diff options
author | Sam Hartman <hartmans@mit.edu> | 2009-01-03 23:19:42 +0000 |
---|---|---|
committer | Sam Hartman <hartmans@mit.edu> | 2009-01-03 23:19:42 +0000 |
commit | 0ba5ccd7bb3ea15e44a87f84ca6feed8890f657d (patch) | |
tree | 2049c9c2cb135fe36b14c0a171711259258d18ec /src/lib/kdb/kdb5.c | |
parent | ff0a6514c9f4230938c29922d69cbd4e83691adf (diff) | |
download | krb5-0ba5ccd7bb3ea15e44a87f84ca6feed8890f657d.zip krb5-0ba5ccd7bb3ea15e44a87f84ca6feed8890f657d.tar.gz krb5-0ba5ccd7bb3ea15e44a87f84ca6feed8890f657d.tar.bz2 |
Merge mskrb-integ onto trunk
The mskrb-integ branch includes support for the following projects:
Projects/Aliases
* Projects/PAC and principal APIs
* Projects/AEAD encryption API
* Projects/GSSAPI DCE
* Projects/RFC 3244
In addition, it includes support for enctype negotiation, and a variety of GSS-API extensions.
In the KDC it includes support for protocol transition, constrained delegation
and a new authorization data interface.
The old authorization data interface is also supported.
This commit merges the mskrb-integ branch on to the trunk.
Additional review and testing is required.
Merge commit 'mskrb-integ' into trunk
ticket: new
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21690 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/lib/kdb/kdb5.c')
-rw-r--r-- | src/lib/kdb/kdb5.c | 168 |
1 files changed, 166 insertions, 2 deletions
diff --git a/src/lib/kdb/kdb5.c b/src/lib/kdb/kdb5.c index d6c9167..e76ebe9 100644 --- a/src/lib/kdb/kdb5.c +++ b/src/lib/kdb/kdb5.c @@ -223,6 +223,14 @@ kdb_setup_opt_functions(db_library lib) if (lib->vftabl.promote_db == NULL) { lib->vftabl.promote_db = krb5_def_promote_db; } + + if (lib->vftabl.dbekd_decrypt_key_data == NULL) { + lib->vftabl.dbekd_decrypt_key_data = krb5_dbekd_def_decrypt_key_data; + } + + if (lib->vftabl.dbekd_encrypt_key_data == NULL) { + lib->vftabl.dbekd_encrypt_key_data = krb5_dbekd_def_encrypt_key_data; + } } static int kdb_db2_pol_err_loaded = 0; @@ -898,7 +906,7 @@ krb5_db_get_principal(krb5_context kcontext, } status = - dal_handle->lib_handle->vftabl.db_get_principal(kcontext, search_for, + dal_handle->lib_handle->vftabl.db_get_principal(kcontext, search_for, 0, entries, nentries, more); get_errmsg(kcontext, status); @@ -909,6 +917,40 @@ krb5_db_get_principal(krb5_context kcontext, } krb5_error_code +krb5_db_get_principal_ext(krb5_context kcontext, + krb5_const_principal search_for, + unsigned int flags, + krb5_db_entry * entries, + int *nentries, krb5_boolean * more) +{ + krb5_error_code status = 0; + kdb5_dal_handle *dal_handle; + + if (kcontext->dal_handle == NULL) { + status = kdb_setup_lib_handle(kcontext); + if (status) { + goto clean_n_exit; + } + } + + dal_handle = kcontext->dal_handle; + status = kdb_lock_lib_lock(dal_handle->lib_handle, FALSE); + if (status) { + goto clean_n_exit; + } + + status = + dal_handle->lib_handle->vftabl.db_get_principal(kcontext, search_for, + flags, + entries, nentries, + more); + kdb_unlock_lib_lock(dal_handle->lib_handle, FALSE); + + clean_n_exit: + return status; +} + +krb5_error_code