2 * Copyright 2008 Sun Microsystems, Inc. All rights reserved.
3 * Use is subject to license terms.
7 * Copyright 2006 by the Massachusetts Institute of Technology.
10 * Export of this software from the United States of America may
11 * require a specific license from the United States Government.
12 * It is the responsibility of any person or organization contemplating
13 * export to obtain such a license before exporting.
15 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
16 * distribute this software and its documentation for any purpose and
17 * without fee is hereby granted, provided that the above copyright
18 * notice appear in all copies and that both that copyright notice and
19 * this permission notice appear in supporting documentation, and that
20 * the name of M.I.T. not be used in advertising or publicity pertaining
21 * to distribution of the software without specific, written prior
22 * permission. Furthermore if you modify this software you must label
23 * your software as modified software and not distribute it in such a
24 * fashion that it might be confused with the original M.I.T. software.
25 * M.I.T. makes no representations about the suitability of
26 * this software for any purpose. It is provided "as is" without express
27 * or implied warranty.
31 * This code was based on code donated to MIT by Novell for
32 * distribution under the MIT license.
45 #include "k5-platform.h"
48 /* Currently DB2 policy related errors are exported from DAL. But
49 other databases should set_err function to return string. */
55 #define KRB5_TL_DB_ARGS 0x7fff
58 * internal static variable
61 static k5_mutex_t db_lock
= K5_MUTEX_PARTIAL_INITIALIZER
;
63 #ifdef _KDB5_STATIC_LINK
64 #undef _KDB5_DYNAMIC_LINK
66 #undef _KDB5_DYNAMIC_LINK
67 /* to avoid redefinition problem */
68 #define _KDB5_DYNAMIC_LINK
71 static db_library lib_list
;
77 MAKE_INIT_FUNCTION(kdb_init_lock_list
);
78 MAKE_FINI_FUNCTION(kdb_fini_lock_list
);
81 kdb_init_lock_list(void)
83 return k5_mutex_finish_init(&db_lock
);
90 err
= CALL_INIT_FUNCTION (kdb_init_lock_list
);
93 return k5_mutex_lock(&db_lock
);
97 kdb_fini_lock_list(void)
99 if (INITIALIZER_RAN(kdb_init_lock_list
))
100 k5_mutex_destroy(&db_lock
);
106 return k5_mutex_unlock(&db_lock
);
109 #define kdb_init_lib_lock(a) 0
110 #define kdb_destroy_lib_lock(a) (void)0
111 #define kdb_lock_lib_lock(a, b) 0
112 #define kdb_unlock_lib_lock(a, b) (void)0
114 /* Caller must free result*/
117 kdb_get_conf_section(krb5_context kcontext
)
119 krb5_error_code status
= 0;
123 if (kcontext
->default_realm
== NULL
)
125 /* The profile has to have been initialized. If the profile was
126 not initialized, expect nothing less than a crash. */
127 status
= profile_get_string(kcontext
->profile
,
130 kcontext
->default_realm
,
131 /* under the realm name, database_module */
133 /* default value is the realm name itself */
134 kcontext
->default_realm
,
139 result
= strdup(kcontext
->default_realm
);
140 /* let NULL be handled by the caller */
142 result
= strdup(value
);
143 /* free profile string */
144 profile_release_string(value
);
151 kdb_get_library_name(krb5_context kcontext
)
153 krb5_error_code status
= 0;
158 status
= profile_get_string(kcontext
->profile
,
161 kcontext
->default_realm
,
162 /* under the realm name, database_module */
164 /* default value is the realm name itself */
165 kcontext
->default_realm
,
171 #define DB2_NAME "db2"
172 /* we got the module section. Get the library name from the module */
173 status
= profile_get_string(kcontext
->profile
, KDB_MODULE_SECTION
, value
,
183 result
= strdup(lib
);
186 /* free profile string */
187 profile_release_string(value
);
191 /* free profile string */
192 profile_release_string(lib
);
198 kdb_setup_opt_functions(db_library lib
)
200 if (lib
->vftabl
.set_master_key
== NULL
) {
201 lib
->vftabl
.set_master_key
= kdb_def_set_mkey
;
204 if (lib
->vftabl
.get_master_key
== NULL
) {
205 lib
->vftabl
.get_master_key
= kdb_def_get_mkey
;
208 if (lib
->vftabl
.fetch_master_key
== NULL
) {
209 lib
->vftabl
.fetch_master_key
= krb5_db_def_fetch_mkey
;
212 if (lib
->vftabl
.verify_master_key
== NULL
) {
213 lib
->vftabl
.verify_master_key
= krb5_def_verify_master_key
;
216 if (lib
->vftabl
.dbe_search_enctype
== NULL
) {
217 lib
->vftabl
.dbe_search_enctype
= krb5_dbe_def_search_enctype
;
220 if (lib
->vftabl
.db_change_pwd
== NULL
) {
221 lib
->vftabl
.db_change_pwd
= krb5_dbe_def_cpw
;
224 if (lib
->vftabl
.store_master_key
== NULL
) {
225 lib
->vftabl
.store_master_key
= krb5_def_store_mkey
;
228 if (lib
->vftabl
.promote_db
== NULL
) {
229 lib
->vftabl
.promote_db
= krb5_def_promote_db
;
233 static int kdb_db2_pol_err_loaded
= 0;
234 #ifdef _KDB5_STATIC_LINK
235 #define DEF_SYMBOL(a) extern kdb_vftabl krb5_db_vftabl_ ## a
236 #define GET_SYMBOL(a) (krb5_db_vftabl_ ## a)
237 static krb5_error_code
238 kdb_load_library(krb5_context kcontext
, char *lib_name
, db_library
* lib
)
240 krb5_error_code status
;
241 void *vftabl_addr
= NULL
;
242 char buf
[KRB5_MAX_ERR_STR
];
244 if (!strcmp("kdb_db2", lib_name
) && (kdb_db2_pol_err_loaded
== 0)) {
245 initialize_adb_error_table();
246 kdb_db2_pol_err_loaded
= 1;
249 *lib
= calloc((size_t) 1, sizeof(**lib
));
255 status
= kdb_init_lib_lock(*lib
);
260 strcpy((*lib
)->name
, lib_name
);
262 #if !defined(KDB5_USE_LIB_KDB_DB2) && !defined(KDB5_USE_LIB_TEST)
263 #error No database module defined
266 #ifdef KDB5_USE_LIB_KDB_DB2
267 if (strcmp(lib_name
, "kdb_db2") == 0) {
269 vftabl_addr
= (void *) &GET_SYMBOL(kdb_db2
);
272 #ifdef KDB5_USE_LIB_TEST
273 if (strcmp(lib_name
, "test") == 0) {
275 vftabl_addr
= (void *) &GET_SYMBOL(test
);
279 snprintf(buf
, sizeof(buf
), gettext("Program not built to support %s database type\n"),
281 status
= KRB5_KDB_DBTYPE_NOSUP
;
282 krb5_db_set_err(kcontext
, krb5_err_have_str
, status
, buf
);
286 memcpy(&(*lib
)->vftabl
, vftabl_addr
, sizeof(kdb_vftabl
));
288 kdb_setup_opt_functions(*lib
);
290 if ((status
= (*lib
)->vftabl
.init_library())) {
291 /* ERROR. library not initialized cleanly */
292 snprintf(buf
, sizeof(buf
), gettext("%s library initialization failed, error code %ld\n"),
294 status
= KRB5_KDB_DBTYPE_INIT
;
295 krb5_db_set_err(kcontext
, krb5_err_have_str
, status
, buf
);
301 free(*lib
), *lib
= NULL
;
306 #else /* KDB5_STATIC_LINK*/
308 static char *db_dl_location
[] = DEFAULT_KDB_LIB_PATH
;
309 #define db_dl_n_locations (sizeof(db_dl_location) / sizeof(db_dl_location[0]))
311 static krb5_error_code
312 kdb_load_library(krb5_context kcontext
, char *lib_name
, db_library
* lib
)
314 krb5_error_code status
= 0;
316 void **vftabl_addrs
= NULL
;
317 /* N.B.: If this is "const" but not "static", the Solaris 10
318 native compiler has trouble building the library because of
319 absolute relocations needed in read-only section ".rodata".
