diff options
Diffstat (limited to 'src/lib/kadm5')
39 files changed, 973 insertions, 1327 deletions
diff --git a/src/lib/kadm5/ChangeLog b/src/lib/kadm5/ChangeLog index 96b6dbc..cb3f14b 100644 --- a/src/lib/kadm5/ChangeLog +++ b/src/lib/kadm5/ChangeLog @@ -1,3 +1,16 @@ +2005-06-20 Ken Raeburn <raeburn@mit.edu> + + Novell merge. + * Makefile.in: + * adb_err.et: + * admin.h: + * admin_xdr.h: + * kadm_err.et: + * kadm_rpc.h: + * kadm_rpc_xdr.c: + * ovsec_glue.c: + * server_internal.h: + 2005-04-19 Ken Raeburn <raeburn@mit.edu> * configure.in: Don't invoke AC_CANONICAL_HOST explicitly, diff --git a/src/lib/kadm5/Makefile.in b/src/lib/kadm5/Makefile.in index 79847e9..fe8384c 100644 --- a/src/lib/kadm5/Makefile.in +++ b/src/lib/kadm5/Makefile.in @@ -7,20 +7,16 @@ LOCAL_SUBDIRS = clnt srv unit-test ##DOSBUILDTOP = ..\.. kadm_err.$(OBJEXT): kadm_err.c -adb_err.$(OBJEXT): adb_err.c chpass_util_strings.$(OBJEXT): chpass_util_strings.c kadm_err.c kadm_err.h: $(srcdir)/kadm_err.et -adb_err.c adb_err.h: $(srcdir)/adb_err.et chpass_util_strings.c chpass_util_strings.h: $(srcdir)/chpass_util_strings.et clean:: $(RM) kadm_err.c kadm_err.h kadm_err.o - $(RM) adb_err.c adb_err.h adb_err.o $(RM) chpass_util_strings.c chpass_util_strings.h chpass_util_strings.o SRCS = kadm_err.c \ - adb_err.c \ chpass_util_strings.c \ $(srcdir)/ovsec_glue.c \ $(srcdir)/misc_free.c \ @@ -31,7 +27,6 @@ SRCS = kadm_err.c \ $(srcdir)/logger.c OBJS = kadm_err.$(OBJEXT) \ - adb_err.$(OBJEXT) \ chpass_util_strings.$(OBJEXT) \ ovsec_glue.$(OBJEXT) \ misc_free.$(OBJEXT) \ @@ -43,7 +38,6 @@ OBJS = kadm_err.$(OBJEXT) \ STLIBOBJS = \ kadm_err.o \ - adb_err.o \ chpass_util_strings.o \ ovsec_glue.o \ misc_free.o \ @@ -54,18 +48,16 @@ STLIBOBJS = \ logger.o HDRDIR=$(BUILDTOP)/include/kadm5 -HDRS = $(HDRDIR)/adb.h \ - $(HDRDIR)/admin.h \ +HDRS = $(HDRDIR)/admin.h \ $(HDRDIR)/admin_internal.h \ $(HDRDIR)/admin_xdr.h \ $(HDRDIR)/kadm_rpc.h \ $(HDRDIR)/server_internal.h \ - $(HDRDIR)/adb_err.h \ $(HDRDIR)/chpass_util_strings.h \ $(HDRDIR)/kadm_err.h -BUILD_HDRS = adb_err.h chpass_util_strings.h kadm_err.h -SRC_HDRS = adb.h admin.h admin_internal.h admin_xdr.h kadm_rpc.h \ +BUILD_HDRS = chpass_util_strings.h kadm_err.h +SRC_HDRS = admin.h admin_internal.h admin_xdr.h kadm_rpc.h \ server_internal.h $(HDRS): includes @@ -112,8 +104,6 @@ clean-windows:: # kadm_err.so kadm_err.po $(OUTPRE)kadm_err.$(OBJEXT): \ kadm_err.c $(COM_ERR_DEPS) -adb_err.so adb_err.po $(OUTPRE)adb_err.$(OBJEXT): adb_err.c \ - $(COM_ERR_DEPS) chpass_util_strings.so chpass_util_strings.po $(OUTPRE)chpass_util_strings.$(OBJEXT): \ chpass_util_strings.c $(COM_ERR_DEPS) ovsec_glue.so ovsec_glue.po $(OUTPRE)ovsec_glue.$(OBJEXT): \ @@ -130,7 +120,7 @@ ovsec_glue.so ovsec_glue.po $(OUTPRE)ovsec_glue.$(OBJEXT): \ $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \ $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/socket-utils.h \ $(SRCTOP)/include/krb5/kdb.h $(BUILDTOP)/include/kadm5/kadm_err.h \ - $(BUILDTOP)/include/kadm5/adb_err.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h + $(BUILDTOP)/include/kadm5/chpass_util_strings.h misc_free.so misc_free.po $(OUTPRE)misc_free.$(OBJEXT): \ misc_free.c $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/gssrpc/rpc.h \ $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/gssrpc/rename.h \ @@ -145,9 +135,8 @@ misc_free.so misc_free.po $(OUTPRE)misc_free.$(OBJEXT): \ $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \ $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/socket-utils.h \ $(SRCTOP)/include/krb5/kdb.h $(BUILDTOP)/include/kadm5/kadm_err.h \ - $(BUILDTOP)/include/kadm5/adb_err.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \ - server_internal.h $(SRCTOP)/include/krb5/kdb.h admin_internal.h \ - adb.h $(DB_DEPS) + $(BUILDTOP)/include/kadm5/chpass_util_strings.h server_internal.h \ + $(SRCTOP)/include/krb5/kdb.h admin_internal.h kadm_rpc_xdr.so kadm_rpc_xdr.po $(OUTPRE)kadm_rpc_xdr.$(OBJEXT): \ kadm_rpc_xdr.c $(BUILDTOP)/include/gssrpc/rpc.h $(BUILDTOP)/include/gssrpc/types.h \ $(BUILDTOP)/include/gssrpc/rename.h $(BUILDTOP)/include/gssrpc/xdr.h \ @@ -162,9 +151,10 @@ kadm_rpc_xdr.so kadm_rpc_xdr.po $(OUTPRE)kadm_rpc_xdr.$(OBJEXT): \ $(SRCTOP)/include/port-sockets.h $(BUILDTOP)/include/krb5/autoconf.h \ $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \ $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/kadm_err.h \ - $(BUILDTOP)/include/kadm5/adb_err.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \ - $(BUILDTOP)/include/kadm5/kadm_rpc.h $(BUILDTOP)/include/kadm5/admin_xdr.h \ - $(BUILDTOP)/include/kadm5/kadm_rpc.h + $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_rpc.h \ + $(BUILDTOP)/include/kadm5/admin_xdr.h $(BUILDTOP)/include/kadm5/kadm_rpc.h \ + $(BUILDTOP)/include/kadm5/server_internal.h $(SRCTOP)/include/krb5/kdb.h \ + $(BUILDTOP)/include/kadm5/admin_internal.h chpass_util.so chpass_util.po $(OUTPRE)chpass_util.$(OBJEXT): \ chpass_util.c $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/gssrpc/rpc.h \ $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/gssrpc/rename.h \ @@ -179,8 +169,7 @@ chpass_util.so chpass_util.po $(OUTPRE)chpass_util.$(OBJEXT): \ $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \ $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/socket-utils.h \ $(SRCTOP)/include/krb5/kdb.h $(BUILDTOP)/include/kadm5/kadm_err.h \ - $(BUILDTOP)/include/kadm5/adb_err.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \ - admin_internal.h + $(BUILDTOP)/include/kadm5/chpass_util_strings.h admin_internal.h alt_prof.so alt_prof.po $(OUTPRE)alt_prof.$(OBJEXT): \ alt_prof.c $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/krb5/osconf.h \ $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/k5-platform.h \ @@ -196,8 +185,7 @@ alt_prof.so alt_prof.po $(OUTPRE)alt_prof.$(OBJEXT): \ $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/svc_auth.h \ $(BUILDTOP)/include/gssrpc/svc.h $(BUILDTOP)/include/krb5.h \ $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/kadm5/kadm_err.h \ - $(BUILDTOP)/include/kadm5/adb_err.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \ - $(SRCTOP)/include/krb5/adm_proto.h + $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(SRCTOP)/include/krb5/adm_proto.h str_conv.so str_conv.po $(OUTPRE)str_conv.$(OBJEXT): \ str_conv.c $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/krb5/osconf.h \ $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/k5-platform.h \ @@ -213,8 +201,8 @@ str_conv.so str_conv.po $(OUTPRE)str_conv.$(OBJEXT): \ $(BUILDTOP)/include/gssrpc/auth_gss.h $(BUILDTOP)/include/gssapi/gssapi.h \ $(BUILDTOP)/include/gssrpc/svc_auth.h $(BUILDTOP)/include/gssrpc/svc.h \ $(BUILDTOP)/include/krb5.h $(SRCTOP)/include/k5-int.h \ - $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/adb_err.h \ - $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(SRCTOP)/include/krb5/adm_proto.h + $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \ + $(SRCTOP)/include/krb5/adm_proto.h logger.so logger.po $(OUTPRE)logger.$(OBJEXT): logger.c \ $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/krb5/osconf.h \ $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/k5-platform.h \ diff --git a/src/lib/kadm5/adb_err.et b/src/lib/kadm5/adb_err.et deleted file mode 100644 index 3948025..0000000 --- a/src/lib/kadm5/adb_err.et +++ /dev/null @@ -1,16 +0,0 @@ -error_table adb -error_code OSA_ADB_NOERR, "No Error" -error_code OSA_ADB_DUP, "Principal or policy already exists" -error_code OSA_ADB_NOENT, "Principal or policy does not exist" -error_code OSA_ADB_DBINIT, "Database not initialized" -error_code OSA_ADB_BAD_POLICY, "Invalid policy name" -error_code OSA_ADB_BAD_PRINC, "Invalid principal name" -error_code OSA_ADB_BAD_DB, "Database inconsistency detected" -error_code OSA_ADB_XDR_FAILURE, "XDR encoding error" -error_code OSA_ADB_FAILURE, "Failure!" -error_code OSA_ADB_BADLOCKMODE, "Bad lock mode" -error_code OSA_ADB_CANTLOCK_DB, "Cannot lock database" -error_code OSA_ADB_NOTLOCKED, "Database not locked" -error_code OSA_ADB_NOLOCKFILE, "KADM5 administration database lock file missing" -error_code OSA_ADB_NOEXCL_PERM, "Insufficient permission to lock file" -end diff --git a/src/lib/kadm5/admin.h b/src/lib/kadm5/admin.h index 4051601..a70e90b 100644 --- a/src/lib/kadm5/admin.h +++ b/src/lib/kadm5/admin.h @@ -43,7 +43,6 @@ #include <k5-int.h> #include <com_err.h> #include <kadm5/kadm_err.h> -#include <kadm5/adb_err.h> #include <kadm5/chpass_util_strings.h> #define KADM5_ADMIN_SERVICE "kadmin/admin" @@ -204,11 +203,6 @@ typedef struct _kadm5_policy_ent_t { long policy_refcnt; } kadm5_policy_ent_rec, *kadm5_policy_ent_t; -typedef struct __krb5_key_salt_tuple { - krb5_enctype ks_enctype; - krb5_int32 ks_salttype; -} krb5_key_salt_tuple; - /* * Data structure returned by kadm5_get_config_params() */ @@ -304,6 +298,7 @@ kadm5_ret_t kadm5_init(char *client_name, char *pass, #endif krb5_ui_4 struct_version, krb5_ui_4 api_version, + char **db_args, void **server_handle); kadm5_ret_t kadm5_init_with_password(char *client_name, char *pass, @@ -315,6 +310,7 @@ kadm5_ret_t kadm5_init_with_password(char *client_name, #endif krb5_ui_4 struct_version, krb5_ui_4 api_version, + char **db_args, void **server_handle); kadm5_ret_t kadm5_init_with_skey(char *client_name, char *keytab, @@ -326,6 +322,7 @@ kadm5_ret_t kadm5_init_with_skey(char *client_name, #endif krb5_ui_4 struct_version, krb5_ui_4 api_version, + char **db_args, void **server_handle); #if USE_KADM5_API_VERSION > 1 kadm5_ret_t kadm5_init_with_creds(char *client_name, @@ -334,6 +331,7 @@ kadm5_ret_t kadm5_init_with_creds(char *client_name, kadm5_config_params *params, krb5_ui_4 struct_version, krb5_ui_4 api_version, + char **db_args, void **server_handle); #endif kadm5_ret_t kadm5_lock(void *server_handle); @@ -594,6 +592,7 @@ ovsec_kadm_ret_t ovsec_kadm_init(char *client_name, char *pass, char *service_name, char *realm, krb5_ui_4 struct_version, krb5_ui_4 api_version, + char **db_args, void **server_handle); ovsec_kadm_ret_t ovsec_kadm_init_with_password(char *client_name, char *pass, @@ -601,6 +600,7 @@ ovsec_kadm_ret_t ovsec_kadm_init_with_password(char *client_name, char *realm, krb5_ui_4 struct_version, krb5_ui_4 api_version, + char ** db_args, void **server_handle); ovsec_kadm_ret_t ovsec_kadm_init_with_skey(char *client_name, char *keytab, @@ -608,6 +608,7 @@ ovsec_kadm_ret_t ovsec_kadm_init_with_skey(char *client_name, char *realm, krb5_ui_4 struct_version, krb5_ui_4 api_version, + char **db_args, void **server_handle); ovsec_kadm_ret_t ovsec_kadm_flush(void *server_handle); ovsec_kadm_ret_t ovsec_kadm_destroy(void *server_handle); diff --git a/src/lib/kadm5/admin_xdr.h b/src/lib/kadm5/admin_xdr.h index 3055025..05d1a7e 100644 --- a/src/lib/kadm5/admin_xdr.h +++ b/src/lib/kadm5/admin_xdr.h @@ -7,6 +7,7 @@ #include <kadm5/admin.h> #include "kadm_rpc.h" +#include "server_internal.h" bool_t xdr_ui_4(XDR *xdrs, krb5_ui_4 *objp); bool_t xdr_nullstring(XDR *xdrs, char **objp); @@ -59,3 +60,5 @@ bool_t xdr_krb5_int32(XDR *xdrs, krb5_int32 *objp); bool_t xdr_krb5_enctype(XDR *xdrs, krb5_enctype *objp); bool_t xdr_krb5_salttype(XDR *xdrs, krb5_int32 *objp); bool_t xdr_krb5_keyblock(XDR *xdrs, krb5_keyblock *objp); +bool_t xdr_krb5_key_data(XDR *xdrs, krb5_key_data *objp); +bool_t xdr_osa_pw_hist_ent(XDR *xdrs, osa_pw_hist_ent *objp); diff --git a/src/lib/kadm5/clnt/ChangeLog b/src/lib/kadm5/clnt/ChangeLog index fc2dfca..a296c1e 100644 --- a/src/lib/kadm5/clnt/ChangeLog +++ b/src/lib/kadm5/clnt/ChangeLog @@ -1,3 +1,14 @@ +2005-06-20 Ken Raeburn <raeburn@mit.edu> + + Novell merge. + * Makefile.in: + * client_init.c: + * client_principal.c: + * clnt_policy.c: + * clnt_privs.c: + * err_handle.c: + * err_handle.h: + 2005-02-11 Tom Yu <tlyu@mit.edu> * client_init.c (kadm5_get_init_creds, kadm5_gic_iter) diff --git a/src/lib/kadm5/clnt/Makefile.in b/src/lib/kadm5/clnt/Makefile.in index f4ed9db..449d753 100644 --- a/src/lib/kadm5/clnt/Makefile.in +++ b/src/lib/kadm5/clnt/Makefile.in @@ -27,6 +27,7 @@ SRCS = $(srcdir)/clnt_policy.c \ $(srcdir)/client_principal.c \ $(srcdir)/client_init.c \ $(srcdir)/clnt_privs.c \ + $(srcdir)/err_handle.c \ $(srcdir)/clnt_chpass_util.c OBJS = \ @@ -35,6 +36,7 @@ OBJS = \ client_principal.$(OBJEXT) \ client_init.$(OBJEXT) \ clnt_privs.$(OBJEXT) \ + err_handle.$(OBJEXT) \ clnt_chpass_util.$(OBJEXT) STLIBOBJS = \ @@ -43,8 +45,11 @@ STLIBOBJS = \ client_principal.o \ client_init.o \ clnt_privs.o \ + err_handle.o \ clnt_chpass_util.o +err_handle.o : err_handle.h err_handle.c + all-unix:: includes all-unix:: all-liblinks all-windows:: $(OBJS) @@ -91,9 +96,9 @@ clnt_policy.so clnt_policy.po $(OUTPRE)clnt_policy.$(OBJEXT): \ $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \ $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/socket-utils.h \ $(SRCTOP)/include/krb5/kdb.h $(BUILDTOP)/include/kadm5/kadm_err.h \ - $(BUILDTOP)/include/kadm5/adb_err.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \ - $(BUILDTOP)/include/kadm5/kadm_rpc.h client_internal.h \ - $(BUILDTOP)/include/kadm5/admin_internal.h + $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_rpc.h \ + client_internal.h $(BUILDTOP)/include/kadm5/admin_internal.h \ + err_handle.h client_rpc.so client_rpc.po $(OUTPRE)client_rpc.$(OBJEXT): \ client_rpc.c $(BUILDTOP)/include/gssrpc/rpc.h $(BUILDTOP)/include/gssrpc/types.h \ $(BUILDTOP)/include/gssrpc/rename.h $(BUILDTOP)/include/gssrpc/xdr.h \ @@ -108,8 +113,7 @@ client_rpc.so client_rpc.po $(OUTPRE)client_rpc.$(OBJEXT): \ $(SRCTOP)/include/k5-thread.h $(BUILDTOP)/include/profile.h \ $(SRCTOP)/include/port-sockets.h $(BUILDTOP)/include/krb5/autoconf.h \ $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \ - $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/adb_err.h \ - $(BUILDTOP)/include/kadm5/chpass_util_strings.h + $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h client_principal.so client_principal.po $(OUTPRE)client_principal.$(OBJEXT): \ client_principal.c $(BUILDTOP)/include/gssrpc/rpc.h \ $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/gssrpc/rename.h \ @@ -124,9 +128,9 @@ client_principal.so client_principal.po $(OUTPRE)client_principal.$(OBJEXT): \ $(SRCTOP)/include/k5-thread.h $(BUILDTOP)/include/profile.h \ $(SRCTOP)/include/port-sockets.h $(BUILDTOP)/include/krb5/autoconf.h \ $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \ - $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/adb_err.h \ - $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_rpc.h \ - client_internal.h $(BUILDTOP)/include/kadm5/admin_internal.h + $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \ + $(BUILDTOP)/include/kadm5/kadm_rpc.h client_internal.h \ + $(BUILDTOP)/include/kadm5/admin_internal.h err_handle.h client_init.so client_init.po $(OUTPRE)client_init.$(OBJEXT): \ client_init.c $(COM_ERR_DEPS) $(BUILDTOP)/include/krb5.h \ $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/krb5/osconf.h \ @@ -141,10 +145,10 @@ client_init.so client_init.po $(OUTPRE)client_init.$(OBJEXT): \ $(BUILDTOP)/include/gssrpc/rpc_msg.h $(BUILDTOP)/include/gssrpc/auth_unix.h \ $(BUILDTOP)/include/gssrpc/auth_gss.h $(BUILDTOP)/include/gssapi/gssapi.h \ $(BUILDTOP)/include/gssrpc/svc_auth.h $(BUILDTOP)/include/gssrpc/svc.h \ - $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/adb_err.h \ - $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_rpc.h \ - client_internal.h $(BUILDTOP)/include/kadm5/admin_internal.h \ - $(BUILDTOP)/include/gssapi/gssapi_krb5.h $(BUILDTOP)/include/gssrpc/auth_gssapi.h + $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \ + $(BUILDTOP)/include/kadm5/kadm_rpc.h client_internal.h \ + $(BUILDTOP)/include/kadm5/admin_internal.h $(BUILDTOP)/include/gssapi/gssapi_krb5.h \ + $(BUILDTOP)/include/gssrpc/auth_gssapi.h clnt_privs.so clnt_privs.po $(OUTPRE)clnt_privs.$(OBJEXT): \ clnt_privs.c $(BUILDTOP)/include/gssrpc/rpc.h $(BUILDTOP)/include/gssrpc/types.h \ $(BUILDTOP)/include/gssrpc/rename.h $(BUILDTOP)/include/gssrpc/xdr.h \ @@ -159,9 +163,17 @@ clnt_privs.so clnt_privs.po $(OUTPRE)clnt_privs.$(OBJEXT): \ $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \ $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/socket-utils.h \ $(SRCTOP)/include/krb5/kdb.h $(BUILDTOP)/include/kadm5/kadm_err.h \ - $(BUILDTOP)/include/kadm5/adb_err.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \ - $(BUILDTOP)/include/kadm5/kadm_rpc.h client_internal.h \ - $(BUILDTOP)/include/kadm5/admin_internal.h + $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_rpc.h \ + client_internal.h $(BUILDTOP)/include/kadm5/admin_internal.h \ + err_handle.h +err_handle.so err_handle.po $(OUTPRE)err_handle.