); return retval; } + krb5_error_code krb5_db2_db_unlock(context) krb5_context context; { krb5_db2_context *db_ctx; + kdb5_dal_handle *dal_handle; DB *db; krb5_error_code retval; if (!k5db2_inited(context)) return KRB5_KDB_DBNOTINITED; - db_ctx = (krb5_db2_context *) context->db_context; + dal_handle = (kdb5_dal_handle*) context->db_context; + db_ctx = (krb5_db2_context *) dal_handle->db_context; + + if( (retval = osa_adb_release_lock(db_ctx->policy_db)) ) + { + return retval; + } + if (!db_ctx->db_locks_held) /* lock already unlocked */ return KRB5_KDB_NOTLOCKED; db = db_ctx->db; @@ -603,15 +732,18 @@ krb5_db2_db_create(context, db_name, flags) krb5_int32 flags; { register krb5_error_code retval = 0; + kdb5_dal_handle *dal_handle; char *okname; int fd; krb5_db2_context *db_ctx; DB *db; + char policy_db_name[1024], policy_lock_name[1024]; if ((retval = k5db2_init_context(context))) return(retval); - db_ctx = (krb5_db2_context *) context->db_context; + dal_handle = (kdb5_dal_handle*) context->db_context; + db_ctx = (krb5_db2_context *) dal_handle->db_context; switch (flags) { case KRB5_KDB_CREATE_HASH: if ((retval = krb5_db2_db_set_hashfirst(context, TRUE))) @@ -643,6 +775,14 @@ krb5_db2_db_create(context, db_name, flags) free_dbsuffix(okname); } } + + sprintf( policy_db_name, "%s.kadm5", db_name ); + sprintf( policy_lock_name, "%s.lock", policy_db_name ); + + retval = osa_adb_create_db( policy_db_name, + policy_lock_name, OSA_ADB_POLICY_DB_MAGIC); + + return retval; } @@ -748,9 +888,10 @@ krb5_db2_db_destroy(context, dbname) { krb5_error_code retval1, retval2; krb5_boolean tmpcontext; + char policy_db_name[1024], policy_lock_name[1024]; tmpcontext = 0; - if (!context->db_context) { + if ( !context->db_context || !((kdb5_dal_handle*)context->db_context)->db_context ) { tmpcontext = 1; if ((retval1 = k5db2_init_context(context))) return(retval1); @@ -761,17 +902,25 @@ krb5_db2_db_destroy(context, dbname) retval2 = destroy_file_suffix(dbname, KDB2_LOCK_EXT); if (tmpcontext) { - k5db2_clear_context((krb5_db2_context *) context->db_context); - free(context->db_context); - context->db_context = NULL; + k5db2_clear_context((krb5_db2_context *) ((kdb5_dal_handle*)context->db_context)->db_context ); + free(((kdb5_dal_handle*)context->db_context)->db_context); + ((kdb5_dal_handle*)context->db_context)->db_context = NULL; } if (retval1 || retval2) return (retval1 ? retval1 : retval2); - else - return 0; + + sprintf( policy_db_name, "%s.kadm5", dbname ); + sprintf( policy_lock_name, "%s.lock", policy_db_name ); + + retval1 = osa_adb_destroy_db( policy_db_name, + policy_lock_name, OSA_ADB_POLICY_DB_MAGIC); + + return retval1; } +#if 0 // -pradx + /* * "Atomically" rename the database in a way that locks out read * access in the middle of the rename. @@ -791,13 +940,15 @@ krb5_db2_db_rename(context, from, to) DB *db; char *fromok; krb5_error_code retval; + kdb5_dal_handle *dal_handle; krb5_db2_context *s_context, *db_ctx; - s_context = context->db_context; - context->db_context = NULL; + dal_handle = (kdb5_dal_handle*) context->db_context; + s_context = dal_handle->db_context; + dal_handle->db_context = NULL; if ((retval = k5db2_init_context(context))) return retval; - db_ctx = (krb5_db2_context *) context->db_context; + db_ctx = (krb5_db2_context *) ((kdb5_dal_handle*)context->db_context)->db_context; /* * Create the database if it does not already exist; the @@ -860,21 +1011,23 @@ krb5_db2_db_rename(context, from, to) errfromok: free_dbsuffix(fromok); errout: - if (context->db_context) { + if ( ((kdb5_dal_handle*)context->db_context)->db_context ) { if (db_ctx->db_lf_file >= 0) { krb5_db2_db_unlock(context); close(db_ctx->db_lf_file); } - k5db2_clear_context((krb5_db2_context *) context->db_context); - free(context->db_context); + k5db2_clear_context((krb5_db2_context *) ((kdb5_dal_handle*)context->db_context)->db_context); + free(((kdb5_dal_handle*)context->db_context)->db_context); } - context->db_context = s_context; + ((kdb5_dal_handle*)context->db_context)->db_context = s_context; (void) krb5_db2_db_unlock(context); /* unlock saved context db */ return retval; } +#endif // 0 - pradx + /* * look up a principal in the data base. * returns number of entries found, and whether there were @@ -894,7 +1047,8 @@ krb5_db2_db_get_principal(context, searchfor, entries, nentries, more) DB *db; DBT key, contents; krb5_data keydata, contdata; - int trynum, dbret; + int try, dbret; + kdb5_dal_handle *dal_handle; *more = FALSE; *nentries = 0; @@ -902,8 +1056,10 @@ krb5_db2_db_get_principal(context, searchfor, entries, nentries, more) if (!k5db2_inited(context)) return KRB5_KDB_DBNOTINITED; - db_ctx = (krb5_db2_context *) context->db_context; - for (trynum = 0; trynum < KRB5_DB2_MAX_RETRY; trynum++) { + dal_handle = (kdb5_dal_handle*) context->db_context; + db_ctx = (krb5_db2_context *) dal_handle->db_context; + + for (try = 0; try < KRB5_DB2_MAX_RETRY; try++) { if ((retval = krb5_db2_db_lock(context, KRB5_LOCKMODE_SHARED))) { if (db_ctx->db_nb_locks) return(retval); @@ -912,7 +1068,7 @@ krb5_db2_db_get_principal(context, searchfor, entries, nentries, more) } break; } - if (trynum == KRB5_DB2_MAX_RETRY) + if (try == KRB5_DB2_MAX_RETRY) return KRB5_KDB_DB_INUSE; /* XXX deal with wildcard lookups */ @@ -950,7 +1106,7 @@ cleanup: /* Free stuff returned by krb5_db2_db_get_principal. */ -void +krb5_error_code krb5_db2_db_free_principal(context, entries, nentries) krb5_context context; krb5_db_entry *entries; @@ -959,7 +1115,7 @@ krb5_db2_db_free_principal(context, entries, nentries) register int i; for (i = 0; i < nentries; i++) krb5_dbe_free_contents(context, &entries[i]); - return; + return 0; } /* @@ -973,10 +1129,11 @@ krb5_db2_db_free_principal(context, entries, nentries) */ krb5_error_code -krb5_db2_db_put_principal(context, entries, nentries) +krb5_db2_db_put_principal(context, entries, nentries, db_args) krb5_context context; krb5_db_entry *entries; register int *nentries; /* number of entry structs to update */ + char **db_args; { int i, n, dbret; DB *db; @@ -984,13 +1141,24 @@ krb5_db2_db_put_principal(context, entries, nentries) krb5_data contdata, keydata; krb5_error_code retval; krb5_db2_context *db_ctx; + kdb5_dal_handle *dal_handle; + + if( db_args ) + { + /* DB2 does not support db_args DB arguments for principal */ + char buf[KRB5_MAX_ERR_STR]; + sprintf(buf, "Unsupported argument \"%s\" for db2", db_args[0]); + krb5_db2_dal_err_funcp( context, krb5_err_have_str, EINVAL, buf); + return EINVAL; + } n = *nentries; *nentries = 0; if (!k5db2_inited(context)) return KRB5_KDB_DBNOTINITED; - db_ctx = (krb5_db2_context *) context->db_context; + dal_handle = (kdb5_dal_handle*) context->db_context; + db_ctx = (krb5_db2_context *) dal_handle->db_context; if ((retval = krb5_db2_db_lock(context, KRB5_LOCKMODE_EXCLUSIVE))) return retval; @@ -1048,11 +1216,13 @@ krb5_db2_db_delete_principal(context, searchfor, nentries) DBT key, contents; krb5_data keydata, contdata; int i, dbret; + kdb5_dal_handle *dal_handle; if (!k5db2_inited(context)) return KRB5_KDB_DBNOTINITED; - db_ctx = (krb5_db2_context *) context->db_context; + dal_handle = (kdb5_dal_handle*) context->db_context; + db_ctx = (krb5_db2_context *) dal_handle->db_context; if ((retval = krb5_db2_db_lock(context, KRB5_LOCKMODE_EXCLUSIVE))) return(retval); @@ -1131,6 +1301,7 @@ krb5_db2_db_iterate_ext(context, func, func_arg, backwards, recursive) krb5_data contdata; krb5_db_entry entries; krb5_error_code retval; + kdb5_dal_handle *dal_handle; int dbret; void *cookie; @@ -1138,7 +1309,8 @@ krb5_db2_db_iterate_ext(context, func, func_arg, backwards, recursive) if (!k5db2_inited(context)) return KRB5_KDB_DBNOTINITED; - db_ctx = (krb5_db2_context *) context->db_context; + dal_handle = (kdb5_dal_handle*) context->db_context; + db_ctx = (krb5_db2_context *) dal_handle->db_context; retval = krb5_db2_db_lock(context, KRB5_LOCKMODE_SHARED); if (retval) @@ -1198,14 +1370,15 @@ krb5_db2_db_iterate_ext(context, func, func_arg, backwards, recursive) } krb5_error_code -krb5_db2_db_iterate(context, func, func_arg) - krb5_context context; - krb5_error_code (*func) (krb5_pointer, krb5_db_entry *); - krb5_pointer func_arg; +krb5_db2_db_iterate( krb5_context context, + char *match_expr, + krb5_error_code (*func) (krb5_pointer, krb5_db_entry *), + krb5_pointer func_arg ) { return krb5_db2_db_iterate_ext(context, func, func_arg, 0, 0); } + krb5_boolean krb5_db2_db_set_lockmode(context, mode) krb5_context context; @@ -1213,15 +1386,18 @@ krb5_db2_db_set_lockmode(context, mode) { krb5_boolean old; krb5_db2_context *db_ctx; + kdb5_dal_handle *dal_handle; + dal_handle = (kdb5_dal_handle*) context->db_context; old = mode; - if ((db_ctx = (krb5_db2_context *) context->db_context)) { + if ( dal_handle && (db_ctx = (krb5_db2_context *) dal_handle->db_context)) { old = db_ctx->db_nb_locks; db_ctx->db_nb_locks = mode; } return old; } +#if 0 // -pradx /* * Context serialization operations. * @@ -1384,7 +1560,7 @@ kdb5_context_internalize(kcontext, argp, buffer, lenremain) dbctx = (krb5_db2_context *) tmpctx->db_context; (void) krb5_db2_db_set_lockmode(tmpctx, 0); if (lockmode) - kret = krb5_db_lock(tmpctx, lockmode); + kret = krb5_db2_db_lock(tmpctx, lockmode); if (!kret && lockmode) dbctx->db_locks_held = lockcount; nb_lock = nb_lockmode & 0xff; @@ -1432,3 +1608,393 @@ krb5_ser_db_context_init(kcontext) { return(krb5_register_serializer(kcontext, &kdb5_context_ser_entry)); } + +#endif // 0 - pradx + +/* + * DAL API functions + */ +krb5_error_code krb5_db2_lib_init(krb5_set_err_func_t set_err) +{ + krb5_db2_dal_err_funcp = set_err; + return 0; +} + +krb5_error_code krb5_db2_lib_cleanup() +{ + /* right now, no cleanup required */ + return 0; +} + +krb5_error_code krb5_db2_open( krb5_context kcontext, + char *conf_section, + char **db_args, + int mode ) +{ + krb5_error_code status = 0; + char **t_ptr = db_args; + char db_name_set = 0; + + if (k5db2_inited(kcontext)) + return 0; + + + while ( t_ptr && *t_ptr ) + { + char *opt = NULL, *val = NULL; + + krb5_db2_get_db_opt( *t_ptr, &opt, &val ); + if( opt && !strcmp( opt, "dbname" ) ) + { + status = krb5_db2_db_set_name( kcontext, val ); + if( status ) + { + free(opt); + free(val); + goto clean_n_exit; + } + db_name_set = 1; + } + /* ignore hash argument. Might have been passed from create */ + else if( !opt || strcmp( opt, "hash") ) + { + char buf[KRB5_MAX_ERR_STR]; + sprintf(buf, "Unsupported argument \"%s\" for db2", opt?opt:val); + krb5_db2_dal_err_funcp( kcontext, krb5_err_have_str, EINVAL, buf); + free(opt); + free(val); + return EINVAL; + } + + free(opt); + free(val); + t_ptr++; + } + + if( !db_name_set ) + { + char *value = NULL; + status = profile_get_string( KRB5_DB_GET_PROFILE(kcontext), KDB_MODULE_SECTION, + conf_section, KDB_DB2_DATABASE_NAME, /* under given conf section */ + NULL, &value ); + + + if( value == NULL ) + { + /* special case for db2. We might actually be looking at old type config file where database is specified as part of realm */ + status = profile_get_string( KRB5_DB_GET_PROFILE(kcontext), KDB_REALM_SECTION, + KRB5_DB_GET_REALM(kcontext), KDB_DB2_DATABASE_NAME, /* under given realm */ + default_db_name, &value ); + if( status ) + { + goto clean_n_exit; + } + } + + status = krb5_db2_db_set_name( kcontext, value ); + profile_release_string( value ); + if( status ) + { + goto clean_n_exit; + } + + } + + status = krb5_db2_db_init( kcontext ); + + clean_n_exit: + return status; +} + + +krb5_error_code krb5_db2_create( krb5_context kcontext, + char *conf_section, + char **db_args ) +{ + krb5_error_code status = 0; + char **t_ptr = db_args; + char db_name_set = 0; + krb5_int32 flags = KRB5_KDB_CREATE_BTREE; + char *db_name = NULL; + + if (k5db2_inited(kcontext)) + return 0; + + + while ( t_ptr && *t_ptr ) + { + char *opt = NULL, *val = NULL; + + krb5_db2_get_db_opt( *t_ptr, &opt, &val ); + if( opt && !strcmp( opt, "dbname" ) ) + { + db_name = strdup(val); + status = krb5_db2_db_set_name( kcontext, val ); + if( !status ) + { + status = EEXIST; + free(opt); + free(val); + goto clean_n_exit; + } + db_name_set = 1; + } + /* ignore hash argument. Might have been passed from create */ + else if( opt && !strcmp( opt, "hash") ) + { + flags=KRB5_KDB_CREATE_HASH; + } + else + { + char buf[KRB5_MAX_ERR_STR]; + sprintf(buf, "Unsupported argument \"%s\" for db2", opt?opt:val); + krb5_db2_dal_err_funcp( kcontext, krb5_err_have_str, EINVAL, buf); + free(opt); + free(val); + return EINVAL; + } + + free(opt); + free(val); + t_ptr++; + } + + if( !db_name_set ) + { + char *value = NULL; + status = profile_get_string( KRB5_DB_GET_PROFILE(kcontext), KDB_MODULE_SECTION, + conf_section, KDB_DB2_DATABASE_NAME, /* under given conf section */ + NULL, &value ); + + + if( value == NULL ) + { + /* special case for db2. We might actually be looking at old type config file where database is specified as part of realm */ + status = profile_get_string( KRB5_DB_GET_PROFILE(kcontext), KDB_REALM_SECTION, + KRB5_DB_GET_REALM(kcontext), KDB_DB2_DATABASE_NAME, /* under given realm */ + default_db_name, &value ); + if( status ) + { + goto clean_n_exit; + } + } + + db_name = strdup( value ); + status = krb5_db2_db_set_name( kcontext, value ); + profile_release_string( value ); + if( !status ) + { + status = EEXIST; + goto clean_n_exit; + } + + } + + status = krb5_db2_db_create( kcontext, db_name, flags ); + if( status ) + goto clean_n_exit; + /* db2 has a problem of needing to close and open the database again. This removes that need */ + status = krb5_db2_db_fini(kcontext); + if( status ) + goto clean_n_exit; + + status = krb5_db2_open( kcontext, conf_section, db_args, KRB5_KDB_OPEN_RW ); + + clean_n_exit: + if( db_name ) + free( db_name ); + return status; +} + +krb5_error_code krb5_db2_destroy( krb5_context kcontext, + char *conf_section, + char **db_args ) +{ + krb5_error_code status = 0; + char **t_ptr = db_args; + char db_name_set = 0; + char *db_name = NULL; + + while ( t_ptr && *t_ptr ) + { + char *opt = NULL, *val = NULL; + + krb5_db2_get_db_opt( *t_ptr, &opt, &val ); + if( opt && !strcmp( opt, "dbname" ) ) + { + db_name = strdup(val); + status = krb5_db2_db_set_name( kcontext, val ); + if( status ) + { + free(opt); + free(val); + goto clean_n_exit; + } + db_name_set = 1; + } + /* ignore hash argument. Might have been passed from create */ + else if( !opt || strcmp( opt, "hash") ) + { + free(opt); + free(val); + return EINVAL; + } + + free(opt); + free(val); + t_ptr++; + } + + if( !db_name_set ) + { + char *value = NULL; + status = profile_get_string( KRB5_DB_GET_PROFILE(kcontext), KDB_MODULE_SECTION, + conf_section, KDB_DB2_DATABASE_NAME, /* under given conf section */ + NULL, &value ); + + + if( value == NULL ) + { + /* special case for db2. We might actually be looking at old type config file where database is specified as part of realm */ + status = profile_get_string( KRB5_DB_GET_PROFILE(kcontext), KDB_REALM_SECTION, + KRB5_DB_GET_REALM(kcontext), KDB_DB2_DATABASE_NAME, /* under given realm */ + default_db_name, &value ); + if( status ) + { + goto clean_n_exit; + } + } + + db_name = strdup(value); + status = krb5_db2_db_set_name( kcontext, value ); + profile_release_string( value ); + if( status ) + { + goto clean_n_exit; + } + + } + + status = krb5_db2_db_destroy( kcontext, db_name ); + + clean_n_exit: + if( db_name ) + free(db_name); + return status; +} + +krb5_error_code krb5_db2_set_master_key_ext ( krb5_context kcontext, + char *pwd, + krb5_keyblock *key) +{ + return krb5_db2_db_set_mkey( kcontext, key ); +} + +krb5_error_code krb5_db2_db_set_option ( krb5_context kcontext, int option, void *value ) +{ + krb5_error_code status = 0; + krb5_boolean oldval; + + switch(option) + { + case KRB5_KDB_OPT_SET_DB_NAME: + status = krb5_db2_db_set_name( kcontext, (char *)value); + break; + + case KRB5_KDB_OPT_SET_LOCK_MODE: + oldval = krb5_db2_db_set_lockmode( kcontext, *((krb5_boolean*)value) ); + *((krb5_boolean*)value) = oldval; + break; + + default: + status = -1; /* TBD */ + break; + } + + return status; +} + +void * krb5_db2_alloc( krb5_context kcontext, void *ptr, size_t size ) +{ + return realloc(ptr, size); +} + +void krb5_db2_free( krb5_context kcontext, void *ptr ) +{ + free(ptr); +} + + +/* policy functions */ +krb5_error_code krb5_db2_create_policy( krb5_context kcontext, + osa_policy_ent_t policy ) +{ + kdb5_dal_handle *dal_handle; + krb5_db2_context *dbc; + + dal_handle = (kdb5_dal_handle*) kcontext->db_context; + dbc = (krb5_db2_context*) dal_handle->db_context; + + return osa_adb_create_policy( dbc->policy_db, policy ); +} + +krb5_error_code krb5_db2_get_policy ( krb5_context kcontext, + char *name, + osa_policy_ent_t *policy, + int *cnt) +{ + kdb5_dal_handle *dal_handle; + krb5_db2_context *dbc; + + dal_handle = (kdb5_dal_handle*) kcontext->db_context; + dbc = (krb5_db2_context*) dal_handle->db_context; + + return osa_adb_get_policy( dbc->policy_db, name, policy, cnt ); +} + +krb5_error_code krb5_db2_put_policy ( krb5_context kcontext, + osa_policy_ent_t policy ) +{ + kdb5_dal_handle *dal_handle; + krb5_db2_context *dbc; + + dal_handle = (kdb5_dal_handle*) kcontext->db_context; + dbc = (krb5_db2_context*) dal_handle->db_context; + + return osa_adb_put_policy( dbc->policy_db, policy ); +} + +krb5_error_code krb5_db2_iter_policy ( krb5_context kcontext, + char *match_entry, + osa_adb_iter_policy_func func, + void *data ) +{ + kdb5_dal_handle *dal_handle; + krb5_db2_context *dbc; + + dal_handle = (kdb5_dal_handle*) kcontext->db_context; + dbc = (krb5_db2_context*) dal_handle->db_context; + + return osa_adb_iter_policy( dbc->policy_db, func, data ); +} + + +krb5_error_code krb5_db2_delete_policy ( krb5_context kcontext, + char *policy ) +{ + kdb5_dal_handle *dal_handle; + krb5_db2_context *dbc; + + dal_handle = (kdb5_dal_handle*) kcontext->db_context; + dbc = (krb5_db2_context*) dal_handle->db_context; + + return osa_adb_destroy_policy( dbc->policy_db, policy ); +} + + +void krb5_db2_free_policy( krb5_context kcontext, + osa_policy_ent_t entry ) +{ + osa_free_policy_ent(entry); +} + diff --git a/src/lib/kdb/kdb_db2.h b/src/lib/kdb/kdb_db2/kdb_db2.h similarity index 58% rename from src/lib/kdb/kdb_db2.h rename to src/lib/kdb/kdb_db2/kdb_db2.h index 80f949596..ba03ea36f 100644 --- a/src/lib/kdb/kdb_db2.h +++ b/src/lib/kdb/kdb_db2/kdb_db2.h @@ -27,29 +27,9 @@ * KDC Database backend definitions for Berkely DB. */ #ifndef KRB5_KDB_DB2_H +#define KRB5_KDB_DB2_H -/* renaming kludge */ -#define krb5_db2_db_set_name krb5_db_set_name -#define krb5_db2_db_set_nonblocking krb5_db_set_nonblocking -#define krb5_db2_db_init krb5_db_init -#define krb5_db2_db_fini krb5_db_fini -#define krb5_db2_db_get_age krb5_db_get_age -#define