320 When it's static, it goes into ".picdata", which is
322 static const char *const dbpath_names
[] = {
323 KDB_MODULE_SECTION
, "db_module_dir", NULL
,
325 const char *filebases
[2];
326 char **profpath
= NULL
;
329 filebases
[0] = lib_name
;
332 if (!strcmp(DB2_NAME
, lib_name
) && (kdb_db2_pol_err_loaded
== 0)) {
333 initialize_adb_error_table();
334 kdb_db2_pol_err_loaded
= 1;
337 *lib
= calloc((size_t) 1, sizeof(**lib
));
343 status
= kdb_init_lib_lock(*lib
);
348 strcpy((*lib
)->name
, lib_name
);
350 /* Fetch the list of directories specified in the config
352 status
= profile_get_values(kcontext
->profile
, dbpath_names
, &profpath
);
353 if (status
!= 0 && status
!= PROF_NO_RELATION
)
357 while (profpath
[ndx
] != NULL
)
360 path
= calloc(ndx
+ db_dl_n_locations
, sizeof (char *));
366 memcpy(path
, profpath
, ndx
* sizeof(profpath
[0]));
367 memcpy(path
+ ndx
, db_dl_location
, db_dl_n_locations
* sizeof(char *));
370 if ((status
= krb5int_open_plugin_dirs ((const char **) path
,
372 &(*lib
)->dl_dir_handle
, &kcontext
->err
))) {
373 const char *err_str
= krb5_get_error_message(kcontext
, status
);
374 status
= KRB5_KDB_DBTYPE_NOTFOUND
;
375 krb5_set_error_message (kcontext
, status
,
376 gettext("Unable to find requested database type: %s"), err_str
);
377 krb5_free_error_message (kcontext
, err_str
);
381 if ((status
= krb5int_get_plugin_dir_data (&(*lib
)->dl_dir_handle
, "kdb_function_table",
382 &vftabl_addrs
, &kcontext
->err
))) {
383 const char *err_str
= krb5_get_error_message(kcontext
, status
);
384 status
= KRB5_KDB_DBTYPE_INIT
;
385 krb5_set_error_message (kcontext
, status
,
386 gettext("plugin symbol 'kdb_function_table' lookup failed: %s"), err_str
);
387 krb5_free_error_message (kcontext
, err_str
);
391 if (vftabl_addrs
[0] == NULL
) {
393 status
= KRB5_KDB_DBTYPE_NOTFOUND
;
394 krb5_set_error_message (kcontext
, status
,
395 gettext("Unable to load requested database module '%s': plugin symbol 'kdb_function_table' not found"),
400 memcpy(&(*lib
)->vftabl
, vftabl_addrs
[0], sizeof(kdb_vftabl
));
401 kdb_setup_opt_functions(*lib
);
403 if ((status
= (*lib
)->vftabl
.init_library())) {
404 /* ERROR. library not initialized cleanly */
409 if (vftabl_addrs
!= NULL
) { krb5int_free_plugin_dir_data (vftabl_addrs
); }
410 /* Both of these DTRT with NULL. */
411 profile_free_list(profpath
);
415 kdb_destroy_lib_lock(*lib
);
416 if (PLUGIN_DIR_OPEN((&(*lib
)->dl_dir_handle
))) {
417 krb5int_close_plugin_dirs (&(*lib
)->dl_dir_handle
);
426 #endif /* end of _KDB5_STATIC_LINK */
428 static krb5_error_code
429 kdb_find_library(krb5_context kcontext
, char *lib_name
, db_library
* lib
)
431 /* lock here so that no two threads try to do the same at the same time */
432 krb5_error_code status
= 0;
434 db_library curr_elt
, prev_elt
= NULL
;
436 if ((status
= kdb_lock_list()) != 0) {
442 while (curr_elt
!= NULL
) {
443 if (strcmp(lib_name
, curr_elt
->name
) == 0) {
448 curr_elt
= curr_elt
->next
;
451 /* module not found. create and add to list */
452 status
= kdb_load_library(kcontext
, lib_name
, lib
);
458 /* prev_elt points to the last element in the list */
459 prev_elt
->next
= *lib
;
460 (*lib
)->prev
= prev_elt
;
467 (*lib
)->reference_cnt
++;
471 (void)kdb_unlock_list();
477 static krb5_error_code
478 kdb_free_library(db_library lib
)
480 krb5_error_code status
= 0;
483 if ((status
= kdb_lock_list()) != 0) {
488 lib
->reference_cnt
--;
490 if (lib
->reference_cnt
== 0) {
491 status
= lib
->vftabl
.fini_library();
496 /* close the library */
497 if (PLUGIN_DIR_OPEN((&lib
->dl_dir_handle
))) {
498 krb5int_close_plugin_dirs (&lib
->dl_dir_handle
);
501 kdb_destroy_lib_lock(lib
);
503 if (lib
->prev
== NULL
) {
504 /* first element in the list */
505 lib_list
= lib
->next
;
507 lib
->prev
->next
= lib
->next
;
511 lib
->next
->prev
= lib
->prev
;
518 (void)kdb_unlock_list();
524 static krb5_error_code
525 kdb_setup_lib_handle(krb5_context kcontext
)
527 char *library
= NULL
;
528 krb5_error_code status
= 0;
529 db_library lib
= NULL
;
530 kdb5_dal_handle
*dal_handle
= NULL
;
532 dal_handle
= calloc((size_t) 1, sizeof(kdb5_dal_handle
));
533 if (dal_handle
== NULL
) {
538 library
= kdb_get_library_name(kcontext
);
539 if (library
== NULL
) {
540 status
= KRB5_KDB_DBTYPE_NOTFOUND
;
544 status
= kdb_find_library(kcontext
, library
, &lib
);
549 dal_handle
->lib_handle
= lib
;
550 kcontext
->db_context
= (void *) dal_handle
;
558 (void)kdb_free_library(lib
);
565 static krb5_error_code
566 kdb_free_lib_handle(krb5_context kcontext
)
568 krb5_error_code status
= 0;
571 kdb_free_library(((kdb5_dal_handle
*) kcontext
->db_context
)->
577 free(kcontext
->db_context
);
578 kcontext
->db_context
= NULL
;
585 get_errmsg (krb5_context kcontext
, krb5_error_code err_code
)
587 kdb5_dal_handle
*dal_handle
;
591 assert(kcontext
!= NULL
);
592 /* Must be called with dal_handle->lib_handle locked! */
593 assert(kcontext