$(OBJEXT): \ + err_handle.c err_handle.h $(SRCTOP)/include/k5-int.h \ + $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \ + $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5/autoconf.h \ + $(SRCTOP)/include/k5-thread.h $(BUILDTOP)/include/krb5.h \ + $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \ + $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/socket-utils.h \ + $(SRCTOP)/include/krb5/kdb.h clnt_chpass_util.so clnt_chpass_util.po $(OUTPRE)clnt_chpass_util.$(OBJEXT): \ clnt_chpass_util.c $(BUILDTOP)/include/kadm5/admin.h \ $(BUILDTOP)/include/gssrpc/rpc.h $(BUILDTOP)/include/gssrpc/types.h \ @@ -176,6 +188,5 @@ clnt_chpass_util.so clnt_chpass_util.po $(OUTPRE)clnt_chpass_util.$(OBJEXT): \ $(SRCTOP)/include/k5-thread.h $(BUILDTOP)/include/profile.h \ $(SRCTOP)/include/port-sockets.h $(BUILDTOP)/include/krb5/autoconf.h \ $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \ - $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/adb_err.h \ - $(BUILDTOP)/include/kadm5/chpass_util_strings.h client_internal.h \ - $(BUILDTOP)/include/kadm5/admin_internal.h + $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \ + client_internal.h $(BUILDTOP)/include/kadm5/admin_internal.h diff --git a/src/lib/kadm5/clnt/client_init.c b/src/lib/kadm5/clnt/client_init.c index f103154..cf5638e 100644 --- a/src/lib/kadm5/clnt/client_init.c +++ b/src/lib/kadm5/clnt/client_init.c @@ -65,6 +65,7 @@ static kadm5_ret_t _kadm5_init_any(char *client_name, kadm5_config_params *params, krb5_ui_4 struct_version, krb5_ui_4 api_version, + char **db_args, void **server_handle); static kadm5_ret_t @@ -99,11 +100,12 @@ kadm5_ret_t kadm5_init_with_creds(char *client_name, kadm5_config_params *params, krb5_ui_4 struct_version, krb5_ui_4 api_version, + char **db_args, void **server_handle) { return _kadm5_init_any(client_name, INIT_CREDS, NULL, ccache, service_name, params, - struct_version, api_version, + struct_version, api_version, db_args, server_handle); } @@ -113,11 +115,12 @@ kadm5_ret_t kadm5_init_with_password(char *client_name, char *pass, kadm5_config_params *params, krb5_ui_4 struct_version, krb5_ui_4 api_version, + char **db_args, void **server_handle) { return _kadm5_init_any(client_name, INIT_PASS, pass, NULL, service_name, params, struct_version, - api_version, server_handle); + api_version, db_args, server_handle); } kadm5_ret_t kadm5_init(char *client_name, char *pass, @@ -125,11 +128,12 @@ kadm5_ret_t kadm5_init(char *client_name, char *pass, kadm5_config_params *params, krb5_ui_4 struct_version, krb5_ui_4 api_version, + char **db_args, void **server_handle) { return _kadm5_init_any(client_name, INIT_PASS, pass, NULL, service_name, params, struct_version, - api_version, server_handle); + api_version, db_args, server_handle); } kadm5_ret_t kadm5_init_with_skey(char *client_name, char *keytab, @@ -137,11 +141,12 @@ kadm5_ret_t kadm5_init_with_skey(char *client_name, char *keytab, kadm5_config_params *params, krb5_ui_4 struct_version, krb5_ui_4 api_version, + char **db_args, void **server_handle) { return _kadm5_init_any(client_name, INIT_SKEY, keytab, NULL, service_name, params, struct_version, - api_version, server_handle); + api_version, db_args, server_handle); } static kadm5_ret_t _kadm5_init_any(char *client_name, @@ -152,6 +157,7 @@ static kadm5_ret_t _kadm5_init_any(char *client_name, kadm5_config_params *params_in, krb5_ui_4 struct_version, krb5_ui_4 api_version, + char **db_args, void **server_handle) { struct sockaddr_in addr; @@ -168,7 +174,7 @@ static kadm5_ret_t _kadm5_init_any(char *client_name, generic_ret *r; initialize_ovk_error_table(); - initialize_adb_error_table(); +/* initialize_adb_error_table(); */ initialize_ovku_error_table(); if (! server_handle) { diff --git a/src/lib/kadm5/clnt/client_principal.c b/src/lib/kadm5/clnt/client_principal.c index 972a7b3..eb22483 100644 --- a/src/lib/kadm5/clnt/client_principal.c +++ b/src/lib/kadm5/clnt/client_principal.c @@ -15,6 +15,7 @@ static char *rcsid = "$Header$"; #include <memory.h> #endif #include "client_internal.h" +#include "err_handle.h" #ifdef DEBUG #define eret() do { clnt_perror(handle->clnt, "null ret"); return KADM5_RPC_ERROR; } while (0) @@ -254,6 +255,11 @@ kadm5_get_principal(void *server_handle, memcpy(ent, &r->rec, sizeof(r->rec)); } + + if(r->code) + { + krb5_set_err( handle->context, krb5_err_have_str, r->code, r->err_str ); + } return r->code; } @@ -282,6 +288,10 @@ kadm5_get_principals(void *server_handle, *princs = NULL; } + if(r->code) + { + krb5_set_err( handle->context, krb5_err_have_str, r->code, r->err_str ); + } return r->code; } @@ -483,6 +493,11 @@ kadm5_randkey_principal_3(void *server_handle, } } + if(r->code) + { + krb5_set_err( handle->context, krb5_err_have_str, r->code, r->err_str ); + } + return r->code; } @@ -531,6 +546,11 @@ kadm5_randkey_principal(void *server_handle, } } + if(r->code) + { + krb5_set_err( handle->context, krb5_err_have_str, r->code, r->err_str ); + } + return r->code; } diff --git a/src/lib/kadm5/clnt/clnt_policy.c b/src/lib/kadm5/clnt/clnt_policy.c index 182b2d9e..55bef4a 100644 --- a/src/lib/kadm5/clnt/clnt_policy.c +++ b/src/lib/kadm5/clnt/clnt_policy.c @@ -14,6 +14,7 @@ static char *rcsid = "$Header$"; #include "client_internal.h" #include <stdlib.h> #include <string.h> +#include "err_handle.h" kadm5_ret_t kadm5_create_policy(void *server_handle, @@ -34,6 +35,11 @@ kadm5_create_policy(void *server_handle, r = create_policy_1(&arg, handle->clnt); if(r == NULL) return KADM5_RPC_ERROR; + + if(r->code) + { + krb5_set_err( handle->context, krb5_err_have_str, r->code, r->err_str ); + } return r->code; } @@ -55,6 +61,11 @@ kadm5_delete_policy(void *server_handle, char *name) r = delete_policy_1(&arg, handle->clnt); if(r == NULL) return KADM5_RPC_ERROR; + + if(r->code) + { + krb5_set_err( handle->context, krb5_err_have_str, r->code, r->err_str ); + } return r->code; } @@ -78,6 +89,11 @@ kadm5_modify_policy(void *server_handle, r = modify_policy_1(&arg, handle->clnt); if(r == NULL) return KADM5_RPC_ERROR; + + if(r->code) + { + krb5_set_err( handle->context, krb5_err_have_str, r->code, r->err_str ); + } return r->code; } @@ -116,6 +132,10 @@ kadm5_get_policy(void *server_handle, char *name, kadm5_policy_ent_t ent) memcpy(ent, &r->rec, sizeof(r->rec)); } + if(r->code) + { + krb5_set_err( handle->context, krb5_err_have_str, r->code, r->err_str ); + } return r->code; } @@ -144,5 +164,9 @@ kadm5_get_policies(void *server_handle, *pols = NULL; } + if(r->code) + { + krb5_set_err( handle->context, krb5_err_have_str, r->code, r->err_str ); + } return r->code; } diff --git a/src/lib/kadm5/clnt/clnt_privs.c b/src/lib/kadm5/clnt/clnt_privs.c index 0452f72..497feea 100644 --- a/src/lib/kadm5/clnt/clnt_privs.c +++ b/src/lib/kadm5/clnt/clnt_privs.c @@ -5,6 +5,15 @@ * $Source$ * * $Log$ + * Revision 1.3 2005/06/21 01:35:56 raeburn + * Novell Database Abstraction Layer merge. + * Will probably break things. + * + * Revision 1.2.26.1 2005/06/17 21:11:24 raeburn + * Initial checkin of Novell Database Abstraction Layer changes. + * Patches applied to 1.4.1 release code, updated to trunk, makefile dependencies + * deleted when they caused cvs merge conflicts. + * * Revision 1.2 1998/02/14 02:32:58 tlyu * * client_init.c: * * client_principal.c: @@ -65,6 +74,7 @@ static char *rcsid = "$Header$"; #include <kadm5/admin.h> #include <kadm5/kadm_rpc.h> #include "client_internal.h" +#include "err_handle.h" kadm5_ret_t kadm5_get_privs(void *server_handle, long *privs) { @@ -76,5 +86,10 @@ kadm5_ret_t kadm5_get_privs(void *server_handle, long *privs) return KADM5_RPC_ERROR; else if (r->code == KADM5_OK) *privs = r->privs; + + if(r->code) + { + krb5_set_err( handle->context, krb5_err_have_str, r->code, r->err_str ); + } return r->code; } diff --git a/src/lib/kadm5/clnt/err_handle.c b/src/lib/kadm5/clnt/err_handle.c new file mode 100644 index 0000000..997544d --- /dev/null +++ b/src/lib/kadm5/clnt/err_handle.c @@ -0,0 +1,185 @@ +/********************************************************************** +* +* C %name: err_handle.c % +* Instance: idc_sec_1 +* Description: +* %created_by: spradeep % +* %date_created: Thu Apr 7 15:36:27 2005 % +* +**********************************************************************/ +#ifndef lint +static char *_csrc = "@(#) %filespec: err_handle.c~1 % (%full_filespec: err_handle.c~1:csrc:idc_sec#2 %)"; +#endif + +/* this file should be ideally be in util/et. But, for now thread safety requirement stops me from putting there. + if I do, then all the applications have to link to pthread */ + +#ifdef HAVE_PTHREAD_H +#include <pthread.h> +#endif +#include "err_handle.h" +#include <assert.h> + +#ifdef NOVELL +krb5_errcode_2_string_func old_error_2_string = NULL; +#endif + +typedef struct { + char krb5_err_str[KRB5_MAX_ERR_STR + 1]; + long err_code; + krb5_err_subsystem subsystem; + krb5_context kcontext; +} krb5_err_struct_t; + +#ifdef HAVE_PTHREAD_H +static void tsd_key_destructor(void *data) +{ + free(data); +} + +static pthread_key_t krb5_err_key; + +static void init_err_handling( void ) +{ + assert(!pthread_key_create(&krb5_err_key, tsd_key_destructor)); +#ifdef NOVELL + old_error_2_string = error_message; + error_message = krb5_get_err_string; +#endif +} + +static pthread_once_t krb5_key_create = PTHREAD_ONCE_INIT; + +krb5_error_code krb5_set_err( krb5_context kcontext, krb5_err_subsystem subsystem, long err_code, char *str ) +{ + int ret; + krb5_err_struct_t *err_struct; + pthread_once(&krb5_key_create, init_err_handling); + + err_struct = (krb5_err_struct_t*) pthread_getspecific(krb5_err_key); + if( err_struct == NULL ) + { + err_struct = calloc(sizeof(krb5_err_struct_t), 1); + if( err_struct == NULL ) + return ENOMEM; + + if((ret = pthread_setspecific(krb5_err_key, err_struct))) + { + free( err_struct ); + return ret; + } + } + + err_struct->subsystem = subsystem; + err_struct->err_code = err_code; + err_struct->kcontext = kcontext; + if( err_struct->subsystem == krb5_err_have_str ) + { + strncpy( err_struct->krb5_err_str, str, sizeof(err_struct->krb5_err_str) ); + err_struct->krb5_err_str[KRB5_MAX_ERR_STR] = '\0'; + } + + return 0; +} + +const char * KRB5_CALLCONV krb5_get_err_string(long err_code) +{ + krb5_err_struct_t *err_struct; + pthread_once(&krb5_key_create, init_err_handling); + + err_struct = (krb5_err_struct_t*) pthread_getspecific(krb5_err_key); + if( err_struct && (err_struct->subsystem == krb5_err_have_str) && (err_code == err_struct->err_code) ) + { + /* checking error code is for safety. + In case, the caller ignores a database error and calls other calls before doing com_err. + Though not perfect, caller should call krb5_clr_error before this*/ + err_struct->subsystem = krb5_err_unknown; + return err_struct->krb5_err_str; + } + + /* Error strings are not generated here. the remaining two cases are handled by the default error string convertor */ +#ifdef NOVELL + return old_error_2_string(err_code); +#else + return error_message(err_code); +#endif +} + +void krb5_clr_error() +{ + krb5_err_struct_t *err_struct; + pthread_once(&krb5_key_create, init_err_handling); + + err_struct = (krb5_err_struct_t*) pthread_getspecific(krb5_err_key); + if( err_struct ) + err_struct->subsystem = krb5_err_unknown; +} + +#else +krb5_err_struct_t krb5_err = {{0}, 0, 0, 0}; +krb5_boolean krb5_init_once = TRUE; + +static void init_err_handling( void ) +{ + if( krb5_init_once ) + { +#ifdef NOVELL + old_error_2_string = error_message; + error_message = krb5_get_err_string; +#endif + krb5_init_once = FALSE; + } +} + +krb5_error_code krb5_set_err( krb5_context kcontext, krb5_err_subsystem subsystem, long err_code, char *str ) +{ + krb5_err_struct_t *err_struct = &krb5_err; + + init_err_handling(); /* takes care for multiple inits */ + + err_struct->subsystem = subsystem; + err_struct->err_code = err_code; + err_struct->kcontext = kcontext; + if( err_struct->subsystem == krb5_err_have_str ) + { + strncpy( err_struct->krb5_err_str, str, sizeof(err_struct->krb5_err_str) ); + err_struct->krb5_err_str[KRB5_MAX_ERR_STR] = '\0'; + } + + return 0; +} + +const char * KRB5_CALLCONV krb5_get_err_string(long err_code) +{ + krb5_err_struct_t *err_struct = &krb5_err; + + init_err_handling(); /* takes care for multiple inits */ + + if( (err_struct->subsystem == krb5_err_have_str) && (err_code == err_struct->err_code) ) + { + /* checking error code is for safety. + In case, the caller ignores a database error and calls other calls before doing com_err. + Though not perfect, caller should call krb5_clr_error before this*/ + err_struct->subsystem = krb5_err_unknown; + return err_struct->krb5_err_str; + } + + /* it is not generated here. the remaining two cases are handled by the default error string convertor */ +#ifdef NOVELL + return old_error_2_string(err_code); +#else + return error_message(err_code); +#endif +} + +void krb5_clr_error() +{ + krb5_err_struct_t *err_struct = &krb5_err; + + init_err_handling(); /* takes care for multiple inits */ + + err_struct->subsystem = krb5_err_unknown; +} + + +#endif diff --git a/src/lib/kadm5/clnt/err_handle.h b/src/lib/kadm5/clnt/err_handle.h new file mode 100644 index 0000000..76b6ee4 --- /dev/null +++ b/src/lib/kadm5/clnt/err_handle.h @@ -0,0 +1,32 @@ +/********************************************************************** +* +* C Header: err_handle.h +* Instance: idc_sec_1 +* Description: +* %created_by: spradeep % +* %date_created: Thu Apr 7 15:36:49 2005 % +* +**********************************************************************/ +#ifndef _idc_sec_1_err_handle_h_H +#define _idc_sec_1_err_handle_h_H +#include <k5-int.h> + +/* Everything else goes here */ + +#define KRB5_MAX_ERR_STR 1024 +typedef enum krb5_err_subsystem { krb5_err_unknown = 0, /* no error or unknown system. Has to be probed */ + krb5_err_system, /* error in system call */ + krb5_err_krblib, /* error in kerberos library call, should lookup in the error table */ + krb5_err_have_str, /* error message is available in the string */ + krb5_err_db /* error is a database error, should be handled by calling DB */ +} krb5_err_subsystem; + +typedef krb5_error_code (*krb5_set_err_func_t)( krb5_context, krb5_err_subsystem, long, char*); + +krb5_error_code krb5_set_err( krb5_context kcontext, krb5_err_subsystem subsystem, long err_code, char *str ); + +const char * KRB5_CALLCONV krb5_get_err_string(long err_code); + +void krb5_clr_error(void); + +#endif diff --git a/src/lib/kadm5/kadm_err.et b/src/lib/kadm5/kadm_err.et index c7b48b3..da18a74 100644 --- a/src/lib/kadm5/kadm_err.et +++ b/src/lib/kadm5/kadm_err.et @@ -59,4 +59,5 @@ error_code KADM5_SETKEY_DUP_ENCTYPES, "Multiple values for single or folded enct error_code KADM5_SETV4KEY_INVAL_ENCTYPE, "Invalid enctype for setv4key" error_code KADM5_SETKEY3_ETYPE_MISMATCH, "Mismatched enctypes for setkey3" error_code KADM5_MISSING_KRB5_CONF_PARAMS, "Missing parameters in krb5.conf required for kadmin client" +error_code KADM5_XDR_FAILURE, "XDR encoding error" end diff --git a/src/lib/kadm5/kadm_rpc.h b/src/lib/kadm5/kadm_rpc.h index d546c94..df77643 100644 --- a/src/lib/kadm5/kadm_rpc.h +++ b/src/lib/kadm5/kadm_rpc.h @@ -29,6 +29,7 @@ bool_t xdr_cprinc3_arg(); struct generic_ret { krb5_ui_4 api_version; kadm5_ret_t code; + char *err_str; }; typedef struct generic_ret generic_ret; bool_t xdr_generic_ret(); @@ -68,6 +69,7 @@ struct gprincs_ret { kadm5_ret_t code; char **princs; int count; + char *err_str; }; typedef struct gprincs_ret gprincs_ret; bool_t xdr_gprincs_ret(); @@ -143,6 +145,7 @@ struct chrand_ret { krb5_keyblock key; krb5_keyblock *keys; int n_keys; + char *err_str; }; typedef struct chrand_ret chrand_ret; bool_t xdr_chrand_ret(); @@ -159,6 +162,7 @@ struct gprinc_ret { krb5_ui_4 api_version; kadm5_ret_t code; kadm5_principal_ent_rec rec; + char *err_str; }; typedef struct gprinc_ret gprinc_ret; bool_t xdr_gprinc_ret(); @@ -206,6 +210,7 @@ struct gpol_ret { krb5_ui_4 api_version; kadm5_ret_t code; kadm5_policy_ent_rec rec; + char *err_str; }; typedef struct gpol_ret gpol_ret; bool_t xdr_gpol_ret(); @@ -222,6 +227,7 @@ struct gpols_ret { kadm5_ret_t code; char **pols; int count; + char *err_str; }; typedef struct gpols_ret gpols_ret; bool_t xdr_gpols_ret(); @@ -230,6 +236,7 @@ struct getprivs_ret { krb5_ui_4 api_version; kadm5_ret_t code; long privs; + char *err_str; }; typedef struct getprivs_ret getprivs_ret; bool_t xdr_getprivs_ret(); diff --git a/src/lib/kadm5/kadm_rpc_xdr.c b/src/lib/kadm5/kadm_rpc_xdr.c index f5a34e9..f7090bd 100644 --- a/src/lib/kadm5/kadm_rpc_xdr.c +++ b/src/lib/kadm5/kadm_rpc_xdr.c @@ -544,6 +544,19 @@ xdr_generic_ret(XDR *xdrs, generic_ret *objp) if (!xdr_kadm5_ret_t(xdrs, &objp->code)) { return (FALSE); } + + if( xdrs->x_op == XDR_ENCODE ) + { + char *tmp_str = "Unknown error code"; + if(!xdr_string(xdrs, objp->err_str?