krb5_db2_db_create krb5_db_create -#define krb5_db2_db_destroy krb5_db_destroy -#define krb5_db2_db_rename krb5_db_rename -#define krb5_db2_db_get_principal krb5_db_get_principal -#define krb5_db2_db_free_principal krb5_db_free_principal -#define krb5_db2_db_put_principal krb5_db_put_principal -#define krb5_db2_db_delete_principal krb5_db_delete_principal -#define krb5_db2_db_iterate_ext krb5_db_iterate_ext -#define krb5_db2_db_iterate krb5_db_iterate -#define krb5_db2_db_lock krb5_db_lock -#define krb5_db2_db_unlock krb5_db_unlock -#define krb5_db2_db_set_lockmode krb5_db_set_lockmode -#define krb5_db2_db_close_database krb5_db_close_database -#define krb5_db2_db_open_database krb5_db_open_database -#define krb5_db2_db_set_mkey krb5_db_set_mkey -#define krb5_db2_db_get_mkey krb5_db_get_mkey +#include "policy_db.h" typedef struct _krb5_db2_context { krb5_boolean db_inited; /* Context initialized */ @@ -63,6 +43,7 @@ typedef struct _krb5_db2_context { int db_lock_mode; /* Last lock mode, e.g. greatest*/ krb5_boolean db_nb_locks; /* [Non]Blocking lock modes */ krb5_keyblock *db_master_key; /* Master key of database */ + osa_adb_policy_t policy_db; } krb5_db2_context; #define KRB5_DB2_MAX_RETRY 5 @@ -97,21 +78,23 @@ krb5_error_code krb5_db2_db_get_principal krb5_db_entry *, int *, krb5_boolean * ); -void krb5_db2_db_free_principal +krb5_error_code krb5_db2_db_free_principal (krb5_context, krb5_db_entry *, int ); krb5_error_code krb5_db2_db_put_principal (krb5_context, - krb5_db_entry *, - int * ); + krb5_db_entry *, + int *, + char **db_args + ); krb5_error_code krb5_db2_db_iterate_ext (krb5_context, krb5_error_code (*) (krb5_pointer, krb5_db_entry *), krb5_pointer, int, int ); krb5_error_code krb5_db2_db_iterate - (krb5_context, +(krb5_context,char *, krb5_error_code (*) (krb5_pointer, krb5_db_entry *), krb5_pointer ); @@ -127,4 +110,107 @@ krb5_error_code krb5_db2_db_open_database krb5_error_code krb5_db2_db_close_database (krb5_context); +krb5_error_code +krb5_db2_set_master_key_ext ( krb5_context kcontext, + char *pwd, + krb5_keyblock *key); + +krb5_error_code +krb5_db2_db_set_mkey( krb5_context context, + krb5_keyblock *key); + +krb5_error_code +krb5_db2_db_get_mkey( krb5_context context, + krb5_keyblock **key); + +krb5_error_code +krb5_db2_db_put_principal( krb5_context context, + krb5_db_entry *entries, + register int *nentries, + char **db_args); + +krb5_error_code +krb5_db2_db_delete_principal(krb5_context context, + krb5_const_principal searchfor, + int *nentries); + +krb5_error_code krb5_db2_lib_init(krb5_set_err_func_t); + +krb5_error_code krb5_db2_lib_cleanup(void); + +krb5_error_code +krb5_db2_db_unlock(krb5_context); + +krb5_error_code +krb5_db2_db_set_option ( krb5_context kcontext, + int option, + void *value ); + +krb5_error_code +krb5_db2_db_lock( krb5_context context, + int in_mode); + + +krb5_error_code +krb5_db2_open( krb5_context kcontext, + char *conf_section, + char **db_args, + int mode ); + +krb5_error_code krb5_db2_create( krb5_context kcontext, + char *conf_section, + char **db_args ); + +krb5_error_code krb5_db2_destroy( krb5_context kcontext, + char *conf_section, + char **db_args ); + +const char * krb5_db2_err2str( krb5_context kcontext, + long err_code ); + +void * +krb5_db2_alloc( krb5_context kcontext, + void *ptr, + size_t size ); + +void +krb5_db2_free( krb5_context kcontext, + void *ptr ); + + + + + +/* policy management functions */ +krb5_error_code +krb5_db2_create_policy(krb5_context context, osa_policy_ent_t entry); + +krb5_error_code krb5_db2_get_policy ( krb5_context kcontext, + char *name, + osa_policy_ent_t *policy, + int *cnt); + +krb5_error_code krb5_db2_get_policy ( krb5_context kcontext, + char *name, + osa_policy_ent_t *policy, + int *cnt); + +krb5_error_code krb5_db2_put_policy ( krb5_context kcontext, + osa_policy_ent_t policy ); + +krb5_error_code krb5_db2_iter_policy ( krb5_context kcontext, + char *match_entry, + osa_adb_iter_policy_func func, + void *data ); + +krb5_error_code krb5_db2_delete_policy ( krb5_context kcontext, + char *policy ); + +void krb5_db2_free_policy( krb5_context kcontext, + osa_policy_ent_t entry ); + + + +extern krb5_set_err_func_t krb5_db2_dal_err_funcp; + #endif /* KRB5_KDB_DB2_H */ diff --git a/src/lib/kdb/kdb_xdr.c b/src/lib/kdb/kdb_db2/kdb_xdr.c similarity index 99% rename from src/lib/kdb/kdb_xdr.c rename to src/lib/kdb/kdb_db2/kdb_xdr.c index fb0a41ea4..a5332ea6d 100644 --- a/src/lib/kdb/kdb_xdr.c +++ b/src/lib/kdb/kdb_db2/kdb_xdr.c @@ -29,6 +29,7 @@ #include #include #include +#include "kdb_xdr.h" #define safe_realloc(p,n) ((p)?(realloc(p,n)):(malloc(n))) @@ -768,6 +769,7 @@ krb5_dbe_search_enctype(kcontext, dbentp, start, ktype, stype, kvno, kdatap) if ((ret = krb5_c_enctype_compare(kcontext, (krb5_enctype) ktype, dbentp->key_data[i].key_data_type[0], &similar))) + return(ret); } diff --git a/src/lib/kdb/kdb_db2/kdb_xdr.h b/src/lib/kdb/kdb_db2/kdb_xdr.h new file mode 100644 index 000000000..2ee068fbd --- /dev/null +++ b/src/lib/kdb/kdb_db2/kdb_xdr.h @@ -0,0 +1,32 @@ +#ifndef _KDB2_XDR_H +#define _KDB2_XDR_H + +krb5_error_code +krb5_encode_princ_dbkey( krb5_context context, + krb5_data *key, + krb5_const_principal principal); + +krb5_error_code +krb5_decode_princ_contents( krb5_context context, + krb5_data * content, + krb5_db_entry * entry); + +void +krb5_dbe_free_contents( krb5_context context, + krb5_db_entry * entry); + +krb5_error_code +krb5_encode_princ_contents( krb5_context context, + krb5_data * content, + krb5_db_entry * entry); + + +void +krb5_free_princ_dbkey( krb5_context context, + krb5_data *key); + +void +krb5_free_princ_contents( krb5_context context, + krb5_data *contents); + +#endif diff --git a/src/lib/kdb/kdb_db2/libkdb_db2.exports b/src/lib/kdb/kdb_db2/libkdb_db2.exports new file mode 100644 index 000000000..b6902ebda --- /dev/null +++ b/src/lib/kdb/kdb_db2/libkdb_db2.exports @@ -0,0 +1 @@ +krb5_db_vftabl_kdb_db2 diff --git a/src/lib/kdb/kdb_db2/pol_xdr.c b/src/lib/kdb/kdb_db2/pol_xdr.c new file mode 100644 index 000000000..37761080a --- /dev/null +++ b/src/lib/kdb/kdb_db2/pol_xdr.c @@ -0,0 +1,88 @@ +#include +#include +#include +#include +#include "policy_db.h" +#ifdef HAVE_MEMORY_H +#include +#endif + +bool_t xdr_nullstring(XDR *xdrs, char **objp) +{ + u_int size; + + if (xdrs->x_op == XDR_ENCODE) { + if (*objp == NULL) + size = 0; + else + size = strlen(*objp) + 1; + } + if (! xdr_u_int(xdrs, &size)) { + return FALSE; + } + switch (xdrs->x_op) { + case XDR_DECODE: + if (size == 0) { + *objp = NULL; + return TRUE; + } else if (*objp == NULL) { + *objp = (char *) mem_alloc(size); + if (*objp == NULL) { + errno = ENOMEM; + return FALSE; + } + } + return (xdr_opaque(xdrs, *objp, size)); + + case XDR_ENCODE: + if (size != 0) + return (xdr_opaque(xdrs, *objp, size)); + return TRUE; + + case XDR_FREE: + if (*objp != NULL) + mem_free(*objp, size); + *objp = NULL; + return TRUE; + } + + return FALSE; +} + + + +bool_t +xdr_osa_policy_ent_rec(XDR *xdrs, osa_policy_ent_t objp) +{ + switch (xdrs->x_op) { + case XDR_ENCODE: + objp->version = OSA_ADB_POLICY_VERSION_1; + /* fall through */ + case XDR_FREE: + if (!xdr_int(xdrs, &objp->version)) + return FALSE; + break; + case XDR_DECODE: + if (!xdr_int(xdrs, &objp->version)) + return FALSE; + if (objp->version != OSA_ADB_POLICY_VERSION_1) + return FALSE; + break; + } + + if(!xdr_nullstring(xdrs, &objp->name)) + return (FALSE); + if (!xdr_u_int32(xdrs, &objp->pw_min_life)) + return (FALSE); + if (!xdr_u_int32(xdrs, &objp->pw_max_life)) + return (FALSE); + if (!xdr_u_int32(xdrs, &objp->pw_min_length)) + return (FALSE); + if (!xdr_u_int32(xdrs, &objp->pw_min_classes)) + return (FALSE); + if (!xdr_u_int32(xdrs, &objp->pw_history_num)) + return (FALSE); + if (!xdr_u_int32(xdrs, &objp->policy_refcnt)) + return (FALSE); + return (TRUE); +} diff --git a/src/lib/kdb/kdb_db2/policy_db.h b/src/lib/kdb/kdb_db2/policy_db.h new file mode 100644 index 000000000..772b24d07 --- /dev/null +++ b/src/lib/kdb/kdb_db2/policy_db.h @@ -0,0 +1,87 @@ +/* + * Data Types for policy and principal information that + * exists in the respective databases. + * + * $Header$ + * + * This file was originally created with rpcgen. + * It has been hacked up since then. + */ + +#ifndef __ADB_H__ +#define __ADB_H__ +#include +#include "k5-int.h" +#include +#include +#include +#include +#include "adb_err.h" +#include + +typedef long osa_adb_ret_t; + +#define OSA_ADB_POLICY_DB_MAGIC 0x12345A00 + +#define OSA_ADB_POLICY_VERSION_MASK 0x12345D00 +#define OSA_ADB_POLICY_VERSION_1 0x12345D01 + + + +typedef struct _osa_adb_db_lock_ent_t { + FILE *lockfile; + char *filename; + int refcnt, lockmode, lockcnt; + krb5_context context; +} osa_adb_lock_ent, *osa_adb_lock_t; + +typedef struct _osa_adb_db_ent_t { + int magic; + DB *db; + HASHINFO info; + BTREEINFO btinfo; + char *filename; + osa_adb_lock_t lock; + int opencnt; +} osa_adb_db_ent, *osa_adb_db_t, *osa_adb_princ_t, *osa_adb_policy_t; + +/* + * Return Code (the rest are in adb_err.h) + */ + +#define OSA_ADB_OK 0 + +/* + * Functions + */ + +krb5_error_code osa_adb_create_db(char *filename, char *lockfile, int magic); +krb5_error_code osa_adb_destroy_db(char *filename, char *lockfile, int magic); +krb5_error_code osa_adb_rename_db(char *filefrom, char *lockfrom, + char *fileto, char *lockto, int magic); +krb5_error_code osa_adb_init_db(osa_adb_db_t *dbp, char *filename, + char *lockfile, int magic); +krb5_error_code osa_adb_fini_db(osa_adb_db_t db, int magic); +krb5_error_code osa_adb_get_lock(osa_adb_db_t db, int mode); +krb5_error_code osa_adb_release_lock(osa_adb_db_t db); +krb5_error_code osa_adb_open_and_lock(osa_adb_princ_t db, int locktype); +krb5_error_code osa_adb_close_and_unlock(osa_adb_princ_t db); +krb5_error_code osa_adb_close_policy(osa_adb_policy_t db); +krb5_error_code osa_adb_create_policy(osa_adb_policy_t db, + osa_policy_ent_t entry); +krb5_error_code osa_adb_destroy_policy(osa_adb_policy_t db, + char * name); +krb5_error_code osa_adb_get_policy(osa_adb_policy_t db, + char * name, + osa_policy_ent_t *entry, + int *cnt); +krb5_error_code osa_adb_put_policy(osa_adb_policy_t db, + osa_policy_ent_t entry); +krb5_error_code osa_adb_iter_policy(osa_adb_policy_t db, + osa_adb_iter_policy_func func, + void * data); +void osa_free_policy_ent(osa_policy_ent_t val); + +bool_t xdr_osa_policy_ent_rec(XDR *xdrs, osa_policy_ent_t objp); + +#endif /* __ADB_H__ */ diff --git a/src/lib/kdb/kdb_default.c b/src/lib/kdb/kdb_default.c new file mode 100644 index 000000000..07d1cef3b --- /dev/null +++ b/src/lib/kdb/kdb_default.c @@ -0,0 +1,329 @@ +/* + * lib/kdb/kdb_helper.c + * + * Copyright 1995 by the Massachusetts Institute of Technology. + * All Rights Reserved. + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. Furthermore if you modify this software you must label + * your software as modified software and not distribute it in such a + * fashion that it might be confused with the original M.I.T. software. + * M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + * + */ + +#include "k5-int.h" +#include +#include +#include + + +/* + * Given a particular enctype and optional salttype and kvno, find the + * most appropriate krb5_key_data entry of the database entry. + * + * If stype or kvno is negative, it is ignored. + * If kvno is 0 get the key which is maxkvno for the princ and matches + * the other attributes. + */ +krb5_error_code +krb5_dbe_def_search_enctype(kcontext, dbentp, start, ktype, stype, kvno, kdatap) + krb5_context kcontext; + krb5_db_entry *dbentp; + krb5_int32 *start; + krb5_int32 ktype; + krb5_int32 stype; + krb5_int32 kvno; + krb5_key_data **kdatap; +{ + int i, idx; + int maxkvno; + krb5_key_data *datap; + krb5_error_code ret; + + ret = 0; + if (kvno == -1 && stype == -1 && ktype == -1) + kvno = 0; + + if (kvno == 0) { + /* Get the max key version */ + for (i = 0; i < dbentp->n_key_data; i++) { + if (kvno < dbentp->key_data[i].key_data_kvno) { + kvno = dbentp->key_data[i].key_data_kvno; + } + } + } + + maxkvno = -1; + datap = (krb5_key_data *) NULL; + for (i = *start; i < dbentp->n_key_data; i++) { + krb5_boolean similar; + krb5_int32 db_stype; + + ret = 0; + if (dbentp->key_data[i].key_data_ver > 1) { + db_stype = dbentp->key_data[i].key_data_type[1]; + } else { + db_stype = KRB5_KDB_SALTTYPE_NORMAL; + } + + /* + * Filter out non-permitted enctypes. + */ + if (!krb5_is_permitted_enctype(kcontext, + dbentp->key_data[i].key_data_type[0])) { + ret = KRB5_KDB_NO_PERMITTED_KEY; + continue; + } + + + if (ktype > 0) { + if ((ret = krb5_c_enctype_compare(kcontext, (krb5_enctype) ktype, + dbentp->key_data[i].key_data_type[0], + &similar))) + + return(ret); + } + + if (((ktype <= 0) || similar) && + ((db_stype == stype) || (stype < 0))) { + if (kvno >= 0) { + if (kvno == dbentp->key_data[i].key_data_kvno) { + datap = &dbentp->key_data[i]; + idx = i; + maxkvno = kvno; + break; + } + } else { + if (dbentp->key_data[i].key_data_kvno > maxkvno) { + maxkvno = dbentp->key_data[i].key_data_kvno; + datap = &dbentp->key_data[i]; + idx = i; + } + } + } + } + if (maxkvno < 0) + return ret ? ret : KRB5_KDB_NO_MATCHING_KEY; + *kdatap = datap; + *start = idx+1; + return 0; +} + +/* + * kdb default functions. Ideally, some other file should have this functions. For now, TBD. + */ +#ifndef min +#define min(a,b) (((a) < (b)) ? (a) : (b)) +#endif + +krb5_error_code +krb5_def_store_mkey(context, keyfile, mname, key, master_pwd) + krb5_context context; + char *keyfile; + krb5_principal mname; + krb5_keyblock *key; + char *master_pwd; +{ + FILE *kf; + krb5_error_code retval = 0; + krb5_ui_2 enctype; + char defkeyfile[MAXPATHLEN+1]; + krb5_data *realm = krb5_princ_realm(context, mname); +#if HAVE_UMASK + mode_t oumask; +#endif + + if (!keyfile) { + (void) strcpy(defkeyfile, DEFAULT_KEYFILE_STUB); + (void) strncat(defkeyfile, realm->data, + min(sizeof(defkeyfile)-sizeof(DEFAULT_KEYFILE_STUB)-1, + realm->length)); + defkeyfile[sizeof(defkeyfile) - 1] = '\0'; + keyfile = defkeyfile; + } + +#if HAVE_UMASK + oumask = umask(077); +#endif +#ifdef ANSI_STDIO + if (!(kf = fopen(keyfile, "wb"))) +#else + if (!(kf = fopen(keyfile, "w"))) +#endif + { +#if HAVE_UMASK + (void) umask(oumask); +#endif + return errno; + } + enctype = key->enctype; + if ((fwrite((krb5_pointer) &enctype, + 2, 1, kf) != 1) || + (fwrite((krb5_pointer) &key->length, + sizeof(key->length), 1, kf) != 1) || + (fwrite((krb5_pointer) key->contents, + sizeof(key->contents[0]), (unsigned) key->length, + kf) != key->length)) { + retval = errno; + (void) fclose(kf); + } + if (fclose(kf) == EOF) + retval = errno; +#if HAVE_UMASK + (void) umask(oumask); +#endif + return retval; +} + + +krb5_error_code +krb5_db_def_fetch_mkey( krb5_context context, + krb5_principal mname, + krb5_keyblock *key, + int *kvno, + char *db_args) +{ + krb5_error_code retval; + krb5_ui_2 enctype; + char defkeyfile[MAXPATHLEN+1]; + krb5_data *realm = krb5_princ_realm(context, mname); + FILE *kf = NULL; + + retval = 0; + key->magic = KV5M_KEYBLOCK; + (void) strcpy(defkeyfile, DEFAULT_KEYFILE_STUB); + (void) strncat(defkeyfile, realm->data, + min(sizeof(defkeyfile)-sizeof(DEFAULT_KEYFILE_STUB)-1, + realm->length)); + defkeyfile[sizeof(defkeyfile) - 1] = '\0'; + +#ifdef ANSI_STDIO + if (!(kf = fopen((db_args) ? db_args : defkeyfile, "rb"))) +#else + if (!(kf = fopen((db_args) ? db_args : defkeyfile, "r"))) +#endif + return KRB5_KDB_CANTREAD_STORED; + + if (fread((krb5_pointer) &enctype, 2, 1, kf) != 1) { + retval = KRB5_KDB_CANTREAD_STORED; + goto errout; + } + + if (key->enctype == ENCTYPE_UNKNOWN) + key->enctype = enctype; + else if (enctype != key->enctype) { + retval = KRB5_KDB_BADSTORED_MKEY; + goto errout; + } + + if (fread((krb5_pointer) &key->length, + sizeof(key->length), 1, kf) != 1) { + retval = KRB5_KDB_CANTREAD_STORED; + goto errout; + } + + if (!key->length || ((int) key->length) < 0) { + retval = KRB5_KDB_BADSTORED_MKEY; + goto errout; + } + + if (!(key->contents = (krb5_octet *)malloc(key->length))) { + retval = ENOMEM; + goto errout; + } + + if (fread((krb5_pointer) key->contents, + sizeof(key->contents[0]), key->length, kf) + != key->length) { + retval = KRB5_KDB_CANTREAD_STORED; + memset(key->contents, 0, key->length); + free(key->contents); + key->contents = 0; + } else + retval = 0; + + *kvno = 0; + + errout: + (void) fclose(kf); + return retval; + +} + + +krb5_error_code +krb5_def_verify_master_key(context, mprinc, mkey) + krb5_context context; + krb5_principal mprinc; + krb5_keyblock *mkey; +{ + krb5_error_code retval; + krb5_db_entry master_entry; + int nprinc; + krb5_boolean more; + krb5_keyblock tempkey; + + nprinc = 1; + if ((retval = krb5_db_get_principal(context, mprinc, + &master_entry, &nprinc, &more))) + return(retval); + + if (nprinc != 1) { + if (nprinc) + krb5_db_free_principal(context, &master_entry, nprinc); + return(KRB5_KDB_NOMASTERKEY); + } else if (more) { + krb5_db_free_principal(context, &master_entry, nprinc); + return(KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE); + } + + if ((retval = krb5_dbekd_decrypt_key_data(context, mkey, + &master_entry.key_data[0], + &tempkey, NULL))) { + krb5_db_free_principal(context, &master_entry, nprinc); + return retval; + } + + if (mkey->length != tempkey.length || + memcmp((char *)mkey->contents, + (char *)tempkey.contents,mkey->length)) { + retval = KRB5_KDB_BADMASTERKEY; + } + + memset((char *)tempkey.contents, 0, tempkey.length); + krb5_xfree(tempkey.contents); + krb5_db_free_principal(context, &master_entry, nprinc); + + return retval; +} + + +krb5_error_code kdb_def_set_mkey ( krb5_context kcontext, + char *pwd, + krb5_keyblock *key ) +{ + printf("default set master key\n"); + return 0; +} + +krb5_error_code kdb_def_get_mkey ( krb5_context kcontext, + krb5_keyblock **key ) +{ + printf("default get master key\n"); + return 0; +} + diff --git a/src/lib/kdb/keytab.c b/src/lib/kdb/keytab.c index 679ecad65..227a42e08 100644 --- a/src/lib/kdb/keytab.c +++ b/src/lib/kdb/keytab.c @@ -140,20 +140,19 @@ krb5_ktkdb_get_entry(in_context, id, principal, kvno, enctype, entry) xrealm_tgt = is_xrealm_tgt(context, principal); - /* Open database */ - /* krb5_db_init(context); */ - if ((kerror = krb5_db_open_database(context))) + /* Check whether database is inited. Open is commented */ + if ((kerror = krb5_db_inited(context))) return(kerror); /* get_principal */ kerror = krb5_db_get_principal(context, principal, & db_entry, &n, &more); if (kerror) { - krb5_db_close_database(context); + /* krb5_db_close_database(context); */ return(kerror); } if (n != 1) { - krb5_db_close_database(context); + /* krb5_db_close_database(context); */ return KRB5_KT_NOTFOUND; } @@ -207,8 +206,8 @@ krb5_ktkdb_get_entry(in_context, id, principal, kvno, enctype, entry) /* Close