2dd2efa5a06a9befe46075cf41e16f57533c9f98willf * Copyright 2008 Sun Microsystems, Inc. All rights reserved.
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf * Use is subject to license terms.
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf#pragma ident "%Z%%M% %I% %E% SMI"
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf * Copyright 2006 by the Massachusetts Institute of Technology.
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf * All Rights Reserved.
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf * Export of this software from the United States of America may
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf * require a specific license from the United States Government.
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf * It is the responsibility of any person or organization contemplating
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf * export to obtain such a license before exporting.
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf * distribute this software and its documentation for any purpose and
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf * without fee is hereby granted, provided that the above copyright
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf * notice appear in all copies and that both that copyright notice and
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf * this permission notice appear in supporting documentation, and that
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf * the name of M.I.T. not be used in advertising or publicity pertaining
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf * to distribution of the software without specific, written prior
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf * permission. Furthermore if you modify this software you must label
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf * your software as modified software and not distribute it in such a
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf * fashion that it might be confused with the original M.I.T. software.
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf * M.I.T. makes no representations about the suitability of
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf * this software for any purpose. It is provided "as is" without express
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf * or implied warranty.
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf * This code was based on code donated to MIT by Novell for
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf * distribution under the MIT license.
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf * Include files
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf/* Currently DB2 policy related errors are exported from DAL. But
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf other databases should set_err function to return string. */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf * Type definitions
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf * internal static variable
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillfstatic k5_mutex_t db_lock = K5_MUTEX_PARTIAL_INITIALIZER;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf/* to avoid redefinition problem */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf * Helper Functions
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf/* Caller must free result*/
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillfstatic char *
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf /* The profile has to have been initialized. If the profile was
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf not initialized, expect nothing less than a crash. */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf /* realms */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf /* under the realm name, database_module */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf /* default value is the realm name itself */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf /* some problem */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf /* let NULL be handled by the caller */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf /* free profile string */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillfstatic char *
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf /* realms */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf /* under the realm name, database_module */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf /* default value is the realm name itself */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf /* we got the module section. Get the library name from the module */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf status = profile_get_string(kcontext->profile, KDB_MODULE_SECTION, value,
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf /* default to db2 */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf /* free profile string */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf /* free profile string */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf lib->vftabl.fetch_master_key = krb5_db_def_fetch_mkey;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf lib->vftabl.verify_master_key = krb5_def_verify_master_key;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf lib->vftabl.dbe_search_enctype = krb5_dbe_def_search_enctype;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf#define DEF_SYMBOL(a) extern kdb_vftabl krb5_db_vftabl_ ## a
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillfkdb_load_library(krb5_context kcontext, char *lib_name, db_library * lib)
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf if (!strcmp("kdb_db2", lib_name) && (kdb_db2_pol_err_loaded == 0)) {
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf#if !defined(KDB5_USE_LIB_KDB_DB2) && !defined(KDB5_USE_LIB_TEST)
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf snprintf(buf, sizeof(buf), gettext("Program not built to support %s database type\n"),
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf krb5_db_set_err(kcontext, krb5_err_have_str, status, buf);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf memcpy(&(*lib)->vftabl, vftabl_addr, sizeof(kdb_vftabl));
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf /* ERROR. library not initialized cleanly */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf snprintf(buf, sizeof(buf), gettext("%s library initialization failed, error code %ld\n"),
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf krb5_db_set_err(kcontext, krb5_err_have_str, status, buf);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf#else /* KDB5_STATIC_LINK*/
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf#define db_dl_n_locations (sizeof(db_dl_location) / sizeof(db_dl_location[0]))
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillfkdb_load_library(krb5_context kcontext, char *lib_name, db_library * lib)
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf /* N.B.: If this is "const" but not "static", the Solaris 10
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf native compiler has trouble building the library because of
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf absolute relocations needed in read-only section ".rodata".