&objp->err_str:&tmp_str, (unsigned int)-1 )) { + return (FALSE); + } + } else { + if(!xdr_string(xdrs, &objp->err_str, (unsigned int)-1 )) { + return (FALSE); + } + } + return(TRUE); } @@ -626,6 +639,19 @@ xdr_gprincs_ret(XDR *xdrs, gprincs_ret *objp) return (FALSE); } } + + if( xdrs->x_op == XDR_ENCODE ) + { + char *tmp_str = "Unknown error code"; + if(!xdr_string(xdrs, objp->err_str?&objp->err_str:&tmp_str, (unsigned int)-1 )) { + return (FALSE); + } + } else { + if(!xdr_string(xdrs, &objp->err_str, (unsigned int)-1 )) { + return (FALSE); + } + } + return (TRUE); } @@ -785,7 +811,19 @@ xdr_chrand_ret(XDR *xdrs, chrand_ret *objp) return FALSE; } } - + + if( xdrs->x_op == XDR_ENCODE ) + { + char *tmp_str = "Unknown error code"; + if(!xdr_string(xdrs, objp->err_str?&objp->err_str:&tmp_str, (unsigned int)-1 )) { + return (FALSE); + } + } else { + if(!xdr_string(xdrs, &objp->err_str, (unsigned int)-1 )) { + return (FALSE); + } + } + return (TRUE); } @@ -826,6 +864,19 @@ xdr_gprinc_ret(XDR *xdrs, gprinc_ret *objp) } } } + + if( xdrs->x_op == XDR_ENCODE ) + { + char *tmp_str = "Unknown error code"; + if(!xdr_string(xdrs, objp->err_str?&objp->err_str:&tmp_str, (unsigned int)-1 )) { + return (FALSE); + } + } else { + if(!xdr_string(xdrs, &objp->err_str, (unsigned int)-1 )) { + return (FALSE); + } + } + return (TRUE); } @@ -896,6 +947,19 @@ xdr_gpol_ret(XDR *xdrs, gpol_ret *objp) if (!xdr_kadm5_policy_ent_rec(xdrs, &objp->rec)) return (FALSE); } + + if( xdrs->x_op == XDR_ENCODE ) + { + char *tmp_str = "Unknown error code"; + if(!xdr_string(xdrs, objp->err_str?&objp->err_str:&tmp_str, (unsigned int)-1 )) { + return (FALSE); + } + } else { + if(!xdr_string(xdrs, &objp->err_str, (unsigned int)-1 )) { + return (FALSE); + } + } + return (TRUE); } @@ -930,6 +994,19 @@ xdr_gpols_ret(XDR *xdrs, gpols_ret *objp) return (FALSE); } } + + if( xdrs->x_op == XDR_ENCODE ) + { + char *tmp_str = "Unknown error code"; + if(!xdr_string(xdrs, objp->err_str?&objp->err_str:&tmp_str, (unsigned int)-1 )) { + return (FALSE); + } + } else { + if(!xdr_string(xdrs, &objp->err_str, (unsigned int)-1 )) { + return (FALSE); + } + } + return (TRUE); } @@ -941,6 +1018,19 @@ bool_t xdr_getprivs_ret(XDR *xdrs, getprivs_ret *objp) if (! xdr_kadm5_ret_t(xdrs, &objp->code) || ! xdr_long(xdrs, &objp->privs)) return FALSE; + + if( xdrs->x_op == XDR_ENCODE ) + { + char *tmp_str = "Unknown error code"; + if(!xdr_string(xdrs, objp->err_str?&objp->err_str:&tmp_str, (unsigned int)-1 )) { + return (FALSE); + } + } else { + if(!xdr_string(xdrs, &objp->err_str, (unsigned int)-1 )) { + return (FALSE); + } + } + return TRUE; } diff --git a/src/lib/kadm5/ovsec_glue.c b/src/lib/kadm5/ovsec_glue.c index ce81893..750aa3f 100644 --- a/src/lib/kadm5/ovsec_glue.c +++ b/src/lib/kadm5/ovsec_glue.c @@ -6,10 +6,11 @@ ovsec_kadm_ret_t ovsec_kadm_init_with_password(char *client_name, char *pass, char *realm, krb5_ui_4 struct_version, krb5_ui_4 api_version, + char **db_args, void **server_handle) { return kadm5_init_with_password(client_name, pass, service_name, - realm, struct_version, api_version, + realm, struct_version, api_version, db_args, server_handle); } @@ -18,10 +19,11 @@ ovsec_kadm_ret_t ovsec_kadm_init_with_skey(char *client_name, char *keytab, char *realm, krb5_ui_4 struct_version, krb5_ui_4 api_version, + char **db_args, void **server_handle) { return kadm5_init_with_skey(client_name, keytab, service_name, realm, - struct_version, api_version, + struct_version, api_version, db_args, server_handle); } @@ -30,10 +32,11 @@ ovsec_kadm_ret_t ovsec_kadm_init(char *client_name, char *from_stash, char *realm, krb5_ui_4 struct_version, krb5_ui_4 api_version, + char **db_args, void **server_handle) { return kadm5_init(client_name, from_stash, service_name, - realm, struct_version, api_version, + realm, struct_version, api_version, db_args, server_handle); } diff --git a/src/lib/kadm5/server_internal.h b/src/lib/kadm5/server_internal.h index 7792d0a..33d6593 100644 --- a/src/lib/kadm5/server_internal.h +++ b/src/lib/kadm5/server_internal.h @@ -21,7 +21,6 @@ #include <krb5/kdb.h> #include <kadm5/admin.h> #include "admin_internal.h" -#include "adb.h" typedef struct _kadm5_server_handle_t { krb5_ui_4 magic_number; @@ -31,9 +30,26 @@ typedef struct _kadm5_server_handle_t { krb5_principal current_caller; kadm5_config_params params; struct _kadm5_server_handle_t *lhandle; - osa_adb_policy_t policy_db; + char **db_args; } kadm5_server_handle_rec, *kadm5_server_handle_t; +#define OSA_ADB_PRINC_VERSION_1 0x12345C01 + +typedef struct _osa_pw_hist_t { + int n_key_data; + krb5_key_data *key_data; +} osa_pw_hist_ent, *osa_pw_hist_t; + typedef struct _osa_princ_ent_t { + int version; + char *policy; + long aux_attributes; + unsigned int old_key_len; + unsigned int old_key_next; + krb5_kvno admin_history_kvno; + osa_pw_hist_ent *old_keys; +} osa_princ_ent_rec, *osa_princ_ent_t; + + kadm5_ret_t adb_policy_init(kadm5_server_handle_t handle); kadm5_ret_t adb_policy_close(kadm5_server_handle_t handle); kadm5_ret_t passwd_check(kadm5_server_handle_t handle, @@ -55,6 +71,7 @@ krb5_error_code kdb_put_entry(kadm5_server_handle_t handle, krb5_error_code kdb_delete_entry(kadm5_server_handle_t handle, krb5_principal name); krb5_error_code kdb_iter_entry(kadm5_server_handle_t handle, + char *match_entry, void (*iter_fct)(void *, krb5_principal), void *data); @@ -115,4 +132,9 @@ extern krb5_principal current_caller; KADM5_NEW_SERVER_API_VERSION) \ SERVER_CHECK_HANDLE(handle) +bool_t xdr_osa_princ_ent_rec(XDR *xdrs, osa_princ_ent_t objp); + +void +osa_free_princ_ent(osa_princ_ent_t val); + #endif /* __KADM5_SERVER_INTERNAL_H__ */ diff --git a/src/lib/kadm5/srv/ChangeLog b/src/lib/kadm5/srv/ChangeLog index eeba868..c885bc6 100644 --- a/src/lib/kadm5/srv/ChangeLog +++ b/src/lib/kadm5/srv/ChangeLog @@ -1,3 +1,18 @@ +2005-06-20 Ken Raeburn <raeburn@mit.edu> + + Novell merge. + * Makefile.in: + * adb_free.c: + * adb_openclose.c: + * adb_policy.c: + * adb_xdr.c: + * server_init.c: + * server_kdb.c: + * server_misc.c: + * svr_iters.c: + * svr_policy.c: + * svr_principal.c: + 2004-12-20 Tom Yu <tlyu@mit.edu> * svr_principal.c (add_to_history): Rewrite somewhat, using diff --git a/src/lib/kadm5/srv/Makefile.in b/src/lib/kadm5/srv/Makefile.in index 66de263..6a159ff 100644 --- a/src/lib/kadm5/srv/Makefile.in +++ b/src/lib/kadm5/srv/Makefile.in @@ -35,10 +35,7 @@ SRCS = $(srcdir)/svr_policy.c \ $(srcdir)/server_dict.c \ $(srcdir)/svr_iters.c \ $(srcdir)/svr_chpass_util.c \ - $(srcdir)/adb_xdr.c \ - $(srcdir)/adb_policy.c \ - $(srcdir)/adb_free.c \ - $(srcdir)/adb_openclose.c + $(srcdir)/adb_xdr.c OBJS = svr_policy.$(OBJEXT) \ svr_principal.$(OBJEXT) \ @@ -49,10 +46,7 @@ OBJS = svr_policy.$(OBJEXT) \ server_dict.$(OBJEXT) \ svr_iters.$(OBJEXT) \ svr_chpass_util.$(OBJEXT) \ - adb_xdr.$(OBJEXT) \ - adb_policy.$(OBJEXT) \ - adb_free.$(OBJEXT) \ - adb_openclose.$(OBJEXT) + adb_xdr.$(OBJEXT) STLIBOBJS = \ svr_policy.o \ @@ -64,10 +58,7 @@ STLIBOBJS = \ server_dict.o \ svr_iters.o \ svr_chpass_util.o \ - adb_xdr.o \ - adb_policy.o \ - adb_free.o \ - adb_openclose.o + adb_xdr.o all-unix:: includes all-unix:: all-liblinks @@ -115,10 +106,8 @@ svr_policy.so svr_policy.po $(OUTPRE)svr_policy.$(OBJEXT): \ $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \ $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/socket-utils.h \ $(SRCTOP)/include/krb5/kdb.h $(BUILDTOP)/include/kadm5/kadm_err.h \ - $(BUILDTOP)/include/kadm5/adb_err.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \ - $(BUILDTOP)/include/kadm5/adb.h $(SRCTOP)/include/krb5/kdb.h \ - $(DB_DEPS) $(BUILDTOP)/include/kadm5/server_internal.h \ - $(BUILDTOP)/include/kadm5/admin_internal.h $(BUILDTOP)/include/kadm5/adb.h + $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/server_internal.h \ + $(SRCTOP)/include/krb5/kdb.h $(BUILDTOP)/include/kadm5/admin_internal.h svr_principal.so svr_principal.po $(OUTPRE)svr_principal.$(OBJEXT): \ svr_principal.c $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/gssrpc/rpc.h \ $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/gssrpc/rename.h \ @@ -133,10 +122,8 @@ svr_principal.so svr_principal.po $(OUTPRE)svr_principal.$(OBJEXT): \ $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \ $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/socket-utils.h \ $(SRCTOP)/include/krb5/kdb.h $(BUILDTOP)/include/kadm5/kadm_err.h \ - $(BUILDTOP)/include/kadm5/adb_err.