krb5_db_free_principal(krb5_context kcontext, krb5_db_entry * entry, int count) { krb5_error_code status = 0; @@ -1110,7 +1152,7 @@ krb5_db_put_principal(krb5_context kcontext, upd->kdb_princ_name.utf8str_t_val = princ_name; upd->kdb_princ_name.utf8str_t_len = strlen(princ_name); - if ((status = ulog_add_update(kcontext, upd))) + if ((status = ulog_add_update(kcontext, upd)) != 0) goto err_lock; upd++; } @@ -2164,3 +2206,125 @@ krb5_db_promote(krb5_context kcontext, char **db_args) return status; } +krb5_error_code +krb5_dbekd_decrypt_key_data( krb5_context kcontext, + const krb5_keyblock * mkey, + const krb5_key_data * key_data, + krb5_keyblock * dbkey, + krb5_keysalt * keysalt) +{ + krb5_error_code status = 0; + kdb5_dal_handle *dal_handle; + + if (kcontext->dal_handle == NULL) { + status = kdb_setup_lib_handle(kcontext); + if (status) { + goto clean_n_exit; + } + } + + dal_handle = kcontext->dal_handle; + status = kdb_lock_lib_lock(dal_handle->lib_handle, FALSE); + if (status) { + goto clean_n_exit; + } + + status = + dal_handle->lib_handle->vftabl.dbekd_decrypt_key_data(kcontext, + mkey, key_data, dbkey, keysalt); + kdb_unlock_lib_lock(dal_handle->lib_handle, FALSE); + + clean_n_exit: + return status; +} + +krb5_error_code +krb5_dbekd_encrypt_key_data( krb5_context kcontext, + const krb5_keyblock * mkey, + const krb5_keyblock * dbkey, + const krb5_keysalt * keysalt, + int keyver, + krb5_key_data * key_data) +{ + krb5_error_code status = 0; + kdb5_dal_handle *dal_handle; + + if (kcontext->dal_handle == NULL) { + status = kdb_setup_lib_handle(kcontext); + if (status) { + goto clean_n_exit; + } + } + + dal_handle = kcontext->dal_handle; + status = kdb_lock_lib_lock(dal_handle->lib_handle, FALSE); + if (status) { + goto clean_n_exit; + } + + status = + dal_handle->lib_handle->vftabl.dbekd_encrypt_key_data(kcontext, + mkey, dbkey, keysalt, keyver, key_data); + kdb_unlock_lib_lock(dal_handle->lib_handle, FALSE); + + clean_n_exit: + return status; +} + +krb5_error_code +krb5_db_get_context(krb5_context context, void **db_context) +{ + *db_context = KRB5_DB_GET_DB_CONTEXT(context); + if (*db_context == NULL) { + return KRB5_KDB_DBNOTINITED; + } + + return 0; +} + +krb5_error_code +krb5_db_set_context(krb5_context context, void *db_context) +{ + KRB5_DB_GET_DB_CONTEXT(context) = db_context; + + return 0; +} + +krb5_error_code +krb5_db_invoke(krb5_context kcontext, + unsigned int method, + const krb5_data *req, + krb5_data *rep) +{ + krb5_error_code status = 0; + kdb5_dal_handle *dal_handle; + + if (kcontext->dal_handle == NULL) { + status = kdb_setup_lib_handle(kcontext); + if (status) { + goto clean_n_exit; + } + } + + dal_handle = kcontext->dal_handle; + if (dal_handle->lib_handle->vftabl.db_invoke == NULL) { + status = KRB5_KDB_DBTYPE_NOSUP; + goto clean_n_exit; + } + + status = kdb_lock_lib_lock(dal_handle->lib_handle, FALSE); + if (status) { + goto clean_n_exit; + } + + status = + dal_handle->lib_handle->vftabl.db_invoke(kcontext, + method, + req, + rep); + kdb_unlock_lib_lock(dal_handle->lib_handle, FALSE); + + clean_n_exit: + return status; +} + |