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf When it's static, it goes into ".picdata", which is
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf read-write. */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf if (!strcmp(DB2_NAME, lib_name) && (kdb_db2_pol_err_loaded == 0)) {
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf /* Fetch the list of directories specified in the config
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf file(s) first. */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf status = profile_get_values(kcontext->profile, dbpath_names, &profpath);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf path = calloc(ndx + db_dl_n_locations, sizeof (char *));
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf memcpy(path + ndx, db_dl_location, db_dl_n_locations * sizeof(char *));
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf if ((status = krb5int_open_plugin_dirs ((const char **) path,
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf const char *err_str = krb5_get_error_message(kcontext, status);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf gettext("Unable to find requested database type: %s"), err_str);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf if ((status = krb5int_get_plugin_dir_data (&(*lib)->dl_dir_handle, "kdb_function_table",
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf const char *err_str = krb5_get_error_message(kcontext, status);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf gettext("plugin symbol 'kdb_function_table' lookup failed: %s"), err_str);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf /* No plugins! */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf gettext("Unable to load requested database module '%s': plugin symbol 'kdb_function_table' not found"),
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf memcpy(&(*lib)->vftabl, vftabl_addrs[0], sizeof(kdb_vftabl));
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf /* ERROR. library not initialized cleanly */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf if (vftabl_addrs != NULL) { krb5int_free_plugin_dir_data (vftabl_addrs); }
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf /* Both of these DTRT with NULL. */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf#endif /* end of _KDB5_STATIC_LINK */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillfkdb_find_library(krb5_context kcontext, char *lib_name, db_library * lib)
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf /* lock here so that no two threads try to do the same at the same time */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf /* module not found. create and add to list */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf /* prev_elt points to the last element in the list */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf /* close the library */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf /* first element in the list */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf dal_handle = calloc((size_t) 1, sizeof(kdb5_dal_handle));
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf kdb_free_library(((kdb5_dal_handle *) kcontext->db_context)->
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillfget_errmsg (krb5_context kcontext, krb5_error_code err_code)
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf const char *e;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf /* Must be called with dal_handle->lib_handle locked! */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf dal_handle = (kdb5_dal_handle *) kcontext->db_context;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf if (dal_handle->lib_handle->vftabl.errcode_2_string == NULL)
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf e = dal_handle->lib_handle->vftabl.errcode_2_string(kcontext, err_code);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf if (dal_handle->lib_handle->vftabl.release_errcode_string)
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf dal_handle->lib_handle->vftabl.release_errcode_string(kcontext, e);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf * External functions... DAL API
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillfkrb5_db_open(krb5_context kcontext, char **db_args, int mode)
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf gettext("unable to determine configuration section for realm %s\n"),
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf kcontext->default_realm ? kcontext->default_realm : "[UNSET]");
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf dal_handle = (kdb5_dal_handle *) kcontext->db_context;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf status = kdb_lock_lib_lock(dal_handle->lib_handle, FALSE);
7c64d3750da7fda7e450b8f9b0b963905ded6379mp /* Solaris Kerberos */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf dal_handle->lib_handle->vftabl.init_module(kcontext, section, db_args,
7c64d3750da7fda7e450b8f9b0b963905ded6379mp /* Solaris Kerberos */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf ((kdb5_dal_handle *) kcontext->db_context)->db_context);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf gettext("unable to determine configuration section for realm %s\n"),
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf dal_handle = (kdb5_dal_handle *) kcontext->db_context;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf status = kdb_lock_lib_lock(dal_handle->lib_handle, FALSE);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf dal_handle->lib_handle->vftabl.db_create(kcontext, section, db_args);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf /* module not loaded. So nothing to be done */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf dal_handle = (kdb5_dal_handle *) kcontext->db_context;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf status = kdb_lock_lib_lock(dal_handle->lib_handle, FALSE);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf status = dal_handle->lib_handle->vftabl.fini_module(kcontext);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf gettext("unable to determine configuration section for realm %s\n"),