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \ - $(BUILDTOP)/include/kadm5/adb.h $(SRCTOP)/include/krb5/kdb.h \ - $(DB_DEPS) $(BUILDTOP)/include/kadm5/server_internal.h \ - $(BUILDTOP)/include/kadm5/admin_internal.h $(BUILDTOP)/include/kadm5/adb.h + $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(SRCTOP)/include/krb5/kdb.h \ + $(BUILDTOP)/include/kadm5/server_internal.h $(BUILDTOP)/include/kadm5/admin_internal.h server_acl.so server_acl.po $(OUTPRE)server_acl.$(OBJEXT): \ server_acl.c $(SRCTOP)/include/syslog.h $(BUILDTOP)/include/gssapi/gssapi_generic.h \ $(BUILDTOP)/include/gssapi/gssapi.h $(SRCTOP)/include/k5-int.h \ @@ -154,9 +141,8 @@ server_acl.so server_acl.po $(OUTPRE)server_acl.$(OBJEXT): \ $(BUILDTOP)/include/gssrpc/auth_unix.h $(BUILDTOP)/include/gssrpc/auth_gss.h \ $(BUILDTOP)/include/gssrpc/svc_auth.h $(BUILDTOP)/include/gssrpc/svc.h \ $(BUILDTOP)/include/krb5.h $(SRCTOP)/include/k5-int.h \ - $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/adb_err.h \ - $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/admin_internal.h \ - $(BUILDTOP)/include/kadm5/adb.h $(DB_DEPS) $(SRCTOP)/include/krb5/adm_proto.h \ + $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \ + $(BUILDTOP)/include/kadm5/admin_internal.h $(SRCTOP)/include/krb5/adm_proto.h \ server_acl.h server_kdb.so server_kdb.po $(OUTPRE)server_kdb.$(OBJEXT): \ server_kdb.c $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/krb5/osconf.h \ @@ -173,10 +159,8 @@ server_kdb.so server_kdb.po $(OUTPRE)server_kdb.$(OBJEXT): \ $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/svc_auth.h \ $(BUILDTOP)/include/gssrpc/svc.h $(BUILDTOP)/include/krb5.h \ $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/kadm5/kadm_err.h \ - $(BUILDTOP)/include/kadm5/adb_err.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \ - $(BUILDTOP)/include/kadm5/server_internal.h $(SRCTOP)/include/krb5/kdb.h \ - $(BUILDTOP)/include/kadm5/admin_internal.h $(BUILDTOP)/include/kadm5/adb.h \ - $(DB_DEPS) + $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/server_internal.h \ + $(SRCTOP)/include/krb5/kdb.h $(BUILDTOP)/include/kadm5/admin_internal.h server_misc.so server_misc.po $(OUTPRE)server_misc.$(OBJEXT): \ server_misc.c $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/krb5/osconf.h \ $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/k5-platform.h \ @@ -184,18 +168,17 @@ server_misc.so server_misc.po $(OUTPRE)server_misc.$(OBJEXT): \ $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h \ $(SRCTOP)/include/port-sockets.h $(BUILDTOP)/include/krb5/autoconf.h \ $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \ - $(SRCTOP)/include/krb5/kdb.h $(BUILDTOP)/include/kadm5/adb.h \ - $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/gssrpc/rename.h \ - $(SRCTOP)/include/k5-int.h $(DB_DEPS) $(BUILDTOP)/include/kadm5/admin.h \ - $(BUILDTOP)/include/gssrpc/rpc.h $(BUILDTOP)/include/gssrpc/xdr.h \ + $(SRCTOP)/include/krb5/kdb.h $(BUILDTOP)/include/kadm5/server_internal.h \ + $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/kadm5/admin.h \ + $(BUILDTOP)/include/gssrpc/rpc.h $(BUILDTOP)/include/gssrpc/types.h \ + $(BUILDTOP)/include/gssrpc/rename.h $(BUILDTOP)/include/gssrpc/xdr.h \ $(BUILDTOP)/include/gssrpc/auth.h $(BUILDTOP)/include/gssrpc/clnt.h \ $(BUILDTOP)/include/gssrpc/rpc_msg.h $(BUILDTOP)/include/gssrpc/auth_unix.h \ $(BUILDTOP)/include/gssrpc/auth_gss.h $(BUILDTOP)/include/gssapi/gssapi.h \ $(BUILDTOP)/include/gssrpc/svc_auth.h $(BUILDTOP)/include/gssrpc/svc.h \ $(BUILDTOP)/include/krb5.h $(SRCTOP)/include/k5-int.h \ - $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/adb_err.h \ - $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/server_internal.h \ - $(BUILDTOP)/include/kadm5/admin_internal.h $(BUILDTOP)/include/kadm5/adb.h + $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \ + $(BUILDTOP)/include/kadm5/admin_internal.h server_init.so server_init.po $(OUTPRE)server_init.$(OBJEXT): \ server_init.c $(COM_ERR_DEPS) $(BUILDTOP)/include/kadm5/admin.h \ $(BUILDTOP)/include/gssrpc/rpc.h $(BUILDTOP)/include/gssrpc/types.h \ @@ -210,10 +193,9 @@ server_init.so server_init.po $(OUTPRE)server_init.$(OBJEXT): \ $(SRCTOP)/include/k5-thread.h $(BUILDTOP)/include/profile.h \ $(SRCTOP)/include/port-sockets.h $(BUILDTOP)/include/krb5/autoconf.h \ $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \ - $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/adb_err.h \ - $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/server_internal.h \ - $(SRCTOP)/include/krb5/kdb.h $(BUILDTOP)/include/kadm5/admin_internal.h \ - $(BUILDTOP)/include/kadm5/adb.h $(DB_DEPS) + $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \ + $(BUILDTOP)/include/kadm5/server_internal.h $(SRCTOP)/include/krb5/kdb.h \ + $(BUILDTOP)/include/kadm5/admin_internal.h server_dict.so server_dict.po $(OUTPRE)server_dict.$(OBJEXT): \ server_dict.c $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/gssrpc/rpc.h \ $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/gssrpc/rename.h \ @@ -228,11 +210,9 @@ server_dict.so server_dict.po $(OUTPRE)server_dict.$(OBJEXT): \ $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \ $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/socket-utils.h \ $(SRCTOP)/include/krb5/kdb.h $(BUILDTOP)/include/kadm5/kadm_err.h \ - $(BUILDTOP)/include/kadm5/adb_err.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \ - $(SRCTOP)/include/krb5/adm_proto.h $(SRCTOP)/include/syslog.h \ - $(BUILDTOP)/include/kadm5/server_internal.h $(SRCTOP)/include/krb5/kdb.h \ - $(BUILDTOP)/include/kadm5/admin_internal.h $(BUILDTOP)/include/kadm5/adb.h \ - $(DB_DEPS) + $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(SRCTOP)/include/krb5/adm_proto.h \ + $(SRCTOP)/include/syslog.h $(BUILDTOP)/include/kadm5/server_internal.h \ + $(SRCTOP)/include/krb5/kdb.h $(BUILDTOP)/include/kadm5/admin_internal.h svr_iters.so svr_iters.po $(OUTPRE)svr_iters.$(OBJEXT): \ svr_iters.c $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/gssrpc/rpc.h \ $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/gssrpc/rename.h \ @@ -247,10 +227,8 @@ svr_iters.so svr_iters.po $(OUTPRE)svr_iters.$(OBJEXT): \ $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \ $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/socket-utils.h \ $(SRCTOP)/include/krb5/kdb.h $(BUILDTOP)/include/kadm5/kadm_err.h \ - $(BUILDTOP)/include/kadm5/adb_err.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \ - $(BUILDTOP)/include/kadm5/adb.h $(SRCTOP)/include/krb5/kdb.h \ - $(DB_DEPS) $(BUILDTOP)/include/kadm5/server_internal.h \ - $(BUILDTOP)/include/kadm5/admin_internal.h $(BUILDTOP)/include/kadm5/adb.h + $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/server_internal.h \ + $(SRCTOP)/include/krb5/kdb.h $(BUILDTOP)/include/kadm5/admin_internal.h svr_chpass_util.so svr_chpass_util.po $(OUTPRE)svr_chpass_util.$(OBJEXT): \ svr_chpass_util.c $(BUILDTOP)/include/kadm5/admin.h \ $(BUILDTOP)/include/gssrpc/rpc.h $(BUILDTOP)/include/gssrpc/types.h \ @@ -265,10 +243,9 @@ svr_chpass_util.so svr_chpass_util.po $(OUTPRE)svr_chpass_util.$(OBJEXT): \ $(SRCTOP)/include/k5-thread.h $(BUILDTOP)/include/profile.h \ $(SRCTOP)/include/port-sockets.h $(BUILDTOP)/include/krb5/autoconf.h \ $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \ - $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/adb_err.h \ - $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/server_internal.h \ - $(SRCTOP)/include/krb5/kdb.h $(BUILDTOP)/include/kadm5/admin_internal.h \ - $(BUILDTOP)/include/kadm5/adb.h $(DB_DEPS) + $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \ + $(BUILDTOP)/include/kadm5/server_internal.h $(SRCTOP)/include/krb5/kdb.h \ + $(BUILDTOP)/include/kadm5/admin_internal.h adb_xdr.so adb_xdr.po $(OUTPRE)adb_xdr.$(OBJEXT): adb_xdr.c \ $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(BUILDTOP)/include/gssrpc/rpc.h \ $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/gssrpc/rename.h \ @@ -276,65 +253,14 @@ adb_xdr.so adb_xdr.po $(OUTPRE)adb_xdr.$(OBJEXT): adb_xdr.c \ $(BUILDTOP)/include/gssrpc/clnt.h $(BUILDTOP)/include/gssrpc/rpc_msg.h \ $(BUILDTOP)/include/gssrpc/auth_unix.h $(BUILDTOP)/include/gssrpc/auth_gss.h \ $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/svc_auth.h \ - $(BUILDTOP)/include/gssrpc/svc.h $(BUILDTOP)/include/kadm5/adb.h \ + $(BUILDTOP)/include/gssrpc/svc.h $(BUILDTOP)/include/kadm5/server_internal.h \ $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/krb5/osconf.h \ $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/k5-platform.h \ $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/k5-thread.h \ $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \ $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/socket-utils.h \ $(SRCTOP)/include/krb5/kdb.h $(SRCTOP)/include/krb5/kdb.h \ - $(DB_DEPS) $(BUILDTOP)/include/kadm5/admin.h $(SRCTOP)/include/k5-int.h \ - $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/adb_err.h \ - $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/admin_xdr.h \ - $(BUILDTOP)/include/kadm5/kadm_rpc.h -adb_policy.so adb_policy.po $(OUTPRE)adb_policy.