->db_context
!= NULL
);
594 dal_handle
= (kdb5_dal_handle
*) kcontext
->db_context
;
595 if (dal_handle
->lib_handle
->vftabl
.errcode_2_string
== NULL
)
597 e
= dal_handle
->lib_handle
->vftabl
.errcode_2_string(kcontext
, err_code
);
599 krb5_set_error_message(kcontext
, err_code
, "%s", e
);
600 if (dal_handle
->lib_handle
->vftabl
.release_errcode_string
)
601 dal_handle
->lib_handle
->vftabl
.release_errcode_string(kcontext
, e
);
605 * External functions... DAL API
608 krb5_db_open(krb5_context kcontext
, char **db_args
, int mode
)
610 krb5_error_code status
= 0;
611 char *section
= NULL
;
612 kdb5_dal_handle
*dal_handle
;
614 section
= kdb_get_conf_section(kcontext
);
615 if (section
== NULL
) {
616 status
= KRB5_KDB_SERVER_INTERNAL_ERR
;
617 krb5_set_error_message (kcontext
, status
,
618 gettext("unable to determine configuration section for realm %s\n"),
619 kcontext
->default_realm
? kcontext
->default_realm
: "[UNSET]");
623 if (kcontext
->db_context
== NULL
) {
624 status
= kdb_setup_lib_handle(kcontext
);
630 dal_handle
= (kdb5_dal_handle
*) kcontext
->db_context
;
631 status
= kdb_lock_lib_lock(dal_handle
->lib_handle
, FALSE
);
633 /* Solaris Kerberos */
634 kdb_free_lib_handle(kcontext
);
639 dal_handle
->lib_handle
->vftabl
.init_module(kcontext
, section
, db_args
,
641 get_errmsg(kcontext
, status
);
643 kdb_unlock_lib_lock(dal_handle
->lib_handle
, FALSE
);
645 /* Solaris Kerberos */
647 kdb_free_lib_handle(kcontext
);
655 krb5_db_inited(krb5_context kcontext
)
657 return !(kcontext
&& kcontext
->db_context
&&
658 ((kdb5_dal_handle
*) kcontext
->db_context
)->db_context
);
662 krb5_db_create(krb5_context kcontext
, char **db_args
)
664 krb5_error_code status
= 0;
665 char *section
= NULL
;
666 kdb5_dal_handle
*dal_handle
;
668 section
= kdb_get_conf_section(kcontext
);
669 if (section
== NULL
) {
670 status
= KRB5_KDB_SERVER_INTERNAL_ERR
;
671 krb5_set_error_message (kcontext
, status
,
672 gettext("unable to determine configuration section for realm %s\n"),
673 kcontext
->default_realm
);
677 if (kcontext
->db_context
== NULL
) {
678 status
= kdb_setup_lib_handle(kcontext
);
684 dal_handle
= (kdb5_dal_handle
*) kcontext
->db_context
;
685 status
= kdb_lock_lib_lock(dal_handle
->lib_handle
, FALSE
);
691 dal_handle
->lib_handle
->vftabl
.db_create(kcontext
, section
, db_args
);
692 get_errmsg(kcontext
, status
);
694 kdb_unlock_lib_lock(dal_handle
->lib_handle
, FALSE
);
702 krb5_db_fini(krb5_context kcontext
)
704 krb5_error_code status
= 0;
705 kdb5_dal_handle
*dal_handle
;
707 if (kcontext
->db_context
== NULL
) {
708 /* module not loaded. So nothing to be done */
712 dal_handle
= (kdb5_dal_handle
*) kcontext
->db_context
;
713 status
= kdb_lock_lib_lock(dal_handle
->lib_handle
, FALSE
);
718 status
= dal_handle
->lib_handle
->vftabl
.fini_module(kcontext
);
719 get_errmsg(kcontext
, status
);
721 kdb_unlock_lib_lock(dal_handle
->lib_handle
, FALSE
);
727 status
= kdb_free_lib_handle(kcontext
);
734 krb5_db_destroy(krb5_context kcontext
, char **db_args
)
736 krb5_error_code status
= 0;
737 char *section
= NULL
;
738 kdb5_dal_handle
*dal_handle
;
740 section
= kdb_get_conf_section(kcontext
);
741 if (section
== NULL
) {
742 status
= KRB5_KDB_SERVER_INTERNAL_ERR
;
743 krb5_set_error_message (kcontext
, status
,
744 gettext("unable to determine configuration section for realm %s\n"),
745 kcontext
->default_realm
);
749 if (kcontext
->db_context
== NULL
) {
750 status
= kdb_setup_lib_handle(kcontext
);
756 dal_handle
= (kdb5_dal_handle
*) kcontext
->db_context
;
757 status
= kdb_lock_lib_lock(dal_handle
->lib_handle
, FALSE
);
763 dal_handle
->lib_handle
->vftabl
.db_destroy(kcontext
, section
, db_args
);
764 get_errmsg(kcontext
, status
);
765 kdb_unlock_lib_lock(dal_handle
->lib_handle
, FALSE
);
773 krb5_db_get_age(krb5_context kcontext
, char *db_name
, time_t * t
)
775 krb5_error_code status
= 0;
776 kdb5_dal_handle
*dal_handle
;
778 if (kcontext
->db_context
== NULL
) {
779 status
= kdb_setup_lib_handle(kcontext
);
785 dal_handle
= (kdb5_dal_handle
*) kcontext
->db_context
;
786 status
= kdb_lock_lib_lock(dal_handle
->lib_handle
, FALSE
);
791 status
= dal_handle
->lib_handle
->vftabl
.db_get_age(kcontext
, db_name
, t
);
792 get_errmsg(kcontext
, status
);
793 kdb_unlock_lib_lock(dal_handle
->lib_handle
, FALSE
);
800 krb5_db_set_option(krb5_context kcontext
, int option
, void *value
)
802 krb5_error_code status
= 0;
803 kdb5_dal_handle
*dal_handle
;
805 if (kcontext
->db_context
== NULL
) {
806 status
= kdb_setup_lib_handle(kcontext
);
812 dal_handle
= (kdb5_dal_handle
*) kcontext
->db_context
;
813 status
= kdb_lock_lib_lock(dal_handle
->lib_handle
, FALSE
);
819 dal_handle
->lib_handle
->vftabl
.db_set_option(kcontext
, option
, value
);
820 get_errmsg(kcontext
, status
);
821 kdb_unlock_lib_lock(dal_handle
->lib_handle
, FALSE
);
828 krb5_db_lock(krb5_context kcontext
, int lock_mode
