Merge mskrb-integ onto trunk

The mskrb-integ branch includes support for the following projects:
Projects/Aliases
* Projects/PAC and principal APIs
* Projects/AEAD encryption API
* Projects/GSSAPI DCE
* Projects/RFC 3244

In addition, it includes support for enctype negotiation, and a variety of GSS-API extensions.
In the KDC it includes support for protocol transition, constrained delegation
and a new authorization data interface.
The old authorization data interface is also supported.

This commit merges the mskrb-integ branch on to the trunk.
Additional review and testing is required.

Merge commit 'mskrb-integ' into trunk

ticket: new
status: open

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21690 dc483132-0cff-0310-8789-dd5450dbe970

1 files changed, 166 insertions, 2 deletions

diff --git a/src/lib/kdb/kdb5.c b/src/lib/kdb/kdb5.c
index d6c9167..e76ebe9 100644
--- a/src/lib/kdb/kdb5.c
+++ b/src/lib/kdb/kdb5.c
@@ -223,6 +223,14 @@ kdb_setup_opt_functions(db_library lib)
     if (lib->vftabl.promote_db == NULL) {
 	lib->vftabl.promote_db = krb5_def_promote_db;
     }
+    
+    if (lib->vftabl.dbekd_decrypt_key_data == NULL) {
+	lib->vftabl.dbekd_decrypt_key_data = krb5_dbekd_def_decrypt_key_data;
+    }
+
+    if (lib->vftabl.dbekd_encrypt_key_data == NULL) {
+	lib->vftabl.dbekd_encrypt_key_data = krb5_dbekd_def_encrypt_key_data;
+    }
 }
 
 static int kdb_db2_pol_err_loaded = 0;
@@ -898,7 +906,7 @@ krb5_db_get_principal(krb5_context kcontext,
     }
 
     status =
-	dal_handle->lib_handle->vftabl.db_get_principal(kcontext, search_for,
+	dal_handle->lib_handle->vftabl.db_get_principal(kcontext, search_for, 0,
 							entries, nentries,
 							more);
     get_errmsg(kcontext, status);
@@ -909,6 +917,40 @@ krb5_db_get_principal(krb5_context kcontext,
 }
 
 krb5_error_code
+krb5_db_get_principal_ext(krb5_context kcontext,
+			  krb5_const_principal search_for,
+			  unsigned int flags,
+			  krb5_db_entry * entries,
+			  int *nentries, krb5_boolean * more)
+{
+    krb5_error_code status = 0;
+    kdb5_dal_handle *dal_handle;
+
+    if (kcontext->dal_handle == NULL) {
+	status = kdb_setup_lib_handle(kcontext);
+	if (status) {
+	    goto clean_n_exit;
+	}
+    }
+
+    dal_handle = kcontext->dal_handle;
+    status = kdb_lock_lib_lock(dal_handle->lib_handle, FALSE);
+    if (status) {
+	goto clean_n_exit;
+    }
+
+    status =
+	dal_handle->lib_handle->vftabl.db_get_principal(kcontext, search_for,
+							flags,
+							entries, nentries,
+							more);
+    kdb_unlock_lib_lock(dal_handle->lib_handle, FALSE);
+
+  clean_n_exit:
+    return status;
+}
+
+krb5_error_code
 krb5_db_free_principal(krb5_context kcontext, krb5_db_entry * entry, int count)
 {
     krb5_error_code status = 0;
@@ -1110,7 +1152,7 @@ krb5_db_put_principal(krb5_context kcontext,
 		upd->kdb_princ_name.utf8str_t_val = princ_name;
 		upd->kdb_princ_name.utf8str_t_len = strlen(princ_name);
 
-                if ((status = ulog_add_update(kcontext, upd)))
+                if ((status = ulog_add_update(kcontext, upd)) != 0)
 			goto err_lock;
 		upd++;
         }
@@ -2164,3 +2206,125 @@ krb5_db_promote(krb5_context kcontext, char **db_args)
     return status;
 }
 