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf dal_handle = (kdb5_dal_handle *) kcontext->db_context;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf status = kdb_lock_lib_lock(dal_handle->lib_handle, FALSE);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf dal_handle->lib_handle->vftabl.db_destroy(kcontext, section, db_args);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillfkrb5_db_get_age(krb5_context kcontext, char *db_name, time_t * t)
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf dal_handle = (kdb5_dal_handle *) kcontext->db_context;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf status = kdb_lock_lib_lock(dal_handle->lib_handle, FALSE);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf status = dal_handle->lib_handle->vftabl.db_get_age(kcontext, db_name, t);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillfkrb5_db_set_option(krb5_context kcontext, int option, void *value)
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf dal_handle = (kdb5_dal_handle *) kcontext->db_context;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf status = kdb_lock_lib_lock(dal_handle->lib_handle, FALSE);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf dal_handle->lib_handle->vftabl.db_set_option(kcontext, option, value);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf dal_handle = (kdb5_dal_handle *) kcontext->db_context;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf /* acquire an exclusive lock, ensures no other thread uses this context */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf status = kdb_lock_lib_lock(dal_handle->lib_handle, TRUE);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf status = dal_handle->lib_handle->vftabl.db_lock(kcontext, lock_mode);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf /* exclusive lock is still held, so no other thread could use this context */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf dal_handle = (kdb5_dal_handle *) kcontext->db_context;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf /* normal lock acquired and exclusive lock released */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf status = kdb_lock_lib_lock(dal_handle->lib_handle, FALSE);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf status = dal_handle->lib_handle->vftabl.db_unlock(kcontext);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf dal_handle = (kdb5_dal_handle *) kcontext->db_context;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf status = kdb_lock_lib_lock(dal_handle->lib_handle, FALSE);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf dal_handle->lib_handle->vftabl.db_get_principal(kcontext, search_for,
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf dal_handle = (kdb5_dal_handle *) kcontext->db_context;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf status = kdb_lock_lib_lock(dal_handle->lib_handle, FALSE);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf dal_handle->lib_handle->vftabl.db_get_principal_nolock(kcontext,
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillfkrb5_db_free_principal(krb5_context kcontext, krb5_db_entry * entry, int count)
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf dal_handle = (kdb5_dal_handle *) kcontext->db_context;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf status = kdb_lock_lib_lock(dal_handle->lib_handle, FALSE);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf dal_handle->lib_handle->vftabl.db_free_principal(kcontext, entry,
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf /* Giving db_args as part of tl data causes, db2 to store the
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf tl_data as such. To prevent this, tl_data is collated and
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf passed as a sepearte argument. Currently supports only one
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf principal. but passing it as a seperate argument makes it
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf difficult for kadmin remote to pass arguments to server. */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf /* Since this is expected to be NULL terminated string and
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf this could come from any client, do a check before
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf passing it to db. */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf if (((char *) curr->tl_data_contents)[curr->tl_data_length - 1] !=
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf /* not null terminated. Dangerous input */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf t = realloc(db_args, sizeof(char *) * (db_args_size + 1)); /* 1 for NULL */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf if (t == NULL) {
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf db_args[db_args_size - 1] = (char *) curr->tl_data_contents;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf /* current node is the first in the linked list. remove it */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf /* previous does not change */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf dal_handle = (kdb5_dal_handle *) kcontext->db_context;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf status = kdb_lock_lib_lock(dal_handle->lib_handle, FALSE);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf status = dal_handle->lib_handle->vftabl.db_put_principal(kcontext, entries,
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf dal_handle = (kdb5_dal_handle *) kcontext->db_context;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf status = kdb_lock_lib_lock(dal_handle->lib_handle, FALSE);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf dal_handle->lib_handle->vftabl.db_delete_principal(kcontext,
2dd2efa5a06a9befe46075cf41e16f57533c9f98willf /* Solaris Kerberos: adding support for db_args */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf dal_handle = (kdb5_dal_handle *) kcontext->db_context;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf status = kdb_lock_lib_lock(dal_handle->lib_handle, FALSE);
2dd2efa5a06a9befe46075cf41e16f57533c9f98willf /* Solaris Kerberos: adding support for db_args */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf status = dal_handle->lib_handle->vftabl.db_iterate(kcontext,