)
830 krb5_error_code status
= 0;
831 kdb5_dal_handle
*dal_handle
;
833 if (kcontext
->db_context
== NULL
) {
834 status
= kdb_setup_lib_handle(kcontext
);
840 dal_handle
= (kdb5_dal_handle
*) kcontext
->db_context
;
841 /* acquire an exclusive lock, ensures no other thread uses this context */
842 status
= kdb_lock_lib_lock(dal_handle
->lib_handle
, TRUE
);
847 status
= dal_handle
->lib_handle
->vftabl
.db_lock(kcontext
, lock_mode
);
848 get_errmsg(kcontext
, status
);
850 /* exclusive lock is still held, so no other thread could use this context */
851 kdb_unlock_lib_lock(dal_handle
->lib_handle
, FALSE
);
858 krb5_db_unlock(krb5_context kcontext
)
860 krb5_error_code status
= 0;
861 kdb5_dal_handle
*dal_handle
;
863 if (kcontext
->db_context
== NULL
) {
864 status
= kdb_setup_lib_handle(kcontext
);
870 dal_handle
= (kdb5_dal_handle
*) kcontext
->db_context
;
871 /* normal lock acquired and exclusive lock released */
872 status
= kdb_lock_lib_lock(dal_handle
->lib_handle
, FALSE
);
877 status
= dal_handle
->lib_handle
->vftabl
.db_unlock(kcontext
);
878 get_errmsg(kcontext
, status
);
880 kdb_unlock_lib_lock(dal_handle
->lib_handle
, TRUE
);
887 krb5_db_get_principal(krb5_context kcontext
,
888 krb5_const_principal search_for
,
889 krb5_db_entry
* entries
,
890 int *nentries
, krb5_boolean
* more
)
892 krb5_error_code status
= 0;
893 kdb5_dal_handle
*dal_handle
;
895 if (kcontext
->db_context
== NULL
) {
896 status
= kdb_setup_lib_handle(kcontext
);
902 dal_handle
= (kdb5_dal_handle
*) kcontext
->db_context
;
903 status
= kdb_lock_lib_lock(dal_handle
->lib_handle
, FALSE
);
909 dal_handle
->lib_handle
->vftabl
.db_get_principal(kcontext
, search_for
,
912 get_errmsg(kcontext
, status
);
913 kdb_unlock_lib_lock(dal_handle
->lib_handle
, FALSE
);
920 krb5_db_get_principal_nolock(krb5_context kcontext
,
921 krb5_const_principal search_for
,
922 krb5_db_entry
* entries
,
923 int *nentries
, krb5_boolean
* more
)
925 krb5_error_code status
= 0;
926 kdb5_dal_handle
*dal_handle
;
928 if (kcontext
->db_context
== NULL
) {
929 status
= kdb_setup_lib_handle(kcontext
);
935 dal_handle
= (kdb5_dal_handle
*) kcontext
->db_context
;
936 status
= kdb_lock_lib_lock(dal_handle
->lib_handle
, FALSE
);
942 dal_handle
->lib_handle
->vftabl
.db_get_principal_nolock(kcontext
,
946 get_errmsg(kcontext
, status
);
947 kdb_unlock_lib_lock(dal_handle
->lib_handle
, FALSE
);
954 krb5_db_free_principal(krb5_context kcontext
, krb5_db_entry
* entry
, int count
)
956 krb5_error_code status
= 0;
957 kdb5_dal_handle
*dal_handle
;
959 if (kcontext
->db_context
== NULL
) {
960 status
= kdb_setup_lib_handle(kcontext
);
966 dal_handle
= (kdb5_dal_handle
*) kcontext
->db_context
;
967 status
= kdb_lock_lib_lock(dal_handle
->lib_handle
, FALSE
);
973 dal_handle
->lib_handle
->vftabl
.db_free_principal(kcontext
, entry
,
975 get_errmsg(kcontext
, status
);
976 kdb_unlock_lib_lock(dal_handle
->lib_handle
, FALSE
);
983 krb5_db_put_principal(krb5_context kcontext
,
984 krb5_db_entry
* entries
, int *nentries
)
986 krb5_error_code status
= 0;
987 kdb5_dal_handle
*dal_handle
;
988 char **db_args
= NULL
;
989 krb5_tl_data
*prev
, *curr
, *next
;
990 int db_args_size
= 0;
992 if (kcontext
->db_context
== NULL
) {
993 status
= kdb_setup_lib_handle(kcontext
);
999 /* Giving db_args as part of tl data causes, db2 to store the
1000 tl_data as such. To prevent this, tl_data is collated and
1001 passed as a sepearte argument. Currently supports only one
1002 principal. but passing it as a seperate argument makes it
1003 difficult for kadmin remote to pass arguments to server. */
1004 prev
= NULL
, curr
= entries
->tl_data
;
1006 if (curr
->tl_data_type
== KRB5_TL_DB_ARGS
) {
1008 /* Since this is expected to be NULL terminated string and
1009 this could come from any client, do a check before
1010 passing it to db. */
1011 if (((char *) curr
->tl_data_contents
)[curr
->tl_data_length
- 1] !=
1013 /* not null terminated. Dangerous input */
1019 t
= reallocarray(db_args
, (db_args_size
+ 1), sizeof(char *)); /* 1 for NULL */
1026 db_args
[db_args_size
- 1] = (char *) curr
->tl_data_contents
;
1027 db_args
[db_args_size
] = NULL
;
1029 next
= curr
->tl_data_next
;
1031 /* current node is the first in the linked list. remove it */
1032 entries
->tl_data
= curr
->tl_data_next
;
1034 prev
->tl_data_next
= curr
->tl_data_next
;
1036 entries
->n_tl_data
--;
1037 krb5_db_free(kcontext
, curr
);
1039 /* previous does not change */
1043 curr
= curr
->tl_data_next
;
1047 dal_handle
= (kdb5_dal_handle
*) kcontext
->db_context
;
1048 status
= kdb_lock_lib_lock(dal_handle
->lib_handle
, FALSE
);
1053 status
= dal_handle
->lib_handle
->vftabl
.db_put_principal(kcontext
, entries
,
1056 get_errmsg(kcontext
, status
);
1057 kdb_unlock_lib_lock(dal_handle
->lib_handle
, FALSE
);
1060 while (db_args_size
) {
1061 if (db_args
[db_args_size
- 1])
1062 krb5_db_free(kcontext
, db_args
