/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/*
* Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved
*
* $Header$
*/
/*
*/
/*
* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
*
* Openvision retains the copyright to derivative works of
* this source code. Do *NOT* create a derivative of this
* source code before consulting with your legal department.
* Do *NOT* integrate *ANY* of this source code into another
* product before consulting with your legal department.
*
* For further information, read the top-level Openvision
* copyright which is contained in the top-level MIT Kerberos
* copyright.
*
* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
*
*/
#if !defined(lint) && !defined(__CODECENTER__)
#endif
#include <stdio.h>
#include <stdlib.h>
#include "k5-int.h"
#include "server_internal.h"
/* much of this code is stolen from the kdc. there should be some
library code to deal with this. */
char *r, int from_keyboard)
{
int ret = 0;
char *realm;
if (from_keyboard)
if (r == NULL) {
return ret;
} else {
realm = r;
}
goto done;
/*
* Fetch the local mkey, may not be the latest but that's okay because we
* really want the list of all mkeys and those can be retrieved with any
* valid mkey.
*/
FALSE /* only prompt once */,
&mkvno /* get the kvno of the returned mkey */,
NULL /* I'm not sure about this,
but it's what the kdc does --marc */,
if (ret)
goto done;
#if 0 /************** Begin IFDEF'ed OUT *******************************/
/*
* krb5_db_fetch_mkey_list will verify mkey so don't call
* krb5_db_verify_master_key()
*/
IGNORE_VNO, &master_keyblock))) {
return ret;
}
#endif /**************** END IFDEF'ed OUT *******************************/
&master_keyblock))) {
return (ret);
}
&active_mkey_list))) {
return (ret);
}
done:
if (r == NULL)
return(ret);
}
/*
* Function: kdb_init_hist
*
* Purpose: Initializes the global history variables.
*
* Arguments:
*
* handle (r) kadm5 api server handle
* r (r) realm of history principal to use, or NULL
*
* Effects: This function sets the value of the hist_princ global variable. If
* the history principal does not already exist, this function attempts to
* create it with kadm5_create_principal.
*/
{
int ret = 0;
if (r == NULL) {
return ret;
} else {
realm = r;
}
goto done;
}
goto done;
if (ret != KADM5_UNK_PRINC)
goto done;
/* Create the history principal. */
ent.attributes = 0;
if (ret)
goto done;
/* For better compatibility with pre-1.8 libkadm5 code, we want the
* initial history kvno to be 2, so re-randomize it. */
if (ret)
goto done;
} else {
}
done:
if (r == NULL)
return ret;
}
/*
* Function: kdb_get_hist_key
*
* Purpose: Fetches the current history key
*
* Arguments:
*
* handle (r) kadm5 api server handle
* hist_keyblock (w) keyblock to fill in with history key
* hist_kvno (w) kvno to fill in with history kvno
*
* Effects: This function looks up the history principal and retrieves the
* current history key and version.
*/
{
if (ret)
return ret;
if (kdb.n_key_data <= 0) {
"History entry contains no key data");
goto done;
}
if (ret)
goto done;
if (ret)
goto done;
done:
return ret;
}
/*
* Function: kdb_get_entry
*
* Purpose: Gets an entry from the kerberos database and breaks
* it out into a krb5_db_entry and an osa_princ_ent_t.
*
* Arguments:
*
* handle (r) the server_handle
* principal (r) the principal to get
* kdb (w) krb5_db_entry to fill in
* adb (w) osa_princ_ent_rec to fill in
*
* when the caller is done with kdb and adb, kdb_free_entry must be
* called to release them. The adb record is filled in with the
* contents of the KRB5_TL_KADM_DATA record; if that record doesn't
* exist, an empty but valid adb record is returned.
*/
{
int nprincs;
&more);
if (ret)
return(ret);
if (more) {
return(KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE);
} else if (nprincs != 1) {
return(KADM5_UNK_PRINC);
}
if (adb) {
/*
* XXX Currently, lookup_tl_data always returns zero; it sets
* tl_data->tl_data_length to zero if the type isn't found.
* This should be fixed...
*/
|| (tl_data.tl_data_length == 0)) {
/* there's no admin data. this can happen, if the admin
server is put into production after some principals
are created. In this case, return valid admin
data (which is all zeros with the hist_kvno filled
in), and when the entry is written, the admin
data will get stored correctly. */
return(ret);
}
/* Solaris Kerberos - add cast */
xdr_destroy(&xdrs);
return(KADM5_XDR_FAILURE);
}
xdr_destroy(&xdrs);
}
return(0);
}
/*
* Function: kdb_free_entry
*
* Purpose: frees the resources allocated by kdb_get_entry
*
* Arguments:
*
* handle (r) the server_handle
* kdb (w) krb5_db_entry to fill in
* adb (w) osa_princ_ent_rec to fill in
*
* when the caller is done with kdb and adb, kdb_free_entry must be
* called to release them.
*/
{
if (kdb)
if (adb) {
xdr_destroy(&xdrs);
}
return(0);
}
/*
* Function: kdb_put_entry
*
* Purpose: Stores the osa_princ_ent_t and krb5_db_entry into to
* database.
*
* Arguments:
*
* handle (r) the server_handle
* kdb (r/w) the krb5_db_entry to store
* adb (r) the osa_princ_db_ent to store
*
* Effects:
*
* The last modifier field of the kdb is set to the caller at now.
* adb is encoded with xdr_osa_princ_ent_ret and stored in kbd as
* KRB5_TL_KADM_DATA. kdb is then written to the database.
*/
{
int one;
if (ret)
return(ret);
if (ret)
return(ret);
xdr_destroy(&xdrs);
return(KADM5_XDR_FAILURE);
}
/* Solaris Kerberos - add cast */
xdr_destroy(&xdrs);
if (ret)
return(ret);
one = 1;
/* we are always updating TL data */
if (ret)
return(ret);
return(0);
}
{
return ret;
}
typedef struct _iter_data {
void *data;
} iter_data;
static krb5_error_code
{
return(0);
}
{
/* Solaris Kerberos - add 5th arg */
if (ret)
return(ret);
return(0);
}