+krb5_error_code
+krb5_dbekd_decrypt_key_data( krb5_context 	  kcontext,
+			     const krb5_keyblock	* mkey,
+			     const krb5_key_data	* key_data,
+			     krb5_keyblock 	* dbkey,
+			     krb5_keysalt 	* keysalt)
+{
+    krb5_error_code status = 0;
+    kdb5_dal_handle *dal_handle;
+
+    if (kcontext->dal_handle == NULL) {
+	status = kdb_setup_lib_handle(kcontext);
+	if (status) {
+	    goto clean_n_exit;
+	}
+    }
+
+    dal_handle = kcontext->dal_handle;
+    status = kdb_lock_lib_lock(dal_handle->lib_handle, FALSE);
+    if (status) {
+	goto clean_n_exit;
+    }
+
+    status =
+	dal_handle->lib_handle->vftabl.dbekd_decrypt_key_data(kcontext,
+	    mkey, key_data, dbkey, keysalt);
+    kdb_unlock_lib_lock(dal_handle->lib_handle, FALSE);
+
+  clean_n_exit:
+    return status;
+}
+
+krb5_error_code
+krb5_dbekd_encrypt_key_data( krb5_context 		  kcontext,
+			     const krb5_keyblock	* mkey,
+			     const krb5_keyblock 	* dbkey,
+			     const krb5_keysalt		* keysalt,
+			     int			  keyver,
+			     krb5_key_data	        * key_data)
+{
+    krb5_error_code status = 0;
+    kdb5_dal_handle *dal_handle;
+
+    if (kcontext->dal_handle == NULL) {
+	status = kdb_setup_lib_handle(kcontext);
+	if (status) {
+	    goto clean_n_exit;
+	}
+    }
+
+    dal_handle = kcontext->dal_handle;
+    status = kdb_lock_lib_lock(dal_handle->lib_handle, FALSE);
+    if (status) {
+	goto clean_n_exit;
+    }
+
+    status =
+	dal_handle->lib_handle->vftabl.dbekd_encrypt_key_data(kcontext,
+	    mkey, dbkey, keysalt, keyver, key_data);
+    kdb_unlock_lib_lock(dal_handle->lib_handle, FALSE);
+
+  clean_n_exit:
+    return status;
+}
+
+krb5_error_code
+krb5_db_get_context(krb5_context context, void **db_context)
+{
+    *db_context = KRB5_DB_GET_DB_CONTEXT(context);
+    if (*db_context == NULL) {
+	return KRB5_KDB_DBNOTINITED;
+    }
+
+    return 0;
+}
+
+krb5_error_code
+krb5_db_set_context(krb5_context context, void *db_context)
+{
+    KRB5_DB_GET_DB_CONTEXT(context) = db_context;
+
+    return 0;
+}
+
+krb5_error_code
+krb5_db_invoke(krb5_context kcontext,
+	       unsigned int method,
+	       const krb5_data *req,
+	       krb5_data *rep)
+{
+    krb5_error_code status = 0;
+    kdb5_dal_handle *dal_handle;
+
+    if (kcontext->dal_handle == NULL) {
+	status = kdb_setup_lib_handle(kcontext);
+	if (status) {
+	    goto clean_n_exit;
+	}
+    }
+
+    dal_handle = kcontext->dal_handle;
+    if (dal_handle->lib_handle->vftabl.db_invoke == NULL) {
+	status = KRB5_KDB_DBTYPE_NOSUP;
+	goto clean_n_exit;
+    }
+
+    status = kdb_lock_lib_lock(dal_handle->lib_handle, FALSE);
+    if (status) {
+	goto clean_n_exit;
+    }
+
+    status =
+	dal_handle->lib_handle->vftabl.db_invoke(kcontext,
+						 method,
+						 req,
+						 rep);
+    kdb_unlock_lib_lock(dal_handle->lib_handle, FALSE);
+
+  clean_n_exit:
+    return status;
+}
+