[db_args_size
- 1]);
1073 krb5_db_delete_principal(krb5_context kcontext
,
1074 krb5_principal search_for
, int *nentries
)
1076 krb5_error_code status
= 0;
1077 kdb5_dal_handle
*dal_handle
;
1079 if (kcontext
->db_context
== NULL
) {
1080 status
= kdb_setup_lib_handle(kcontext
);
1086 dal_handle
= (kdb5_dal_handle
*) kcontext
->db_context
;
1087 status
= kdb_lock_lib_lock(dal_handle
->lib_handle
, FALSE
);
1093 dal_handle
->lib_handle
->vftabl
.db_delete_principal(kcontext
,
1096 get_errmsg(kcontext
, status
);
1097 kdb_unlock_lib_lock(dal_handle
->lib_handle
, FALSE
);
1104 krb5_db_iterate(krb5_context kcontext
,
1106 int (*func
) (krb5_pointer
, krb5_db_entry
*),
1107 krb5_pointer func_arg
,
1108 /* Solaris Kerberos: adding support for db_args */
1111 krb5_error_code status
= 0;
1112 kdb5_dal_handle
*dal_handle
;
1114 if (kcontext
->db_context
== NULL
) {
1115 status
= kdb_setup_lib_handle(kcontext
);
1121 dal_handle
= (kdb5_dal_handle
*) kcontext
->db_context
;
1122 status
= kdb_lock_lib_lock(dal_handle
->lib_handle
, FALSE
);
1127 /* Solaris Kerberos: adding support for db_args */
1128 status
= dal_handle
->lib_handle
->vftabl
.db_iterate(kcontext
,
1132 get_errmsg(kcontext
, status
);
1133 kdb_unlock_lib_lock(dal_handle
->lib_handle
, FALSE
);
1140 krb5_supported_realms(krb5_context kcontext
, char **realms
)
1142 krb5_error_code status
= 0;
1143 kdb5_dal_handle
*dal_handle
;
1145 if (kcontext
->db_context
== NULL
) {
1146 status
= kdb_setup_lib_handle(kcontext
);
1152 dal_handle
= (kdb5_dal_handle
*) kcontext
->db_context
;
1153 status
= kdb_lock_lib_lock(dal_handle
->lib_handle
, FALSE
);
1159 dal_handle
->lib_handle
->vftabl
.db_supported_realms(kcontext
, realms
);
1160 get_errmsg(kcontext
, status
);
1161 kdb_unlock_lib_lock(dal_handle
->lib_handle
, FALSE
);
1168 krb5_free_supported_realms(krb5_context kcontext
, char **realms
)
1170 krb5_error_code status
= 0;
1171 kdb5_dal_handle
*dal_handle
;
1173 if (kcontext
->db_context
== NULL
) {
1174 status
= kdb_setup_lib_handle(kcontext
);
1180 dal_handle
= (kdb5_dal_handle
*) kcontext
->db_context
;
1181 status
= kdb_lock_lib_lock(dal_handle
->lib_handle
, FALSE
);
1187 dal_handle
->lib_handle
->vftabl
.db_free_supported_realms(kcontext
,
1189 get_errmsg(kcontext
, status
);
1190 kdb_unlock_lib_lock(dal_handle
->lib_handle
, FALSE
);
1197 krb5_db_set_master_key_ext(krb5_context kcontext
,
1198 char *pwd
, krb5_keyblock
* key
)
1200 krb5_error_code status
= 0;
1201 kdb5_dal_handle
*dal_handle
;
1203 if (kcontext
->db_context
== NULL
) {
1204 status
= kdb_setup_lib_handle(kcontext
);
1210 dal_handle
= (kdb5_dal_handle
*) kcontext
->db_context
;
1211 status
= kdb_lock_lib_lock(dal_handle
->lib_handle
, FALSE
);
1216 status
= dal_handle
->lib_handle
->vftabl
.set_master_key(kcontext
, pwd
, key
);
1217 get_errmsg(kcontext
, status
);
1219 kdb_unlock_lib_lock(dal_handle
->lib_handle
, FALSE
);
1226 krb5_db_set_mkey(krb5_context context
, krb5_keyblock
* key
)
1228 return krb5_db_set_master_key_ext(context
, NULL
, key
);
1232 krb5_db_get_mkey(krb5_context kcontext
, krb5_keyblock
** key
)
1234 krb5_error_code status
= 0;
1235 kdb5_dal_handle
*dal_handle
;
1237 if (kcontext
->db_context
== NULL
) {
1238 status
= kdb_setup_lib_handle(kcontext
);
1244 dal_handle
= (kdb5_dal_handle
*) kcontext
->db_context
;
1245 status
= kdb_lock_lib_lock(dal_handle
->lib_handle
, FALSE
);
1250 /* Lets use temp key and copy it later to avoid memory problems
1251 when freed by the caller. */
1252 status
= dal_handle
->lib_handle
->vftabl
.get_master_key(kcontext
, key
);
1253 get_errmsg(kcontext
, status
);
1254 kdb_unlock_lib_lock(dal_handle
->lib_handle
, FALSE
);
1261 krb5_db_store_master_key(krb5_context kcontext
,
1263 krb5_principal mname
,
1264 krb5_keyblock
* key
, char *master_pwd
)
1266 krb5_error_code status
= 0;
1267 kdb5_dal_handle
*dal_handle
;
1269 if (kcontext
->db_context
== NULL
) {
1270 status
= kdb_setup_lib_handle(kcontext
);
1276 dal_handle
= (kdb5_dal_handle
*) kcontext
->db_context
;
1277 status
= kdb_lock_lib_lock(dal_handle
->lib_handle
, FALSE
);
1282 status
= dal_handle
->lib_handle
->vftabl
.store_master_key(kcontext
,
1286 get_errmsg(kcontext
, status
);
1287 kdb_unlock_lib_lock(dal_handle
->lib_handle
, FALSE
);
1293 char *krb5_mkey_pwd_prompt1
= KRB5_KDC_MKEY_1
;
1294 char *krb5_mkey_pwd_prompt2
= KRB5_KDC_MKEY_2
;
1297 krb5_db_fetch_mkey(krb5_context context
,
1298 krb5_principal mname
,
1300 krb5_boolean fromkeyboard
,
1302 char *db_args
, krb5_data
* salt
, krb5_keyblock
* key
)
1304 krb5_error_code retval
;
1305 char password
[BUFSIZ
];
1307 unsigned int size
= sizeof(password
);
1309 krb5_keyblock tmp_key
;
1311 memset(&tmp_key
, 0, sizeof(tmp_key
));
1316 if ((retval
= krb5_read_password(context
, krb5_mkey_pwd_prompt1
,
1317 twice
? krb5_mkey_pwd_prompt2
: 0,
1318 password
, &size
))) {
1322 pwd
.data
= password
;
1325 retval
= krb5_principal2salt(context