database */ error: - krb5_dbe_free_contents(context, &db_entry); - krb5_db_close_database(context); + krb5_db_free_principal(context, &db_entry, 1); + /* krb5_db_close_database(context); */ return(kerror); } diff --git a/src/lib/kdb/libkdb5.exports b/src/lib/kdb/libkdb5.exports index 47e1f0e7b..c9d53fb3d 100644 --- a/src/lib/kdb/libkdb5.exports +++ b/src/lib/kdb/libkdb5.exports @@ -97,6 +97,11 @@ kdb2_mpool_put kdb2_mpool_sync kdb2_nextkey kdb2_store +krb5_db_open +krb5_db_inited +krb5_db_clr_error +krb5_db_alloc +krb5_db_free krb5_db_close_database krb5_db_create krb5_db_delete_principal @@ -120,6 +125,7 @@ krb5_db_set_name krb5_db_setup_mkey_name krb5_db_store_mkey krb5_db_unlock +krb5_db_store_master_key krb5_db_verify_master_key krb5_dbe_apw krb5_dbe_ark @@ -150,3 +156,10 @@ krb5_ktkdb_set_context krb5_mkey_pwd_prompt1 krb5_mkey_pwd_prompt2 krb5_ser_db_context_init +krb5_db_create_policy +krb5_db_get_policy +krb5_db_put_policy +krb5_db_iter_policy +krb5_db_delete_policy +krb5_db_free_policy +krb5_db_vftabl_kdb_db2 diff --git a/src/lib/kdb/setup_mkey.c b/src/lib/kdb/setup_mkey.c deleted file mode 100644 index 61f1ef3e6..000000000 --- a/src/lib/kdb/setup_mkey.c +++ /dev/null @@ -1,74 +0,0 @@ -/* - * lib/kdb/setup_mkey.c - * - * Copyright 1990 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - * - * krb5_kdb_setup_mkey() - */ - -#include "k5-int.h" - -/* - * Given a key name and a realm name, construct a principal which can be used - * to fetch the master key from the database. - * - * If the key name is NULL, the default key name will be used. - */ - -#define REALM_SEP_STRING "@" - -krb5_error_code -krb5_db_setup_mkey_name(context, keyname, realm, fullname, principal) - krb5_context context; - const char *keyname; - const char *realm; - char **fullname; - krb5_principal *principal; -{ - krb5_error_code retval; - size_t keylen; - size_t rlen = strlen(realm); - char *fname; - - if (!keyname) - keyname = KRB5_KDB_M_NAME; /* XXX external? */ - - keylen = strlen(keyname); - - fname = malloc(keylen+rlen+strlen(REALM_SEP_STRING)+1); - if (!fname) - return ENOMEM; - - strcpy(fname, keyname); - strcat(fname, REALM_SEP_STRING); - strcat(fname, realm); - - if ((retval = krb5_parse_name(context, fname, principal))) - return retval; - if (fullname) - *fullname = fname; - else - free(fname); - return 0; -} diff --git a/src/lib/kdb/store_mkey.c b/src/lib/kdb/store_mkey.c deleted file mode 100644 index 587850e26..000000000 --- a/src/lib/kdb/store_mkey.c +++ /dev/null @@ -1,106 +0,0 @@ -/* - * lib/kdb/store_mkey.c - * - * Copyright 1990 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - * - * krb5_db_store_mkey(): - * Store a database master key in a file. - */ - - -#include -#include "k5-int.h" - -/* Just in case sysincl.h didn't get it */ - -#ifndef MAXPATHLEN -#define MAXPATHLEN 1024 -#endif - -/* - * Put the KDC database master key into a file. If keyfile is NULL, - * then a default name derived from the principal name mname is used. - */ - -#ifndef min -#define min(a,b) (((a) < (b)) ? (a) : (b)) -#endif - -krb5_error_code -krb5_db_store_mkey(context, keyfile, mname, key) - krb5_context context; - char *keyfile; - krb5_principal mname; - krb5_keyblock *key; -{ - FILE *kf; - krb5_error_code retval = 0; - krb5_ui_2 enctype; - char defkeyfile[MAXPATHLEN+1]; - krb5_data *realm = krb5_princ_realm(context, mname); -#if HAVE_UMASK - mode_t oumask; -#endif - - if (!keyfile) { - (void) strcpy(defkeyfile, DEFAULT_KEYFILE_STUB); - (void) strncat(defkeyfile, realm->data, - min(sizeof(defkeyfile)-sizeof(DEFAULT_KEYFILE_STUB)-1, - realm->length)); - defkeyfile[sizeof(defkeyfile) - 1] = '\0'; - keyfile = defkeyfile; - } - -#if HAVE_UMASK - oumask = umask(077); -#endif -#ifdef ANSI_STDIO - if (!(kf = fopen(keyfile, "wb"))) -#else - if (!(kf = fopen(keyfile, "w"))) -#endif - { -#if HAVE_UMASK - (void) umask(oumask); -#endif - return errno; - } - enctype = key->enctype; - if ((fwrite((krb5_pointer) &enctype, - 2, 1, kf) != 1) || - (fwrite((krb5_pointer) &key->length, - sizeof(key->length), 1, kf) != 1) || - (fwrite((krb5_pointer) key->contents, - sizeof(key->contents[0]), (unsigned) key->length, - kf) != key->length)) { - retval = errno; - (void) fclose(kf); - } - if (fclose(kf) == EOF) - retval = errno; -#if HAVE_UMASK - (void) umask(oumask); -#endif - return retval; -} diff --git a/src/lib/kdb/t_kdb.c b/src/lib/kdb/t_kdb.c deleted file mode 100644 index 769d3e68b..000000000 --- a/src/lib/kdb/t_kdb.c +++ /dev/null @@ -1,1091 +0,0 @@ -/* - * lib/kdb/t_kdb.c - * - * Copyright 1995 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - */ - -/* - * t_kdb.c - Test [and optionally obtain timing information about] the - * Kerberos database functions. - */ - -#define KDB5_DISPATCH -#include "k5-int.h" -#include -#include -#include -#include "com_err.h" - -#if HAVE_SRAND48 -#define RAND() lrand48() -#define SRAND(a) srand48(a) -#define RAND_TYPE long -#elif HAVE_SRAND -#define RAND() rand() -#define SRAND(a) srand(a) -#define RAND_TYPE int -#elif HAVE_SRANDOM -#define RAND() random() -#define SRAND(a) srandom(a) -#define RAND_TYPE long -#else /* no random */ -need a random number generator -#endif /* no random */ - -#define T_KDB_N_PASSES 100 -#define T_KDB_DEF_DB "test_db" -#define MAX_PNAME_LEN 1024 -#define MAX_PRINC_COMPS 8 -#define MAX_COMP_SIZE 32 - -#define RANDOM(a,b) (a + (RAND() % (b-a))) - -enum dbtype { DB_UFO, DB_DEFAULT, DB_BERKELEY, DB_DBM }; - -char *programname = (char *) NULL; -krb5_data mprinc_data_entries[] = { - { 0, sizeof("master")-1, "master"}, - { 0, sizeof("key")-1, "key"} -}; - -krb5_principal_data master_princ_data = { - 0, /* Magic number */ - { 0, sizeof("test.realm")-1, "test.realm"}, /* Realm */ - mprinc_data_entries, /* Name/instance */ - sizeof(mprinc_data_entries)/ - sizeof(mprinc_data_entries[0]), /* Number */ - KRB5_NT_SRV_INST /* Type */ -}; - -struct timeval tstart_time, tend_time; -struct timezone dontcare; -krb5_principal *recorded_principals = (krb5_principal *) NULL; -char **recorded_names = (char **) NULL; - -#ifdef BERK_DB_DBM -extern DBM *db_dbm_open (char *, int, int); -extern void db_dbm_close (DBM *); -extern datum db_dbm_fetch (DBM *, datum); -extern datum db_dbm_firstkey (DBM *); -extern datum db_dbm_nextkey (DBM *); -extern int db_dbm_delete (DBM *, datum); -extern int db_dbm_store (DBM *, datum, datum, int); -extern int db_dbm_error (DBM *); -extern int db_dbm_clearerr (DBM *); -extern int db_dbm_dirfno (DBM *); - -static kdb5_dispatch_table berkeley_dispatch = { - "Berkeley Hashed Database", - ".db", /* Index file name ext */ - (char *) NULL, /* Data file name ext */ - ".ok", /* Lock file name ext */ - db_dbm_open, /* Open Database */ - db_dbm_close, /* Close Database */ - db_dbm_fetch, /* Fetch Key */ - db_dbm_firstkey, /* Fetch First Key */ - db_dbm_nextkey, /* Fetch Next Key */ - db_dbm_delete, /* Delete Key */ - db_dbm_store, /* Store Key */ - db_dbm_error, /* Get Database Error */ - db_dbm_clearerr, /* Clear Database Error */ - db_dbm_dirfno, /* Get Database FD num */ - (int (*)()) NULL /* Get Database FD num */ -}; -#endif - -#if defined(NDBM) || defined(ODBM) -/* - * The following prototypes are necessary in case dbm_error and - * dbm_clearerr are in the library but not prototyped - * (e.g. NetBSD-1.0) - */ -#ifdef MISSING_ERROR_PROTO -int dbm_error (DBM *); -#endif -#ifdef MISSING_CLEARERR_PROTO -int dbm_clearerr (DBM *); -#endif - -static kdb5_dispatch_table dbm_dispatch = { - "Stock [N]DBM Database", - ".dir", /* Index file name ext */ - ".pag", /* Data file name ext */ - ".ok", /* Lock file name ext */ - dbm_open, /* Open Database */ - dbm_close, /* Close Database */ - dbm_fetch, /* Fetch Key */ - dbm_firstkey, /* Fetch First Key */ - dbm_nextkey, /* Fetch Next Key */ - dbm_delete, /* Delete Key */ - dbm_store, /* Store Key */ - /* - * The following are #ifdef'd because they have the potential to be - * macros rather than functions. - */ -#ifdef dbm_error - (int (*)()) NULL, /* Get Database Error */ -#else /* dbm_error */ -#ifdef HAVE_DBM_ERROR - dbm_error, /* Get Database Error */ -#else - (int (*)()) NULL, /* Get Database Error */ -#endif -#endif /* dbm_error */ -#ifdef dbm_clearerr - (int (*)()) NULL, /* Clear Database Error */ -#else /* dbm_clearerr */ -#ifdef HAVE_DBM_CLEARERR - dbm_clearerr, /* Clear Database Error */ -#else - (int (*)()) NULL, /* Clear Database Error */ -#endif -#endif /* dbm_clearerr */ -#ifdef dbm_dirfno - (int (*)()) NULL, /* Get Database FD num */ -#else /* dbm_dirfno */ - dbm_dirfno, /* Get Database FD num */ -#endif /* dbm_dirfno */ -#ifdef dbm_pagfno - (int (*)()) NULL, /* Get Database FD num */ -#else /* dbm_pagfno */ - dbm_pagfno, /* Get Database FD num */ -#endif /* dbm_pagfno */ -}; -#endif /* NDBM || ODBM */ - - -/* - * Timer macros. - */ -#define swatch_on() ((void) gettimeofday(&tstart_time, &dontcare)) -#define swatch_eltime() ((gettimeofday(&tend_time, &dontcare)) ? -1.0 : \ - (((float) (tend_time.tv_sec - \ - tstart_time.tv_sec)) + \ - (((float) (tend_time.tv_usec - \ - tstart_time.tv_usec))/1000000.0))) - -/* - * Free all principals and names in the recorded names list. - */ -static void -free_principals(kcontext, nentries) - krb5_context kcontext; - int nentries; -{ - int i; - if (recorded_principals) { - for (i=0; ienctype, &lkey); - if (kret) - goto out; - rkey = &lkey; - } else - rkey = key; - - if ((kret = krb5_dbe_create_key_data(kcontext, &dbent))) - goto out; - if ((kret = krb5_dbekd_encrypt_key_data(kcontext, mkey, rkey, NULL, 1, - &dbent.key_data[0]))) - goto out; - - if (!key) - krb5_free_keyblock_contents(kcontext, rkey); - - kret = krb5_db_put_principal(kcontext, &dbent, &nentries); - if ((!kret) && (nentries != 1)) - kret = KRB5_KDB_UK_SERROR; - out: - krb5_dbe_free_contents(kcontext, &dbent); - return(kret); -} - -/* - * Generate a principal name. - */ -static krb5_error_code -gen_principal(kcontext, realm, do_rand, n, princp, namep) - krb5_context kcontext; - char *realm; - int do_rand; - int n; - krb5_principal *princp; - char **namep; -{ - static char pnamebuf[MAX_PNAME_LEN]; - static char *instnames[] = { - "instance1", "xxx2", "whereami3", "ABCDEFG4", "foofoo5" }; - static char *princnames[] = { - "princ1", "user2", "service3" }; - - krb5_error_code kret; - char *instname; - char *princbase; - int ncomps; - int i, complen, j; - char *cp; - - if (do_rand) { - ncomps = RANDOM(1,MAX_PRINC_COMPS); - cp = pnamebuf; - for (i=0; i= pnamebuf + sizeof(pnamebuf)) - break; - } - if(cp + strlen(realm) >= pnamebuf + sizeof(pnamebuf)) - break; - *cp = '/'; - cp++; - } - if(cp + strlen(realm) < pnamebuf + sizeof(pnamebuf)) { - cp[-1] = '@'; - strcpy(cp, realm); - } else { - strcpy(cp , ""); - } - } - else { - instname = instnames[n % (sizeof(instnames)/sizeof(instnames[0]))]; - princbase = princnames[n % (sizeof(princnames)/sizeof(princnames[0]))]; - sprintf(pnamebuf, "%s%d/%s@%s", princbase, n, instname, realm); - } - kret = krb5_parse_name(kcontext, pnamebuf, princp); - *namep = (!kret) ? pnamebuf : (char *) NULL; - return(kret); -} - -/* - * Find a principal in the database. - */ -static krb5_error_code -find_principal(kcontext, principal, docompare) - krb5_context kcontext; - krb5_principal principal; - krb5_boolean docompare; -{ - krb5_error_code kret; - krb5_db_entry dbent; - krb5_principal mod_princ; - krb5_timestamp mod_time; - int how_many; - krb5_boolean more; - - more = 0; - how_many = 1; - if ((kret = krb5_db_get_principal(kcontext, principal, &dbent, - &how_many, &more))) - return(kret); - if (how_many == 0) - return(KRB5_KDB_NOENTRY); - - if ((kret = krb5_dbe_lookup_mod_princ_data(kcontext, &dbent, - &mod_time, &mod_princ))) - - return(kret); - - if (docompare) { - if ((dbent.max_life != KRB5_KDB_MAX_LIFE) || - (dbent.max_renewable_life != KRB5_KDB_MAX_RLIFE) || - (dbent.expiration != KRB5_KDB_EXPIRATION) || - (dbent.attributes != KRB5_KDB_DEF_FLAGS) || - !krb5_principal_compare(kcontext, principal, dbent.princ) || - !krb5_principal_compare(kcontext, principal, mod_princ)) - kret = KRB5_PRINC_NOMATCH; - } - - krb5_db_free_principal(kcontext, &dbent, how_many); - krb5_free_principal(kcontext, mod_princ); - if (!kret) - return(((how_many == 1) && (more == 0)) ? 0 : KRB5KRB_ERR_GENERIC); - else - return(kret); - -} - -/* - * Delete a principal. - */ -static krb5_error_code -delete_principal(kcontext, principal) - krb5_context kcontext; - krb5_principal principal; -{ - krb5_error_code kret; - int num2delete; - - num2delete = 1; - if ((kret = krb5_db_delete_principal(kcontext, principal, &num2delete))) - return(kret); - return((num2delete == 1) ? 0 : KRB5KRB_ERR_GENERIC); -} - -static int -do_testing(db, passes, verbose, timing, rcases, check, save_db, dontclean, - ptest, hash) - char *db; - int passes; - int verbose; - int timing; - int rcases; - int check; - int save_db; - int dontclean; - int ptest; - int hash; -{ - krb5_error_code kret; - krb5_context kcontext; - char *op, *linkage, *oparg; - krb5_principal master_princ; - int master_princ_set = 0; - char *mkey_name; - char *realm; - char *mkey_fullname; - char *master_passwd; - krb5_data salt_data; - krb5_encrypt_block master_encblock; - krb5_keyblock master_keyblock; - krb5_data passwd; - krb5_pointer rseed; - krb5_boolean db_open, db_created; - int passno; - krb5_principal principal; - char *pname; - float elapsed; - krb5_keyblock stat_kb; - krb5_int32 crflags; - - mkey_name = "master/key"; - realm = master_princ_data.realm.data; - mkey_fullname = (char *) NULL; - master_princ = (krb5_principal) NULL; - master_passwd = "master_password"; - db_open = 0; - db_created = 0; - linkage = ""; - oparg = ""; - crflags = hash ? KRB5_KDB_CREATE_HASH : KRB5_KDB_CREATE_BTREE; - - memset(&master_keyblock, 0, sizeof(master_keyblock)); - - /* Set up some initial context */ - op = "initializing krb5"; - kret = krb5_init_context(&kcontext); - if (kret) - goto goodbye; - - /* - * The database had better not exist. - */ - op = "making sure database doesn't exist"; - if (!(kret = krb5_db_set_name(kcontext, db))) { - kret = EEXIST; - goto goodbye; - } - - /* Set up the master key name */ - op = "setting up master key name"; - if ((kret = krb5_db_setup_mkey_name(kcontext, mkey_name, realm, - &mkey_fullname, &master_princ))) - goto goodbye; - - master_princ_set = 1; - if (verbose) - fprintf(stdout, "%s: Initializing '%s', master key is '%s'\n", - programname, db, mkey_fullname); - - free(mkey_fullname); - mkey_fullname = 0; - - op = "salting master key"; - if ((kret = krb5_principal2salt(kcontext, master_princ, &salt_data))) - goto goodbye; - - op = "converting master key"; - krb5_use_enctype(kcontext, &master_encblock, DEFAULT_KDC_ENCTYPE); - master_keyblock.enctype = DEFAULT_KDC_ENCTYPE; - passwd.length = strlen(master_passwd); - passwd.data = master_passwd; - if ((kret = krb5_string_to_key(kcontext, &master_encblock, - &master_keyblock, &passwd, &salt_data))) - goto goodbye; - /* Clean up */ - free(salt_data.data); - - /* Process master key */ - op = "processing master key"; - if ((kret = krb5_process_key(kcontext, &master_encblock, - &master_keyblock))) - goto goodbye; - - /* Initialize random key generator */ - op = "initializing random key generator"; - if ((kret = krb5_init_random_key(kcontext, - &master_encblock, - &master_keyblock, - &rseed))) - goto goodbye; - - /* Create database */ - op = "creating database"; - if ((kret = krb5_db_create(kcontext, db, crflags))) - goto goodbye; - - db_created = 1; - - /* Set this database as active. */ - op = "setting active database"; - if ((kret = krb5_db_set_name(kcontext, db))) - goto goodbye; - - /* Initialize database */ - op = "initializing database"; - if ((kret = krb5_db_init(kcontext))) - goto goodbye; - - db_open = 1; - op = "adding master principal"; - if ((kret = add_principal(kcontext, - master_princ, - &master_keyblock, - &master_keyblock))) - goto goodbye; - - - stat_kb.enctype = DEFAULT_KDC_ENCTYPE; - stat_kb.length = 8; - stat_kb.contents = (krb5_octet *) "helpmeee"; - - /* We are now ready to proceed to test. */ - if (verbose) - fprintf(stdout, "%s: Beginning %stest\n", - programname, (rcases) ? "random " : ""); - init_princ_recording(kcontext, passes); - if (rcases) { - struct tacc { - float t_time; - int t_number; - } accumulated[3]; - int i, nvalid, discrim, highwater, coinflip; - krb5_keyblock *kbp; - - /* Generate random cases */ - for (i=0; i<3; i++) { - accumulated[i].t_time = 0.0; - accumulated[i].t_number = 0; - } - - /* - * Generate principal names. - */ - if (verbose > 1) - fprintf(stdout, "%s: generating %d names\n", - programname, passes); - for (passno=0; passno passes) - nvalid = passes; - - if (verbose > 1) - fprintf(stdout, "%s: priming database with %d principals\n", - programname, nvalid); - highwater = 0; - for (passno=0; passno 4) - fprintf(stderr, "*A(%s)\n", playback_name(passno)); - highwater++; - } - - if (verbose > 1) - fprintf(stderr, "%s: beginning random loop\n", programname); - /* Loop through some number of times and pick random operations */ - for (i=0; i<3*passes; i++) { - discrim = RANDOM(0,100); - - /* Add a principal 25% of the time, if possible */ - if ((discrim < 25) && (nvalid < passes)) { - op = "adding principal"; - coinflip = RANDOM(0,2); - kbp = (coinflip) ? &stat_kb : (krb5_keyblock *) NULL; - if (timing) { - swatch_on(); - } - if ((kret = add_principal(kcontext, - playback_principal(nvalid), - &master_keyblock, kbp))) { - oparg = playback_name(nvalid); - goto cya; - } - if (timing) { - elapsed = swatch_eltime(); - accumulated[0].t_time += elapsed; - accumulated[0].t_number++; - } - if (verbose > 4) - fprintf(stderr, "*A(%s)\n", playback_name(nvalid)); - nvalid++; - if (nvalid > highwater) - highwater = nvalid; - } - /* Delete a principal 15% of the time, if possible */ - else if ((discrim > 85) && (nvalid > 10)) { - op = "deleting principal"; - if (timing) { - swatch_on(); - } - if ((kret = delete_principal(kcontext, - playback_principal(nvalid-1)))) { - oparg = playback_name(nvalid-1); - goto cya; - } - if (timing) { - elapsed = swatch_eltime(); - accumulated[2].t_time += elapsed; - accumulated[2].t_number++; - } - if (verbose > 4) - fprintf(stderr, "XD(%s)\n", playback_name(nvalid-1)); - nvalid--; - } - /* Otherwise, find a principal */ - else { - op = "looking up principal"; - passno = RANDOM(0, nvalid); - if (timing) { - swatch_on(); - } - if ((kret = find_principal(kcontext, - playback_principal(passno), - check))) { - oparg = playback_name(passno); - goto cya; - } - if (timing) { - elapsed = swatch_eltime(); - accumulated[1].t_time += elapsed; - accumulated[1].t_number++; - } - if (verbose > 4) - fprintf(stderr, "-S(%s)\n", playback_name(passno)); - } - } - - if (!dontclean) { - /* Clean up the remaining