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillfkrb5_supported_realms(krb5_context kcontext, char **realms)
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf dal_handle = (kdb5_dal_handle *) kcontext->db_context;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf status = kdb_lock_lib_lock(dal_handle->lib_handle, FALSE);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf dal_handle->lib_handle->vftabl.db_supported_realms(kcontext, realms);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillfkrb5_free_supported_realms(krb5_context kcontext, char **realms)
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf dal_handle = (kdb5_dal_handle *) kcontext->db_context;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf status = kdb_lock_lib_lock(dal_handle->lib_handle, FALSE);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf dal_handle->lib_handle->vftabl.db_free_supported_realms(kcontext,
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf dal_handle = (kdb5_dal_handle *) kcontext->db_context;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf status = kdb_lock_lib_lock(dal_handle->lib_handle, FALSE);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf status = dal_handle->lib_handle->vftabl.set_master_key(kcontext, pwd, key);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillfkrb5_db_set_mkey(krb5_context context, krb5_keyblock * key)
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf return krb5_db_set_master_key_ext(context, NULL, key);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillfkrb5_db_get_mkey(krb5_context kcontext, krb5_keyblock ** key)
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf dal_handle = (kdb5_dal_handle *) kcontext->db_context;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf status = kdb_lock_lib_lock(dal_handle->lib_handle, FALSE);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf /* Lets use temp key and copy it later to avoid memory problems
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf when freed by the caller. */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf status = dal_handle->lib_handle->vftabl.get_master_key(kcontext, key);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf dal_handle = (kdb5_dal_handle *) kcontext->db_context;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf status = kdb_lock_lib_lock(dal_handle->lib_handle, FALSE);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf status = dal_handle->lib_handle->vftabl.store_master_key(kcontext,
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf if ((retval = krb5_read_password(context, krb5_mkey_pwd_prompt1,
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf retval = krb5_principal2salt(context, mname, &scratch);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf krb5_c_string_to_key(context, etype, &pwd, salt ? salt : &scratch,
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf retval = kdb_lock_lib_lock(dal_handle->lib_handle, FALSE);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf#if 0 /************** Begin IFDEF'ed OUT *******************************/
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf /* Orig MIT */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf /* Solaris Kerberos: need to use etype */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf#endif /**************** END IFDEF'ed OUT *******************************/
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf retval = dal_handle->lib_handle->vftabl.fetch_master_key(context,
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf memcpy(key->contents, tmp_key.contents, tmp_key.length);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf dal_handle = (kdb5_dal_handle *) kcontext->db_context;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf status = kdb_lock_lib_lock(dal_handle->lib_handle, FALSE);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf status = dal_handle->lib_handle->vftabl.verify_master_key(kcontext,
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillfkrb5_db_alloc(krb5_context kcontext, void *ptr, size_t size)
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf dal_handle = (kdb5_dal_handle *) kcontext->db_context;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf new_ptr = dal_handle->lib_handle->vftabl.db_alloc(kcontext, ptr, size);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf dal_handle = (kdb5_dal_handle *) kcontext->db_context;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf dal_handle->lib_handle->vftabl.db_free(kcontext, ptr);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf/* has to be modified */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf return krb5_dbe_search_enctype(kcontext, dbentp, &start, ktype, stype,
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf dal_handle = (kdb5_dal_handle *) kcontext->db_context;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf status = kdb_lock_lib_lock(dal_handle->lib_handle, FALSE);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf status = dal_handle->lib_handle->vftabl.dbe_search_enctype(kcontext,
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf const char *keyname,
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf const char *realm,
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf fname = malloc(keylen + rlen + strlen(REALM_SEP_STRING) + 1);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf if ((retval = krb5_parse_name(context, fname, principal)))
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf if ((code = krb5_dbe_lookup_tl_data(context, entry, &tl_data)))
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf return (0);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf return (0);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf/*ARGSUSED*/
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf for (tl_data = entry->tl_data; tl_data; tl_data = tl_data->tl_data_next) {
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf if (tl_data->tl_data_type == ret_tl_data->tl_data_type) {
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf return (0);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf /* if the requested record isn't found, return zero bytes.