, mname
, &scratch
);
1330 krb5_c_string_to_key(context
, etype
, &pwd
, salt
? salt
: &scratch
,
1334 krb5_xfree(scratch
.data
);
1335 memset(password
, 0, sizeof(password
)); /* erase it */
1338 kdb5_dal_handle
*dal_handle
;
1340 if (context
->db_context
== NULL
) {
1341 retval
= kdb_setup_lib_handle(context
);
1347 dal_handle
= (kdb5_dal_handle
*) context
->db_context
;
1348 retval
= kdb_lock_lib_lock(dal_handle
->lib_handle
, FALSE
);
1352 #if 0 /************** Begin IFDEF'ed OUT *******************************/
1354 tmp_key
.enctype
= key
->enctype
;
1356 /* Solaris Kerberos: need to use etype */
1357 tmp_key
.enctype
= etype
;
1358 #endif /**************** END IFDEF'ed OUT *******************************/
1359 retval
= dal_handle
->lib_handle
->vftabl
.fetch_master_key(context
,
1364 get_errmsg(context
, retval
);
1365 kdb_unlock_lib_lock(dal_handle
->lib_handle
, FALSE
);
1371 key
->contents
= malloc(tmp_key
.length
);
1372 if (key
->contents
== NULL
) {
1377 key
->magic
= tmp_key
.magic
;
1378 key
->enctype
= tmp_key
.enctype
;
1379 key
->length
= tmp_key
.length
;
1380 memcpy(key
->contents
, tmp_key
.contents
, tmp_key
.length
);
1384 if (tmp_key
.contents
) {
1385 memset(tmp_key
.contents
, 0, tmp_key
.length
);
1386 krb5_db_free(context
, tmp_key
.contents
);
1392 krb5_db_verify_master_key(krb5_context kcontext
,
1393 krb5_principal mprinc
, krb5_keyblock
* mkey
)
1395 krb5_error_code status
= 0;
1396 kdb5_dal_handle
*dal_handle
;
1398 if (kcontext
->db_context
== NULL
) {
1399 status
= kdb_setup_lib_handle(kcontext
);
1405 dal_handle
= (kdb5_dal_handle
*) kcontext
->db_context
;
1406 status
= kdb_lock_lib_lock(dal_handle
->lib_handle
, FALSE
);
1411 status
= dal_handle
->lib_handle
->vftabl
.verify_master_key(kcontext
,
1413 get_errmsg(kcontext
, status
);
1414 kdb_unlock_lib_lock(dal_handle
->lib_handle
, FALSE
);
1421 krb5_db_alloc(krb5_context kcontext
, void *ptr
, size_t size
)
1423 krb5_error_code status
;
1424 kdb5_dal_handle
*dal_handle
;
1425 void *new_ptr
= NULL
;
1427 if (kcontext
->db_context
== NULL
) {
1428 status
= kdb_setup_lib_handle(kcontext
);
1434 dal_handle
= (kdb5_dal_handle
*) kcontext
->db_context
;
1436 new_ptr
= dal_handle
->lib_handle
->vftabl
.db_alloc(kcontext
, ptr
, size
);
1443 krb5_db_free(krb5_context kcontext
, void *ptr
)
1445 krb5_error_code status
;
1446 kdb5_dal_handle
*dal_handle
;
1448 if (kcontext
->db_context
== NULL
) {
1449 status
= kdb_setup_lib_handle(kcontext
);
1455 dal_handle
= (kdb5_dal_handle
*) kcontext
->db_context
;
1457 dal_handle
->lib_handle
->vftabl
.db_free(kcontext
, ptr
);
1463 /* has to be modified */
1466 krb5_dbe_find_enctype(krb5_context kcontext
,
1467 krb5_db_entry
* dbentp
,
1470 krb5_int32 kvno
, krb5_key_data
** kdatap
)
1472 krb5_int32 start
= 0;
1473 return krb5_dbe_search_enctype(kcontext
, dbentp
, &start
, ktype
, stype
,
1478 krb5_dbe_search_enctype(krb5_context kcontext
,
1479 krb5_db_entry
* dbentp
,
1483 krb5_int32 kvno
, krb5_key_data
** kdatap
)
1485 krb5_error_code status
= 0;
1486 kdb5_dal_handle
*dal_handle
;
1488 if (kcontext
->db_context
== NULL
) {
1489 status
= kdb_setup_lib_handle(kcontext
);
1495 dal_handle
= (kdb5_dal_handle
*) kcontext
->db_context
;
1496 status
= kdb_lock_lib_lock(dal_handle
->lib_handle
, FALSE
);
1501 status
= dal_handle
->lib_handle
->vftabl
.dbe_search_enctype(kcontext
,
1507 get_errmsg(kcontext
, status
);
1508 kdb_unlock_lib_lock(dal_handle
->lib_handle
, FALSE
);
1514 #define REALM_SEP_STRING "@"
1517 krb5_db_setup_mkey_name(krb5_context context
,
1518 const char *keyname
,
1520 char **fullname
, krb5_principal
* principal
)
1522 krb5_error_code retval
;
1524 size_t rlen
= strlen(realm
);
1528 keyname
= KRB5_KDB_M_NAME
; /* XXX external? */
1530 keylen
= strlen(keyname
);
1532 fname
= malloc(keylen
+ rlen
+ strlen(REALM_SEP_STRING
) + 1);
1536 strcpy(fname
, keyname
);
1537 (void)strcat(fname
, REALM_SEP_STRING
);
1538 (void)strcat(fname
, realm
);
1540 if ((retval
= krb5_parse_name(context
, fname
, principal
)))
1550 krb5_dbe_lookup_last_pwd_change(context
, entry
, stamp
)
1551 krb5_context context
;
1552 krb5_db_entry
*entry
;
1553 krb5_timestamp
*stamp
;
1555 krb5_tl_data tl_data
;
1556 krb5_error_code code
;
1559 tl_data
.tl_data_type
= KRB5_TL_LAST_PWD_CHANGE
;
1561 if ((code
= krb5_dbe_lookup_tl_data(context
, entry
, &tl_data
)))
1564 if (tl_data
.tl_data_length
!= 4) {
1569 krb5_kdb_decode_int32(tl_data
.tl_data_contents
, tmp
);
1571 *stamp
= (krb5_timestamp
) tmp
;
1578 krb5_dbe_lookup_tl_data(context
, entry
, ret_tl_data
)
1579 krb5_context context
;
1580 krb5_db_entry
*entry
;
1581 krb5_tl_data
*ret_tl_data
;
1583 krb5_tl_data
*tl_data
;
1585 for (tl_data
= entry
->tl_data
; tl_data
; tl_data
= tl_data
->tl_data_next
) {
1586 if (tl_data
->tl_data_type
== ret_tl_data
->tl_data_type
) {
1587 *ret_tl_data
= *tl_data
;
1592 /* if the requested record isn't found, return zero bytes.