principals */ - if (verbose > 1) - fprintf(stdout, "%s: deleting remaining %d principals\n", - programname, nvalid); - for (passno=0; passno 4) - fprintf(stderr, "XD(%s)\n", playback_name(passno)); - } - } - cya: - if (verbose) - fprintf(stdout, - "%s: highwater mark was %d principals\n", - programname, highwater); - if (accumulated[0].t_number && timing) - fprintf(stdout, - "%s: performed %8d additions in %9.4f seconds (%9.4f/add)\n", - programname, accumulated[0].t_number, - accumulated[0].t_time, - accumulated[0].t_time / (float) accumulated[0].t_number); - if (accumulated[1].t_number && timing) - fprintf(stdout, - "%s: performed %8d lookups in %9.4f seconds (%9.4f/search)\n", - programname, accumulated[1].t_number, - accumulated[1].t_time, - accumulated[1].t_time / (float) accumulated[1].t_number); - if (accumulated[2].t_number && timing) - fprintf(stdout, - "%s: performed %8d deletions in %9.4f seconds (%9.4f/delete)\n", - programname, accumulated[2].t_number, - accumulated[2].t_time, - accumulated[2].t_time / (float) accumulated[2].t_number); - if (kret) - goto goodbye; - } - else { - /* - * Generate principal names. - */ - for (passno=0; passno 4) - fprintf(stderr, "*A(%s)\n", playback_name(passno)); - } - if (timing) { - elapsed = swatch_eltime(); - fprintf(stdout, - "%s: added %d principals in %9.4f seconds (%9.4f/add)\n", - programname, passes, elapsed, elapsed/((float) passes)); - } - - /* - * Lookup principals. - */ - if (timing) { - swatch_on(); - } - for (passno=0; passno 4) - fprintf(stderr, "-S(%s)\n", playback_name(passno)); - } - if (timing) { - elapsed = swatch_eltime(); - fprintf(stdout, - "%s: found %d principals in %9.4f seconds (%9.4f/search)\n", - programname, passes, elapsed, elapsed/((float) passes)); - } - - /* - * Delete principals. - */ - if (!dontclean) { - if (timing) { - swatch_on(); - } - for (passno=passes-1; passno>=0; passno--) { - op = "deleting principal"; - if ((kret = delete_principal(kcontext, - playback_principal(passno)))) - goto goodbye; - if (verbose > 4) - fprintf(stderr, "XD(%s)\n", playback_name(passno)); - } - if (timing) { - elapsed = swatch_eltime(); - fprintf(stdout, - "%s: deleted %d principals in %9.4f seconds (%9.4f/delete)\n", - programname, passes, elapsed, - elapsed/((float) passes)); - } - } - - } - - goodbye: - if(master_princ_set) { - krb5_free_principal(kcontext, master_princ); - } - if (kret) - fprintf(stderr, "%s: error while %s %s%s(%s)\n", - programname, op, linkage, oparg, error_message(kret)); - - if (!kret && ptest) { - int nper; - pid_t children[32], child; - int nprocs, existat, i, j, fd; - - nprocs = ptest + 1; - if (nprocs > 32) - nprocs = 32; - - nper = passes / nprocs; - unlink("./test.lock"); - for (i=0; i 4) - fprintf(stderr, "*A[%ld](%s)\n", (long) getpid(), - playback_name(base+j)); - } - for (j=0; (j 4) - fprintf(stderr, "-S[%ld](%s)\n", (long) getpid(), - playback_name(base+j)); - } - for (j=0; (j 4) - fprintf(stderr, "XD[%ld](%s)\n", (long) getpid(), - playback_name(base+j)); - } - krb5_db_fini(ccontext); - krb5_free_context(ccontext); - exit((kret) ? 1 : 0); - } - else - children[i] = child; - } - fd = open("./test.lock", O_CREAT|O_RDWR|O_EXCL, 0666); - close(fd); - sleep(1); - unlink("./test.lock"); - for (i=0; i] - Use as the number of passes. - * [-c] - Check contents. - * [-v] - Verbose output. - * [-d ] - Database name. - * [-s] - Save database even on successful completion. - * [-D] - Leave database dirty. - */ -int -main(argc, argv) - int argc; - char *argv[]; -{ - int option; - extern char *optarg; - - int do_time, do_random, num_passes, check_cont, verbose, error; - int save_db, dont_clean, do_ptest, hash; - char *db_name; - - programname = argv[0]; - if (strrchr(programname, (int) '/')) - programname = strrchr(programname, (int) '/') + 1; - SRAND((RAND_TYPE)time((void *) NULL)); - - /* Default values. */ - do_time = 0; - do_random = 0; - num_passes = T_KDB_N_PASSES; - check_cont = 0; - verbose = 0; - db_name = T_KDB_DEF_DB; - save_db = 0; - dont_clean = 0; - error = 0; - do_ptest = 0; - hash = 0; - - /* Parse argument list */ - while ((option = getopt(argc, argv, "cd:n:prstvDh")) != -1) { - switch (option) { - case 'c': - check_cont = 1; - break; - case 'd': - db_name = optarg; - break; - case 'n': - if (sscanf(optarg, "%d", &num_passes) != 1) { - fprintf(stderr, "%s: %s is not a valid number for %c option\n", - programname, optarg, option); - error++; - } - break; - case 'p': - do_ptest++; - break; - case 'r': - do_random = 1; - break; - case 's': - save_db = 1; - break; - case 't': - do_time = 1; - break; - case 'v': - verbose++; - break; - case 'D': - dont_clean = 1; - break; - case 'h': - hash = 1; - break; - default: - error++; - break; - } - } - if (error) - fprintf(stderr, "%s: usage is %s [-cprstv] [-d ] [-n ]\n", - programname, programname); - else - error = do_testing(db_name, - num_passes, - verbose, - do_time, - do_random, - check_cont, - save_db, - dont_clean, - do_ptest, - hash); - return(error); -} - - diff --git a/src/lib/kdb/t_krb5.conf b/src/lib/kdb/t_krb5.conf deleted file mode 100644 index 5882d9770..000000000 --- a/src/lib/kdb/t_krb5.conf +++ /dev/null @@ -1,29 +0,0 @@ -[libdefaults] - ticket_lifetime = 600 - default_realm = ATHENA.MIT.EDU - -[realms] - ATHENA.MIT.EDU = { - kdc = KERBEROS-2.MIT.EDU:88 - kdc = KERBEROS.MIT.EDU - kdc = KERBEROS-1.MIT.EDU - admin_server = KERBEROS.MIT.EDU - default_domain = MIT.EDU - v4_instance_convert = { - mit = mit.edu - lithium = lithium.lcs.mit.edu - } - } - CYGNUS.COM = { - kdc = KERBEROS-1.CYGNUS.COM - kdc = KERBEROS.CYGNUS.COM - admin_server = KERBEROS.MIT.EDU - } - -[domain_realm] - .mit.edu = ATHENA.MIT.EDU - mit.edu = ATHENA.MIT.EDU - .media.mit.edu = MEDIA-LAB.MIT.EDU - media.mit.edu = MEDIA-LAB.MIT.EDU - .ucsc.edu = CATS.UCSC.EDU - diff --git a/src/lib/kdb/verify_mky.c b/src/lib/kdb/verify_mky.c deleted file mode 100644 index 452dc45ba..000000000 --- a/src/lib/kdb/verify_mky.c +++ /dev/null @@ -1,81 +0,0 @@ -/* - * lib/kdb/verify_mky.c - * - * Copyright 1990,1991 by the Massachusetts Institute of Technology. - * All Rights Reserved. - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - * - * - * krb5_db_verify_master_key(); - */ - -#include "k5-int.h" - -/* - * Verify that the master key in *mkey matches the database entry - * for mprinc. - */ - -krb5_error_code -krb5_db_verify_master_key(context, mprinc, mkey) - krb5_context context; - krb5_principal mprinc; - krb5_keyblock *mkey; -{ - krb5_error_code retval; - krb5_db_entry master_entry; - int nprinc; - krb5_boolean more; - krb5_keyblock tempkey; - - nprinc = 1; - if ((retval = krb5_db_get_principal(context, mprinc, - &master_entry, &nprinc, &more))) - return(retval); - - if (nprinc != 1) { - if (nprinc) - krb5_db_free_principal(context, &master_entry, nprinc); - return(KRB5_KDB_NOMASTERKEY); - } else if (more) { - krb5_db_free_principal(context, &master_entry, nprinc); - return(KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE); - } - - if ((retval = krb5_dbekd_decrypt_key_data(context, mkey, - &master_entry.key_data[0], - &tempkey, NULL))) { - krb5_db_free_principal(context, &master_entry, nprinc); - return retval; - } - - if (mkey->length != tempkey.length || - memcmp((char *)mkey->contents, - (char *)tempkey.contents,mkey->length)) { - retval = KRB5_KDB_BADMASTERKEY; - } - - memset((char *)tempkey.contents, 0, tempkey.length); - krb5_xfree(tempkey.contents); - krb5_db_free_principal(context, &master_entry, nprinc); - - return retval; -} diff --git a/src/lib/krb5.saber.source b/src/lib/krb5.saber.source deleted file mode 100644 index a4c374a33..000000000 --- a/src/lib/krb5.saber.source +++ /dev/null @@ -1,18 +0,0 @@ -setopt load_flags -I/usr/athena/include -I/u2/krb5/include -I/mit/krb5/src/include -DNARROW_PROTOTYPES -load /mit/krb5/src/lib/cryptoconf.c /mit/krb5/src/lib/syslog.c /mit/krb5/src/lib/strdup.c - -load /mit/krb5/src/lib/krb/addr_comp.c /mit/krb5/src/lib/krb/addr_order.c /mit/krb5/src/lib/krb/addr_srch.c /u2/krb5/lib/krb/bld_pr_ext.o /u2/krb5/lib/krb/bld_princ.o /mit/krb5/src/lib/krb/conv_princ.c /mit/krb5/src/lib/krb/copy_addrs.c /mit/krb5/src/lib/krb/copy_auth.c /mit/krb5/src/lib/krb/copy_athctr.c /mit/krb5/src/lib/krb/copy_checksum.c /mit/krb5/src/lib/krb/copy_creds.c /mit/krb5/src/lib/krb/copy_data.c /mit/krb5/src/lib/krb/copy_key.c /mit/krb5/src/lib/krb/copy_princ.c /mit/krb5/src/lib/krb/copy_tick.c /mit/krb5/src/lib/krb/cp_key_cnt.c /mit/krb5/src/lib/krb/decode_kdc.c /mit/krb5/src/lib/krb/decrypt_tk.c /mit/krb5/src/lib/krb/encode_kdc.c /mit/krb5/src/lib/krb/encrypt_tk.c /mit/krb5/src/lib/krb/free_rtree.c /mit/krb5/src/lib/krb/faddr_ordr.c /mit/krb5/src/lib/krb/gc_frm_kdc.c /mit/krb5/src/lib/krb/gc_via_tgt.c /mit/krb5/src/lib/krb/gc_2tgt.c /mit/krb5/src/lib/krb/gen_seqnum.c /mit/krb5/src/lib/krb/gen_subkey.c /mit/krb5/src/lib/krb/get_creds.c /mit/krb5/src/lib/krb/get_in_tkt.c /mit/krb5/src/lib/krb/in_tkt_pwd.c /mit/krb5/src/lib/krb/in_tkt_sky.c /mit/krb5/src/lib/krb/kdc_rep_dc.c /mit/krb5/src/lib/krb/krbconfig.c /mit/krb5/src/lib/krb/mk_error.c /mit/krb5/src/lib/krb/mk_priv.c /mit/krb5/src/lib/krb/mk_rep.c /mit/krb5/src/lib/krb/mk_req.c /mit/krb5/src/lib/krb/mk_req_ext.c /mit/krb5/src/lib/krb/mk_safe.c /mit/krb5/src/lib/krb/parse.c /mit/krb5/src/lib/krb/pr_to_salt.c /mit/krb5/src/lib/krb/princ_comp.c /mit/krb5/src/lib/krb/rd_error.c /mit/krb5/src/lib/krb/rd_priv.c /mit/krb5/src/lib/krb/rd_rep.c /mit/krb5/src/lib/krb/rd_req.c /mit/krb5/src/lib/krb/rd_req_sim.c /mit/krb5/src/lib/krb/rd_req_dec.c /mit/krb5/src/lib/krb/rd_safe.c /mit/krb5/src/lib/krb/recvauth.c /mit/krb5/src/lib/krb/sendauth.c /mit/krb5/src/lib/krb/send_tgs.c /mit/krb5/src/lib/krb/srv_rcache.c /mit/krb5/src/lib/krb/tgtname.c /mit/krb5/src/lib/krb/unparse.c /mit/krb5/src/lib/krb/walk_rtree.c - -load -DPEPSY_LINKABLE_FUNCS -I/usr/athena/include -I/u2/krb5/include -I/mit/krb5/src/include -DNARROW_PROTOTYPES /u2/krb5/src/lib/asn.1/KRB5_tables.c /mit/krb5/src/lib/asn.1/encode.c /mit/krb5/src/lib/asn.1/decode.c /mit/krb5/src/lib/asn.1/adat2kadat.c /mit/krb5/src/lib/asn.1/addr2kaddr.c /mit/krb5/src/lib/asn.1/adr2kadr.c /mit/krb5/src/lib/asn.1/aprp2kaprp.c /mit/krb5/src/lib/asn.1/aprq2kaprq.c /mit/krb5/src/lib/asn.1/arep2karep.c /mit/krb5/src/lib/asn.1/auth2kauth.c /mit/krb5/src/lib/asn.1/cvt_flags.c /mit/krb5/src/lib/asn.1/ck2kck.c /mit/krb5/src/lib/asn.1/edat2kedat.c /mit/krb5/src/lib/asn.1/ekrp2kekrp.c /mit/krb5/src/lib/asn.1/enck2kkey.c /mit/krb5/src/lib/asn.1/err2kerr.c /mit/krb5/src/lib/asn.1/etpt2ketpt.c /mit/krb5/src/lib/asn.1/g2unix.c /mit/krb5/src/lib/asn.1/kadat2adat.c /mit/krb5/src/lib/asn.1/kaddr2addr.c /mit/krb5/src/lib/asn.1/kadr2adr.c /mit/krb5/src/lib/asn.1/kaprp2aprp.c /mit/krb5/src/lib/asn.1/kaprq2aprq.c /mit/krb5/src/lib/asn.1/karep2arep.c /mit/krb5/src/lib/asn.1/kauth2auth.c /mit/krb5/src/lib/asn.1/kck2ck.c /mit/krb5/src/lib/asn.1/kdcr2kkdcr.c /mit/krb5/src/lib/asn.1/kdcr2ktgsr.c /mit/krb5/src/lib/asn.1/kedat2edat.c /mit/krb5/src/lib/asn.1/kekrp2ekrp.c /mit/krb5/src/lib/asn.1/kerr2err.c /mit/krb5/src/lib/asn.1/ketpt2etpt.c /mit/krb5/src/lib/asn.1/kkdcr2kdcr.c /mit/krb5/src/lib/asn.1/kkey2enck.c /mit/krb5/src/lib/asn.1/klsrq2lsrq.c /mit/krb5/src/lib/asn.1/kprep2prep.c /mit/krb5/src/lib/asn.1/kprin2prin.c /mit/krb5/src/lib/asn.1/kpriv2priv.c /mit/krb5/src/lib/asn.1/ksafe2safe.c /mit/krb5/src/lib/asn.1/ktran2tran.c /mit/krb5/src/lib/asn.1/ktgrq2tgrq.c /mit/krb5/src/lib/asn.1/ktgsr2kdcr.c /mit/krb5/src/lib/asn.1/ktkt2tkt.c /mit/krb5/src/lib/asn.1/lsrq2klsrq.c /mit/krb5/src/lib/asn.1/prep2kprep.c /mit/krb5/src/lib/asn.1/prin2kprin.c /mit/krb5/src/lib/asn.1/priv2kpriv.c /mit/krb5/src/lib/asn.1/qbuf2data.c /mit/krb5/src/lib/asn.1/safe2ksafe.c /mit/krb5/src/lib/asn.1/tran2ktran.c /mit/krb5/src/lib/asn.1/tgrq2ktgrq.c /mit/krb5/src/lib/asn.1/tkt2ktkt.c /mit/krb5/src/lib/asn.1/u2gen.c /mit/krb5/src/lib/asn.1/kasrp2kdcr.c /mit/krb5/src/lib/asn.1/kpwd2pwd.c /mit/krb5/src/lib/asn.1/kpwds2pwds.c /mit/krb5/src/lib/asn.1/pwd2kpwd.c /mit/krb5/src/lib/asn.1/pwds2kpwds.c - -load /mit/krb5/src/lib/free/f_addr.c /mit/krb5/src/lib/free/f_address.c /mit/krb5/src/lib/free/f_arep_enc.c /mit/krb5/src/lib/free/f_ap_rep.c /mit/krb5/src/lib/free/f_ap_req.c /mit/krb5/src/lib/free/f_authdata.c /mit/krb5/src/lib/free/f_authent.c /mit/krb5/src/lib/free/f_cksum.c /mit/krb5/src/lib/free/f_creds.c /mit/krb5/src/lib/free/f_cred_cnt.c /mit/krb5/src/lib/free/f_enc_kdc.c /mit/krb5/src/lib/free/f_enc_tkt.c /mit/krb5/src/lib/free/f_error.c /mit/krb5/src/lib/free/f_kdc_rep.c /mit/krb5/src/lib/free/f_kdc_req.c /mit/krb5/src/lib/free/f_keyblock.c /mit/krb5/src/lib/free/f_last_req.c /mit/krb5/src/lib/free/f_padata.c /mit/krb5/src/lib/free/f_princ.c /mit/krb5/src/lib/free/f_priv.c /mit/krb5/src/lib/free/f_priv_enc.c /mit/krb5/src/lib/free/f_safe.c /mit/krb5/src/lib/free/f_ticket.c /mit/krb5/src/lib/free/f_tickets.c /mit/krb5/src/lib/free/f_tgt_cred.c /mit/krb5/src/lib/free/f_tkt_auth.c - -load /mit/krb5/src/lib/keytab/ktadd.c /mit/krb5/src/lib/keytab/ktbase.c /mit/krb5/src/lib/keytab/ktdefault.c /mit/krb5/src/lib/keytab/ktfr_entry.c /mit/krb5/src/lib/keytab/ktremove.c /mit/krb5/src/lib/keytab/read_servi.c - -load /mit/krb5/src/lib/keytab/file/ktf_add.c /mit/krb5/src/lib/keytab/file/ktf_endget.c /mit/krb5/src/lib/keytab/file/ktf_next.c /mit/krb5/src/lib/keytab/file/ktf_resolv.c /mit/krb5/src/lib/keytab/file/ktf_wops.c /mit/krb5/src/lib/keytab/file/ktf_close.c /mit/krb5/src/lib/keytab/file/ktf_get_en.c /mit/krb5/src/lib/keytab/file/ktf_ops.c /mit/krb5/src/lib/keytab/file/ktf_ssget.c /mit/krb5/src/lib/keytab/file/ktf_wreslv.c /mit/krb5/src/lib/keytab/file/ktf_defops.c /mit/krb5/src/lib/keytab/file/ktf_get_na.c /mit/krb5/src/lib/keytab/file/ktf_remove.c /mit/krb5/src/lib/keytab/file/ktf_util.c - -load /mit/krb5/src/lib/ccache/ccbase.c /mit/krb5/src/lib/ccache/ccdefault.c /mit/krb5/src/lib/ccache/ccdefops.c - -load /mit/krb5/src/lib/ccache/file/fcc_close.c /mit/krb5/src/lib/ccache/file/fcc_destry.c /mit/krb5/src/lib/ccache/file/fcc_eseq.c /mit/krb5/src/lib/ccache/file/fcc_gennew.c /mit/krb5/src/lib/ccache/file/fcc_getnam.c /mit/krb5/src/lib/ccache/file/fcc_gprin.c /mit/krb5/src/lib/ccache/file/fcc_init.c /mit/krb5/src/lib/ccache/file/fcc_nseq.c /mit/krb5/src/lib/ccache/file/fcc_read.c /mit/krb5/src/lib/ccache/file/fcc_reslv.c /mit/krb5/src/lib/ccache/file/fcc_retrv.c /mit/krb5/src/lib/ccache/file/fcc_sseq.c /mit/krb5/src/lib/ccache/file/fcc_store.c /mit/krb5/src/lib/ccache/file/fcc_skip.c /mit/krb5/src/lib/ccache/file/fcc_ops.c /mit/krb5/src/lib/ccache/file/fcc_write.c /mit/krb5/src/lib/ccache/file/fcc_sflags.c /mit/krb5/src/lib/ccache/file/fcc_defops.c /mit/krb5/src/lib/ccache/file/fcc_errs.c /mit/krb5/src/lib/ccache/file/fcc_maybe.c - -load -I. -I/usr/athena/include -I/u2/krb5/include -I/mit/krb5/src/include -DNARROW_PROTOTYPES /mit/krb5/src/lib/rcache/rc_base.c /mit/krb5/src/lib/rcache/rc_dfl.c /mit/krb5/src/lib/rcache/rc_io.c /mit/krb5/src/lib/rcache/rcdef.c /mit/krb5/src/lib/rcache/rc_conv.c diff --git a/src/tests/create/ChangeLog b/src/tests/create/ChangeLog index 8d2b01aa6..2078bcab3 100644 --- a/src/tests/create/ChangeLog +++ b/src/tests/create/ChangeLog @@ -1,3 +1,9 @@ +2005-06-20 Ken Raeburn + + Novell merge. + * Makefile.in: + * kdb5_mkdums.c: + 2004-05-24 Ezra Peisach * kdb5_mkdums.c (main): Fix memory leak of master principal at exit. diff --git a/src/tests/create/Makefile.in b/src/tests/create/Makefile.in index c9042bd67..6a566b827 100644 --- a/src/tests/create/Makefile.in +++ b/src/tests/create/Makefile.in @@ -5,11 +5,12 @@ BUILDTOP=$(REL)..$(S).. PROG_LIBPATH=-L$(TOPLIBD) PROG_RPATH=$(KRB5_LIBDIR) SRCS=$(srcdir)/kdb5_mkdums.c +KDB5_DEP_LIBS=-lpthread -ldl all:: kdb5_mkdums kdb5_mkdums: kdb5_mkdums.o $(KDB5_DEPLIBS) $(KRB5_BASE_DEPLIBS) - $(CC_LINK) -o kdb5_mkdums kdb5_mkdums.o $(KDB5_LIBS) $(KRB5_BASE_LIBS) + $(CC_LINK) -o kdb5_mkdums kdb5_mkdums.o $(KDB5_DEP_LIBS) $(KDB5_LIBS) $(KRB5_BASE_LIBS) all:: kdb5_mkdums diff --git a/src/tests/create/kdb5_mkdums.c b/src/tests/create/kdb5_mkdums.c index 024664c80..9d1799cfc 100644 --- a/src/tests/create/kdb5_mkdums.c +++ b/src/tests/create/kdb5_mkdums.c @@ -323,7 +323,10 @@ add_princ(context, str_newprinc) fprintf(stdout, "Added %s to database\n", princ_name); error: /* Do cleanup of newentry regardless of error */ +#if 0 krb5_dbe_free_contents(context, &newentry); +#endif + krb5_db_free_principal(context, &newentry, 1); return; } @@ -337,11 +340,13 @@ char *dbname; krb5_boolean more; krb5_data pwd, scratch; +#if 0 if ((retval = krb5_db_set_name(test_context, dbname))) { com_err(pname, retval, "while setting active database to '%s'", dbname); return(1); } +#endif /* assemble & parse the master key name */ if ((retval = krb5_db_setup_mkey_name(test_context, mkey_name, cur_realm, @@ -375,7 +380,10 @@ char *dbname; return(1); } } +#if 0 if ((retval = krb5_db_init(test_context))) { +#endif + if ((retval = krb5_db_open(test_context, NULL, KRB5_KDB_OPEN_RO))) { com_err(pname, retval, "while initializing database"); return(1); } diff --git a/src/tests/verify/ChangeLog b/src/tests/verify/ChangeLog index c978b272d..61b7357aa 100644 --- a/src/tests/verify/ChangeLog +++ b/src/tests/verify/ChangeLog @@ -1,3 +1,9 @@ +2005-06-20 Ken Raeburn + + Novell merge. + * Makefile.in: + * kdb5_verify.c: + 2002-08-29 Ken Raeburn * Makefile.in: Revert $(S)=>/ change, for Windows support. diff --git a/src/tests/verify/Makefile.in b/src/tests/verify/Makefile.in index 249e70e6b..0444803c0 100644 --- a/src/tests/verify/Makefile.in +++ b/src/tests/verify/Makefile.in @@ -4,13 +4,14 @@ mydir=verify BUILDTOP=$(REL)..$(S).. PROG_LIBPATH=-L$(TOPLIBD) PROG_RPATH=$(KRB5_LIBDIR) +KDB5_DEP_LIB=-lpthread -ldl SRCS=$(srcdir)/kdb5_verify.c all:: kdb5_verify kdb5_verify: kdb5_verify.o $(KDB5_DEPLIBS) $(KRB5_BASE_DEPLIBS) - $(CC_LINK) -o kdb5_verify kdb5_verify.o $(KDB5_LIBS) $(KRB5_BASE_LIBS) + $(CC_LINK) -o kdb5_verify kdb5_verify.o $(KDB5_LIBS) $(KDB5_DEP_LIB) $(KRB5_BASE_LIBS) install:: diff --git a/src/tests/verify/kdb5_verify.c b/src/tests/verify/kdb5_verify.c index 878104d0a..60c082f46 100644 --- a/src/tests/verify/kdb5_verify.c +++ b/src/tests/verify/kdb5_verify.c @@ -361,11 +361,14 @@ set_dbname_help(context, pname, dbname) krb5_boolean more; krb5_data pwd, scratch; +#if 0 if ((retval = krb5_db_set_name(context, dbname))) { com_err(pname, retval, "while setting active database to '%s'", dbname); return(1); } +#endif + /* assemble & parse the master key name */ if ((retval = krb5_db_setup_mkey_name(context, mkey_name, cur_realm, 0, @@ -397,7 +400,7 @@ set_dbname_help(context, pname, dbname) return(1); } } - if ((retval = krb5_db_init(context ))) { + if ((retval = krb5_db_open(context, NULL, KRB5_KDB_OPEN_RO))) { com_err(pname, retval, "while initializing database"); return(1); } -- 2.26.2