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf * if it ever means something to have a zero-length tl_data,
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf * this code and its callers will have to be changed */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf return (0);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf (krb5_key_data *) krb5_db_alloc(context, entry->key_data,
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf memset(entry->key_data + entry->n_key_data, 0, sizeof(krb5_key_data));
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillfkrb5_dbe_update_mod_princ_data(context, entry, mod_date, mod_princ)
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf if ((retval = krb5_unparse_name(context, mod_princ, &unparse_mod_princ)))
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf unparse_mod_princ_size = strlen(unparse_mod_princ) + 1;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf if ((nextloc = (krb5_octet *) malloc(unparse_mod_princ_size + 4))
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf /* Mod Date */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf /* Mod Princ */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf memcpy(nextloc + 4, unparse_mod_princ, unparse_mod_princ_size);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf retval = krb5_dbe_update_tl_data(context, entry, &tl_data);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillfkrb5_dbe_lookup_mod_princ_data(context, entry, mod_time, mod_princ)
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf if ((code = krb5_dbe_lookup_tl_data(context, entry, &tl_data)))
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf (tl_data.tl_data_contents[tl_data.tl_data_length - 1] != '\0'))
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf /* Mod Date */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf krb5_kdb_decode_int32(tl_data.tl_data_contents, *mod_time);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf /* Mod Princ */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf return (0);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf krb5_octet buf[4]; /* this is the encoded size of an int32 */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf return (krb5_dbe_update_tl_data(context, entry, &tl_data));
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf /* copy the new data first, so we can fail cleanly if malloc()
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf /* Find an existing entry of the specified type and point at
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf * it, or NULL if not found */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf if (new_tl_data->tl_data_type != KRB5_TL_DB_ARGS) { /* db_args can be multiple */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf if (tl_data->tl_data_type == new_tl_data->tl_data_type)
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf /* if necessary, chain a new record in the beginning and point at it */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf /* fill in the record */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf tl_data->tl_data_length = new_tl_data->tl_data_length;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf memcpy(tmp, new_tl_data->tl_data_contents, tl_data->tl_data_length);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf return (0);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf/* change password functions */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf int new_kvno, krb5_boolean keepold, krb5_db_entry * db_entry)
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf dal_handle = (kdb5_dal_handle *) kcontext->db_context;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf status = kdb_lock_lib_lock(dal_handle->lib_handle, FALSE);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf status = dal_handle->lib_handle->vftabl.db_change_pwd(kcontext,
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf/* policy management functions */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillfkrb5_db_create_policy(krb5_context kcontext, osa_policy_ent_t policy)
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf dal_handle = (kdb5_dal_handle *) kcontext->db_context;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf status = kdb_lock_lib_lock(dal_handle->lib_handle, FALSE);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf status = dal_handle->lib_handle->vftabl.db_create_policy(kcontext, policy);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf dal_handle = (kdb5_dal_handle *) kcontext->db_context;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf status = kdb_lock_lib_lock(dal_handle->lib_handle, FALSE);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf dal_handle->lib_handle->vftabl.db_get_policy(kcontext, name, policy,
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillfkrb5_db_put_policy(krb5_context kcontext, osa_policy_ent_t policy)
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf dal_handle = (kdb5_dal_handle *) kcontext->db_context;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf status = kdb_lock_lib_lock(dal_handle->lib_handle, FALSE);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf status = dal_handle->lib_handle->vftabl.db_put_policy(kcontext, policy);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillfkrb5_db_iter_policy(krb5_context kcontext, char *match_entry,
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf dal_handle = (kdb5_dal_handle *) kcontext->db_context;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf status = kdb_lock_lib_lock(dal_handle->lib_handle, FALSE);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf dal_handle->lib_handle->vftabl.db_iter_policy(kcontext, match_entry,
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillfkrb5_db_delete_policy(krb5_context kcontext, char *policy)
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf dal_handle = (kdb5_dal_handle *) kcontext->db_context;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf status = kdb_lock_lib_lock(dal_handle->lib_handle, FALSE);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf status = dal_handle->lib_handle->vftabl.db_delete_policy(kcontext, policy);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillfkrb5_db_free_policy(krb5_context kcontext, osa_policy_ent_t policy)
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf dal_handle = (kdb5_dal_handle *) kcontext->db_context;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf status = kdb_lock_lib_lock(dal_handle->lib_handle, FALSE);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf dal_handle->lib_handle->vftabl.db_free_policy(kcontext, policy);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf gettext("unable to determine configuration section for realm %s\n"),
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf dal_handle = (kdb5_dal_handle *) kcontext->db_context;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf status = kdb_lock_lib_lock(dal_handle->lib_handle, FALSE);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf dal_handle->lib_handle->vftabl.promote_db(kcontext, section, db_args);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf * Solaris Kerberos: support for iprop
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf * Not all KDB plugins support iprop.
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf * sets iprop_supported to 1 if iprop supportd, 0 otherwise.
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillfkrb5_db_supports_iprop(krb5_context kcontext, int *iprop_supported)
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf dal_handle = (kdb5_dal_handle *) kcontext->db_context;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf status = kdb_lock_lib_lock(dal_handle->lib_handle, FALSE);