1593 * if it ever means something to have a zero-length tl_data,
1594 * this code and its callers will have to be changed */
1596 ret_tl_data
->tl_data_length
= 0;
1597 ret_tl_data
->tl_data_contents
= NULL
;
1602 krb5_dbe_create_key_data(context
, entry
)
1603 krb5_context context
;
1604 krb5_db_entry
*entry
;
1606 if ((entry
->key_data
=
1607 (krb5_key_data
*) krb5_db_alloc(context
, entry
->key_data
,
1608 (sizeof(krb5_key_data
) *
1609 (entry
->n_key_data
+ 1)))) == NULL
)
1612 memset(entry
->key_data
+ entry
->n_key_data
, 0, sizeof(krb5_key_data
));
1613 entry
->n_key_data
++;
1619 krb5_dbe_update_mod_princ_data(context
, entry
, mod_date
, mod_princ
)
1620 krb5_context context
;
1621 krb5_db_entry
*entry
;
1622 krb5_timestamp mod_date
;
1623 krb5_const_principal mod_princ
;
1625 krb5_tl_data tl_data
;
1627 krb5_error_code retval
= 0;
1628 krb5_octet
*nextloc
= 0;
1629 char *unparse_mod_princ
= 0;
1630 unsigned int unparse_mod_princ_size
;
1632 if ((retval
= krb5_unparse_name(context
, mod_princ
, &unparse_mod_princ
)))
1635 unparse_mod_princ_size
= strlen(unparse_mod_princ
) + 1;
1637 if ((nextloc
= (krb5_octet
*) malloc(unparse_mod_princ_size
+ 4))
1639 free(unparse_mod_princ
);
1643 tl_data
.tl_data_type
= KRB5_TL_MOD_PRINC
;
1644 tl_data
.tl_data_length
= unparse_mod_princ_size
+ 4;
1645 tl_data
.tl_data_contents
= nextloc
;
1648 krb5_kdb_encode_int32(mod_date
, nextloc
);
1651 memcpy(nextloc
+ 4, unparse_mod_princ
, unparse_mod_princ_size
);
1653 retval
= krb5_dbe_update_tl_data(context
, entry
, &tl_data
);
1655 free(unparse_mod_princ
);
1662 krb5_dbe_lookup_mod_princ_data(context
, entry
, mod_time
, mod_princ
)
1663 krb5_context context
;
1664 krb5_db_entry
*entry
;
1665 krb5_timestamp
*mod_time
;
1666 krb5_principal
*mod_princ
;
1668 krb5_tl_data tl_data
;
1669 krb5_error_code code
;
1671 tl_data
.tl_data_type
= KRB5_TL_MOD_PRINC
;
1673 if ((code
= krb5_dbe_lookup_tl_data(context
, entry
, &tl_data
)))
1676 if ((tl_data
.tl_data_length
< 5) ||
1677 (tl_data
.tl_data_contents
[tl_data
.tl_data_length
- 1] != '\0'))
1678 return (KRB5_KDB_TRUNCATED_RECORD
);
1681 krb5_kdb_decode_int32(tl_data
.tl_data_contents
, *mod_time
);
1684 if ((code
= krb5_parse_name(context
,
1685 (const char *) (tl_data
.tl_data_contents
+ 4),
1693 krb5_dbe_update_last_pwd_change(context
, entry
, stamp
)
1694 krb5_context context
;
1695 krb5_db_entry
*entry
;
1696 krb5_timestamp stamp
;
1698 krb5_tl_data tl_data
;
1699 krb5_octet buf
[4]; /* this is the encoded size of an int32 */
1701 tl_data
.tl_data_type
= KRB5_TL_LAST_PWD_CHANGE
;
1702 tl_data
.tl_data_length
= sizeof(buf
);
1703 krb5_kdb_encode_int32((krb5_int32
) stamp
, buf
);
1704 tl_data
.tl_data_contents
= buf
;
1706 return (krb5_dbe_update_tl_data(context
, entry
, &tl_data
));
1710 krb5_dbe_update_tl_data(context
, entry
, new_tl_data
)
1711 krb5_context context
;
1712 krb5_db_entry
*entry
;
1713 krb5_tl_data
*new_tl_data
;
1715 krb5_tl_data
*tl_data
= NULL
;
1718 /* copy the new data first, so we can fail cleanly if malloc()
1721 (krb5_octet
*) krb5_db_alloc(context
, NULL
,
1722 new_tl_data
->tl_data_length
)) == NULL
)
1725 /* Find an existing entry of the specified type and point at
1726 * it, or NULL if not found */
1728 if (new_tl_data
->tl_data_type
!= KRB5_TL_DB_ARGS
) { /* db_args can be multiple */
1729 for (tl_data
= entry
->tl_data
; tl_data
;
1730 tl_data
= tl_data
->tl_data_next
)
1731 if (tl_data
->tl_data_type
== new_tl_data
->tl_data_type
)
1735 /* if necessary, chain a new record in the beginning and point at it */
1739 (krb5_tl_data
*) krb5_db_alloc(context
, NULL
,
1740 sizeof(krb5_tl_data
)))
1745 memset(tl_data
, 0, sizeof(krb5_tl_data
));
1746 tl_data
->tl_data_next
= entry
->tl_data
;
1747 entry
->tl_data
= tl_data
;
1751 /* fill in the record */
1753 if (tl_data
->tl_data_contents
)
1754 krb5_db_free(context
, tl_data
->tl_data_contents
);
1756 tl_data
->tl_data_type
= new_tl_data
->tl_data_type
;
1757 tl_data
->tl_data_length
= new_tl_data
->tl_data_length
;
1758 tl_data
->tl_data_contents
= tmp
;
1759 memcpy(tmp
, new_tl_data
->tl_data_contents
, tl_data
->tl_data_length
);
1764 /* change password functions */
1766 krb5_dbe_cpw(krb5_context kcontext
,
1767 krb5_keyblock
* master_key
,
1768 krb5_key_salt_tuple
* ks_tuple
,
1771 int new_kvno
, krb5_boolean keepold
, krb5_db_entry
* db_entry
)
1773 krb5_error_code status
= 0;
1774 kdb5_dal_handle
*dal_handle
;
1776 if (kcontext
->db_context
== NULL
) {
1777 status
= kdb_setup_lib_handle(kcontext
);
1783 dal_handle
= (kdb5_dal_handle
*) kcontext
->db_context
;
1784 status
= kdb_lock_lib_lock(dal_handle
->lib_handle
, FALSE
);
1789 status
= dal_handle
->lib_handle
->vftabl
.db_change_pwd(kcontext
,
1796 get_errmsg(kcontext
, status
);
1797 kdb_unlock_lib_lock(dal_handle
->lib_handle
, FALSE
);
1803 /* policy management functions */
1805 krb5_db_create_policy(krb5_context kcontext
, osa_policy_ent_t policy
)
1807 krb5_error_code status
= 0;
1808 kdb5_dal_handle
*dal_handle
;
1810 if (kcontext
->db_context
== NULL
) {
1811 status
= kdb_setup_lib_handle(kcontext
);
1817 dal_handle
= (kdb5_dal_handle
*) kcontext
->db_context
;
1818 status
= kdb_lock_lib_lock(dal_handle
->lib_handle
, FALSE
);
1823 status
= dal_handle
->lib_handle
->vftabl
.db_create_policy(kcontext
, policy
);
1824 get_errmsg(kcontext
, status
);
1825 kdb_unlock_lib_lock(dal_handle
->lib_handle
, FALSE
);
1832 krb5_db_get_policy(krb5_context kcontext
, char *name
,
1833 osa_policy_ent_t
* policy
, int *cnt
)
1835 krb5_error_code status
= 0;
1836 kdb5_dal_handle
*dal_handle
;
1838 if (kcontext
->db_context
== NULL
) {
1839 status
= kdb_setup_lib_handle(kcontext
);
1845 dal_handle
= (kdb5_dal_handle
*) kcontext
->db_context
;
1846 status
= kdb_lock_lib_lock(dal_handle
->lib_handle
, FALSE
);
1852 dal_handle
->lib_handle
->vftabl
.db_get_policy(kcontext
, name
, policy
,
1854 get_errmsg(kcontext
, status
);
1855 kdb_unlock_lib_lock(dal_handle
->lib_handle
, FALSE
);
1862 krb5_db_put_policy(krb5_context kcontext
, osa_policy_ent_t policy
)
1864 krb5_error_code status
= 0;
1865 kdb5_dal_handle
*dal_handle
;
1867 if (kcontext
->db_context
== NULL
) {
1868 status
= kdb_setup_lib_handle(kcontext
);
1874 dal_handle
= (kdb5_dal_handle
*) kcontext
->db_context
;
1875 status
= kdb_lock_lib_lock(dal_handle
->lib_handle
, FALSE
);
1880 status
= dal_handle
->lib_handle
->vftabl
.db_put_policy(kcontext
, policy
);
1881 get_errmsg(kcontext
, status
);
1882 kdb_unlock_lib_lock(dal_handle
->lib_handle
, FALSE
);
1889 krb5_db_iter_policy(krb5_context kcontext
, char *match_entry
,
1890 osa_adb_iter_policy_func func
, void *data
)
1892 krb5_error_code status
= 0;
1893 kdb5_dal_handle
*dal_handle
;
1895 if (kcontext
->db_context
== NULL
) {
1896 status
= kdb_setup_lib_handle(kcontext
);
1902 dal_handle
= (kdb5_dal_handle
*) kcontext
->db_context
;
1903 status
= kdb_lock_lib_lock(dal_handle
->lib_handle
, FALSE
);
1909 dal_handle
->lib_handle
->vftabl
.db_iter_policy(kcontext
, match_entry
,
1911 get_errmsg(kcontext
, status
);
1912 kdb_unlock_lib_lock(dal_handle
->lib_handle
, FALSE
);
1919 krb5_db_delete_policy(krb5_context kcontext
, char *policy
)
1921 krb5_error_code status
= 0;
1922 kdb5_dal_handle
*dal_handle
;
1924 if (kcontext
->db_context
== NULL
) {
1925 status
= kdb_setup_lib_handle(kcontext
);
1931 dal_handle
= (kdb5_dal_handle
*) kcontext
->db_context
;
1932 status
= kdb_lock_lib_lock(dal_handle
->lib_handle
, FALSE
);
1937 status
= dal_handle
->lib_handle
->vftabl
.db_delete_policy(kcontext
, policy
);
1938 get_errmsg(kcontext
, status
);
1939 kdb_unlock_lib_lock(dal_handle
->lib_handle
, FALSE
);
1946 krb5_db_free_policy(krb5_context kcontext
, osa_policy_ent_t policy
)
1948 krb5_error_code status
= 0;
1949 kdb5_dal_handle
*dal_handle
;
1951 if (kcontext
->db_context
== NULL
) {
1952 status
= kdb_setup_lib_handle(kcontext
);
1958 dal_handle
= (kdb5_dal_handle
*) kcontext
->db_context
;
1959 status
= kdb_lock_lib_lock(dal_handle
->lib_handle
, FALSE
);
1964 dal_handle
->lib_handle
->vftabl
.db_free_policy(kcontext
, policy
);
1965 get_errmsg(kcontext
, status
);
1966 kdb_unlock_lib_lock(dal_handle
->lib_handle
, FALSE
);
1973 krb5_db_promote(krb5_context kcontext
, char **db_args
)
1975 krb5_error_code status
= 0;
1976 char *section
= NULL
;
1977 kdb5_dal_handle
*dal_handle
;
1979 section
= kdb_get_conf_section(kcontext
);
1980 if (section
== NULL
) {
1981 status
= KRB5_KDB_SERVER_INTERNAL_ERR
;
1982 krb5_set_error_message (kcontext
, status
,
1983 gettext("unable to determine configuration section for realm %s\n"),
1984 kcontext
->default_realm
);
1988 if (kcontext
->db_context
== NULL
) {
1989 status
= kdb_setup_lib_handle(kcontext
);
1995 dal_handle
= (kdb5_dal_handle
*) kcontext
->db_context
;
1996 status
= kdb_lock_lib_lock(dal_handle
->lib_handle
, FALSE
);
2002 dal_handle
->lib_handle
->vftabl
.promote_db(kcontext
, section
, db_args
);
2003 get_errmsg(kcontext
, status
);
2004 kdb_unlock_lib_lock(dal_handle
->lib_handle
, FALSE
);
2012 * Solaris Kerberos: support for iprop
2014 * Not all KDB plugins support iprop.
2016 * sets iprop_supported to 1 if iprop supportd, 0 otherwise.
2019 krb5_db_supports_iprop(krb5_context kcontext
, int *iprop_supported
)
2021 krb5_error_code status
= 0;
2022 kdb5_dal_handle
*dal_handle
;
2024 if (kcontext
->db_context
== NULL
) {
2025 status
= kdb_setup_lib_handle(kcontext
);
2031 dal_handle
= (kdb5_dal_handle
*) kcontext
->db_context
;
2032 status
= kdb_lock_lib_lock(dal_handle
->lib_handle
, FALSE
);
2037 *iprop_supported
= dal_handle
->lib_handle
->vftabl
.iprop_supported
;
2038 kdb_unlock_lib_lock(dal_handle
->lib_handle
, FALSE
);