$(OBJEXT): \ - adb_policy.c $(BUILDTOP)/include/kadm5/adb.h $(BUILDTOP)/include/gssrpc/types.h \ - $(BUILDTOP)/include/gssrpc/rename.h $(SRCTOP)/include/k5-int.h \ - $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \ - $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5/autoconf.h \ - $(SRCTOP)/include/k5-thread.h $(BUILDTOP)/include/krb5.h \ - $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \ - $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/socket-utils.h \ - $(SRCTOP)/include/krb5/kdb.h $(SRCTOP)/include/krb5/kdb.h \ - $(DB_DEPS) $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/gssrpc/rpc.h \ - $(BUILDTOP)/include/gssrpc/xdr.h $(BUILDTOP)/include/gssrpc/auth.h \ - $(BUILDTOP)/include/gssrpc/clnt.h $(BUILDTOP)/include/gssrpc/rpc_msg.h \ - $(BUILDTOP)/include/gssrpc/auth_unix.h $(BUILDTOP)/include/gssrpc/auth_gss.h \ - $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/svc_auth.h \ - $(BUILDTOP)/include/gssrpc/svc.h $(BUILDTOP)/include/krb5.h \ - $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/kadm5/kadm_err.h \ - $(BUILDTOP)/include/kadm5/adb_err.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h -adb_free.so adb_free.po $(OUTPRE)adb_free.$(OBJEXT): \ - adb_free.c $(BUILDTOP)/include/kadm5/adb.h $(BUILDTOP)/include/gssrpc/types.h \ - $(BUILDTOP)/include/gssrpc/rename.h $(SRCTOP)/include/k5-int.h \ - $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \ - $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5/autoconf.h \ - $(SRCTOP)/include/k5-thread.h $(BUILDTOP)/include/krb5.h \ - $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \ - $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/socket-utils.h \ - $(SRCTOP)/include/krb5/kdb.h $(SRCTOP)/include/krb5/kdb.h \ - $(DB_DEPS) $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/gssrpc/rpc.h \ - $(BUILDTOP)/include/gssrpc/xdr.h $(BUILDTOP)/include/gssrpc/auth.h \ - $(BUILDTOP)/include/gssrpc/clnt.h $(BUILDTOP)/include/gssrpc/rpc_msg.h \ - $(BUILDTOP)/include/gssrpc/auth_unix.h $(BUILDTOP)/include/gssrpc/auth_gss.h \ - $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/svc_auth.h \ - $(BUILDTOP)/include/gssrpc/svc.h $(BUILDTOP)/include/krb5.h \ - $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/kadm5/kadm_err.h \ - $(BUILDTOP)/include/kadm5/adb_err.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h -adb_openclose.so adb_openclose.po $(OUTPRE)adb_openclose.$(OBJEXT): \ - adb_openclose.c $(BUILDTOP)/include/kadm5/adb.h $(BUILDTOP)/include/gssrpc/types.h \ - $(BUILDTOP)/include/gssrpc/rename.h $(SRCTOP)/include/k5-int.h \ - $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \ - $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5/autoconf.h \ - $(SRCTOP)/include/k5-thread.h $(BUILDTOP)/include/krb5.h \ - $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \ - $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/socket-utils.h \ - $(SRCTOP)/include/krb5/kdb.h $(SRCTOP)/include/krb5/kdb.h \ - $(DB_DEPS) $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/gssrpc/rpc.h \ - $(BUILDTOP)/include/gssrpc/xdr.h $(BUILDTOP)/include/gssrpc/auth.h \ - $(BUILDTOP)/include/gssrpc/clnt.h $(BUILDTOP)/include/gssrpc/rpc_msg.h \ - $(BUILDTOP)/include/gssrpc/auth_unix.h $(BUILDTOP)/include/gssrpc/auth_gss.h \ - $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/svc_auth.h \ - $(BUILDTOP)/include/gssrpc/svc.h $(BUILDTOP)/include/krb5.h \ - $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/kadm5/kadm_err.h \ - $(BUILDTOP)/include/kadm5/adb_err.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h + $(BUILDTOP)/include/kadm5/admin.h $(SRCTOP)/include/k5-int.h \ + $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \ + $(BUILDTOP)/include/kadm5/admin_internal.h $(BUILDTOP)/include/kadm5/admin_xdr.h \ + $(BUILDTOP)/include/kadm5/kadm_rpc.h $(BUILDTOP)/include/kadm5/server_internal.h diff --git a/src/lib/kadm5/srv/adb_free.c b/src/lib/kadm5/srv/adb_free.c deleted file mode 100644 index cfc107d..0000000 --- a/src/lib/kadm5/srv/adb_free.c +++ /dev/null @@ -1,85 +0,0 @@ -/* - * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved - * - * $Header$ - * - * $Log$ - * Revision 1.3 2000/06/01 02:02:03 tritan - * Check for existance of <memory.h>. - * (from Nathan Neulinger <nneul@umr.edu>) - * - * Revision 1.2 1996/10/18 19:45:49 bjaspan - * * svr_misc_free.c, server_dict.c, adb_policy.c, adb_free.c: - * include stdlib.h instead of malloc.h [krb5-admin/35] - * - * Revision 1.1 1996/07/24 22:23:09 tlyu - * * Makefile.in, configure.in: break out server lib into a - * subdirectory - * - * Revision 1.8 1996/07/22 20:35:16 marc - * this commit includes all the changes on the OV_9510_INTEGRATION and - * OV_MERGE branches. This includes, but is not limited to, the new openvision - * admin system, and major changes to gssapi to add functionality, and bring - * the implementation in line with rfc1964. before committing, the - * code was built and tested for netbsd and solaris. - * - * Revision 1.7.4.1 1996/07/18 03:08:07 marc - * merged in changes from OV_9510_BP to OV_9510_FINAL1 - * - * Revision 1.7.2.1 1996/06/20 02:16:25 marc - * File added to the repository on a branch - * - * Revision 1.7 1996/05/12 06:21:57 marc - * don't use <absolute paths> for "internal header files" - * - * Revision 1.6 1993/12/13 21:15:56 shanzer - * fixed memory leak - * ., - * - * Revision 1.5 1993/12/06 22:20:37 marc - * fixup free functions to use xdr to free the underlying struct - * - * Revision 1.4 1993/11/15 00:29:46 shanzer - * check to make sure pointers are somewhat vaid before freeing. - * - * Revision 1.3 1993/11/09 04:02:24 shanzer - * added some includefiles - * changed bzero to memset - * - * Revision 1.2 1993/11/04 01:54:24 shanzer - * added rcs header .. - * - */ - -#if !defined(lint) && !defined(__CODECENTER__) -static char *rcsid = "$Header$"; -#endif - -#include "adb.h" -#ifdef HAVE_MEMORY_H -#include <memory.h> -#endif -#include <stdlib.h> - -void -osa_free_princ_ent(osa_princ_ent_t val) -{ - XDR xdrs; - - xdrmem_create(&xdrs, NULL, 0, XDR_FREE); - - xdr_osa_princ_ent_rec(&xdrs, val); - free(val); -} - -void -osa_free_policy_ent(osa_policy_ent_t val) -{ - XDR xdrs; - - xdrmem_create(&xdrs, NULL, 0, XDR_FREE); - - xdr_osa_policy_ent_rec(&xdrs, val); - free(val); -} - diff --git a/src/lib/kadm5/srv/adb_openclose.c b/src/lib/kadm5/srv/adb_openclose.c deleted file mode 100644 index 7bb671e..0000000 --- a/src/lib/kadm5/srv/adb_openclose.c +++ /dev/null @@ -1,410 +0,0 @@ -/* - * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved - * - * $Header$ - */ - -#if !defined(lint) && !defined(__CODECENTER__) -static char *rcsid = "$Header$"; -#endif - -#include <sys/file.h> -#include <fcntl.h> -#include <unistd.h> -#include "adb.h" -#include <stdlib.h> - -#define MAX_LOCK_TRIES 5 - -struct _locklist { - osa_adb_lock_ent lockinfo; - struct _locklist *next; -}; - -osa_adb_ret_t osa_adb_create_db(char *filename, char *lockfilename, - int magic) -{ - int lf; - DB *db; - BTREEINFO btinfo; - - memset(&btinfo, 0, sizeof(btinfo)); - btinfo.flags = 0; - btinfo.cachesize = 0; - btinfo.psize = 4096; - btinfo.lorder = 0; - btinfo.minkeypage = 0; - btinfo.compare = NULL; - btinfo.prefix = NULL; - db = dbopen(filename, O_RDWR | O_CREAT | O_EXCL, 0600, DB_BTREE, &btinfo); - if (db == NULL) - return errno; - if (db->close(db) < 0) - return errno; - - /* only create the lock file if we successfully created the db */ - lf = THREEPARAMOPEN(lockfilename, O_RDWR | O_CREAT | O_EXCL, 0600); - if (lf == -1) - return errno; - (void) close(lf); - - return OSA_ADB_OK; -} - -osa_adb_ret_t osa_adb_destroy_db(char *filename, char *lockfilename, - int magic) -{ - /* the admin databases do not contain security-critical data */ - if (unlink(filename) < 0 || - unlink(lockfilename) < 0) - return errno; - return OSA_ADB_OK; -} - -osa_adb_ret_t osa_adb_rename_db(char *filefrom, char *lockfrom, - char *fileto, char *lockto, int magic) -{ - osa_adb_db_t fromdb, todb; - osa_adb_ret_t ret; - - /* make sure todb exists */ - if ((ret = osa_adb_create_db(fileto, lockto, magic)) && - ret != EEXIST) - return ret; - - if ((ret = osa_adb_init_db(&fromdb, filefrom, lockfrom, magic))) - return ret; - if ((ret = osa_adb_init_db(&todb, fileto, lockto, magic))) { - (void) osa_adb_fini_db(fromdb, magic); - return ret; - } - if ((ret = osa_adb_get_lock(fromdb, OSA_ADB_PERMANENT))) { - (void) osa_adb_fini_db(fromdb, magic); - (void) osa_adb_fini_db(todb, magic); - return ret; - } - if ((ret = osa_adb_get_lock(todb, OSA_ADB_PERMANENT))) { - (void) osa_adb_fini_db(fromdb, magic); - (void) osa_adb_fini_db(todb, magic); - return ret; - } - if ((rename(filefrom, fileto) < 0)) { - (void) osa_adb_fini_db(fromdb, magic); - (void) osa_adb_fini_db(todb, magic); - return errno; - } - /* - * Do not release the lock on fromdb because it is being renamed - * out of existence; no one can ever use it again. - */ - if ((ret = osa_adb_release_lock(todb))) { - (void) osa_adb_fini_db(fromdb, magic); - (void) osa_adb_fini_db(todb, magic); - return ret; - } - - (void) osa_adb_fini_db(fromdb, magic); - (void) osa_adb_fini_db(todb, magic); - return 0; -} - -osa_adb_ret_t osa_adb_init_db(osa_adb_db_t *dbp, char *filename, - char *lockfilename, int magic) -{ - osa_adb_db_t db; - static struct _locklist *locklist = NULL; - struct _locklist *lockp; - krb5_error_code code; - - if (dbp == NULL || filename == NULL) - return EINVAL; - - db = (osa_adb_princ_t) malloc(sizeof(osa_adb_db_ent)); - if (db == NULL) - return ENOMEM; - - memset(db, 0, sizeof(*db)); - db->info.hash = NULL; - db->info.bsize = 256; - db->info.ffactor = 8; - db->info.nelem = 25000; - db->info.lorder = 0; - - db->btinfo.flags = 0; - db->btinfo.cachesize = 0; - db->btinfo.psize = 4096; - db->btinfo.lorder = 0; - db->btinfo.minkeypage = 0; - db->btinfo.compare = NULL; - db->btinfo.prefix = NULL; - /* - * A process is allowed to open the same database multiple times - * and access it via different handles. If the handles use - * distinct lockinfo structures, things get confused: lock(A), - * lock(B), release(B) will result in the kernel unlocking the - * lock file but handle A will still think the file is locked. - * Therefore, all handles using the same lock file must share a - * single lockinfo structure. - * - * It is not sufficient to have a single lockinfo structure, - * however, because a single process may also wish to open - * multiple different databases simultaneously, with different - * lock files. This code used to use a single static lockinfo - * structure, which means that the second database opened used - * the first database's lock file. This was Bad. - * - * We now maintain a linked list of lockinfo structures, keyed by - * lockfilename. An entry is added when this function is called - * with a new lockfilename, and all subsequent calls with that - * lockfilename use the existing entry, updating the refcnt. - * When the database is closed with fini_db(), the refcnt is - * decremented, and when it is zero the lockinfo structure is - * freed and reset. The entry in the linked list, however, is - * never removed; it will just be reinitialized the next time - * init_db is called with the right lockfilename. - */ - - /* find or create the lockinfo structure for lockfilename */ - lockp = locklist; - while (lockp) { - if (strcmp(lockp->lockinfo.filename, lockfilename) == 0) - break; - else - lockp = lockp->next; - } - if (lockp == NULL) { - /* doesn't exist, create it, add to list */ - lockp = (struct _locklist *) malloc(sizeof(*lockp)); - if (lockp == NULL) { - free(db); - return ENOMEM; - } - memset(lockp, 0, sizeof(*lockp)); - lockp->next = locklist; - locklist = lockp; - } - - /* now initialize lockp->lockinfo if necessary */ - if (lockp->lockinfo.lockfile == NULL) { - if ((code = krb5_init_context(&lockp->lockinfo.context))) { - free(db); - return((osa_adb_ret_t) code); - } - - /* - * needs be open read/write so that write locking can work with - * POSIX systems - */ - lockp->lockinfo.filename = strdup(lockfilename); - if ((lockp->lockinfo.lockfile = fopen(lockfilename, "r+")) == NULL) { - /* - * maybe someone took away write permission so we could only - * get shared locks? - */ - if ((lockp->lockinfo.lockfile = fopen(lockfilename, "r")) - == NULL) { - free(db); - return OSA_ADB_NOLOCKFILE; - } - } - lockp->lockinfo.lockmode = lockp->lockinfo.lockcnt = 0; - } - - /* lockp is set, lockinfo is initialized, update the reference count */ - db->lock = &lockp->lockinfo; - db->lock->refcnt++; - - db->opencnt = 0; - db->filename = strdup(filename); - db->magic = magic; - - *dbp = db; - - return OSA_ADB_OK; -} - -osa_adb_ret_t osa_adb_fini_db(osa_adb_db_t db, int magic) -{ - if (db->magic != magic) - return EINVAL; - if (db->lock->refcnt == 0) { - /* barry says this can't happen */ - return OSA_ADB_FAILURE; - } else { - db->lock->refcnt--; - } - - if (db->lock->refcnt == 0) { - /* - * Don't free db->lock->filename, it is used as a key to - * find the lockinfo entry in the linked list. If the - * lockfile doesn't exist, we must be closing the database - * after trashing it. This has to be allowed, so don't - * generate an error. - */ - if (db->lock->lockmode != OSA_ADB_PERMANENT) - (void) fclose(db->lock->lockfile); - db->lock->lockfile = NULL; - krb5_free_context(db->lock->context); - } - - db->magic = 0; - free(db->filename); - free(db); - return OSA_ADB_OK; -} - -osa_adb_ret_t osa_adb_get_lock(osa_adb_db_t db, int mode) -{ - int tries, gotlock, perm, krb5_mode, ret; - - if (db->lock->lockmode >= mode) { - /* No need to upgrade lock, just incr refcnt and return */ - db->lock->lockcnt++; - return(OSA_ADB_OK); - } - - perm = 0; - switch (mode) { - case OSA_ADB_PERMANENT: - perm = 1; - case OSA_ADB_EXCLUSIVE: - krb5_mode = KRB5_LOCKMODE_EXCLUSIVE; - break; - case OSA_ADB_SHARED: - krb5_mode = KRB5_LOCKMODE_SHARED; - break; - default: - return(EINVAL); - } - - for (gotlock = tries = 0; tries < MAX_LOCK_TRIES; tries++) { - if ((ret = krb5_lock_file(db->lock->context, - fileno(db->lock->lockfile), - krb5_mode|KRB5_LOCKMODE_DONTBLOCK)) == 0) { - gotlock++; - break; - } else if (ret == EBADF && mode == OSA_ADB_EXCLUSIVE) - /* tried to exclusive-lock something we don't have */ - /* write access to */ - return OSA_ADB_NOEXCL_PERM; - - sleep(1); - } - - /* test for all the likely "can't get lock" error codes */ - if (ret == EACCES || ret == EAGAIN || ret == EWOULDBLOCK) - return OSA_ADB_CANTLOCK_DB; - else if (ret != 0) - return ret; - - /* - * If the file no longer exists, someone acquired a permanent - * lock. If that process terminates its exclusive lock is lost, - * but if we already had the file open we can (probably) lock it - * even though it has been unlinked. So we need to insist that - * it exist. - */ - if (access(db->lock->filename, F_OK) < 0) { - (void) krb5_lock_file(db->lock->context, - fileno(db->lock->lockfile), - KRB5_LOCKMODE_UNLOCK); - return OSA_ADB_NOLOCKFILE; - } - - /* we have the shared/exclusive lock */ - - if (perm) { - if (unlink(db->lock->filename) < 0) { - /* somehow we can't delete the file, but we already */ - /* have the lock, so release it and return */ - - ret = errno; - (void) krb5_lock_file(db->lock->context, - fileno(db->lock->lockfile), - KRB5_LOCKMODE_UNLOCK); - - /* maybe we should return CANTLOCK_DB.. but that would */ - /* look just like the db was already locked */ - return ret; - } - - /* this releases our exclusive lock.. which is okay because */ - /* now no one else can get one either */ - (void) fclose(db->lock->lockfile); - } - - db->lock->lockmode = mode; - db->lock->lockcnt++; - return OSA_ADB_OK; -} - -osa_adb_ret_t osa_adb_release_lock(osa_adb_db_t db) -{ - int ret, fd; - - if (!db->lock->lockcnt) /* lock already unlocked */ - return OSA_ADB_NOTLOCKED; - - if (--db->lock->lockcnt == 0) { - if (db->lock->lockmode == OSA_ADB_PERMANENT) { - /* now we need to create the file since it does not exist */ - fd = THREEPARAMOPEN(db->lock->filename,O_RDWR | O_CREAT | O_EXCL, - 0600); - if ((db->lock->lockfile = fdopen(fd, "w+")) == NULL) - return OSA_ADB_NOLOCKFILE; - } else if ((ret = krb5_lock_file(db->lock->context, - fileno(db->lock->lockfile), - KRB5_LOCKMODE_UNLOCK))) - return ret; - - db->lock->lockmode = 0; - } - return OSA_ADB_OK; -} - -osa_adb_ret_t osa_adb_open_and_lock(osa_adb_princ_t db, int locktype) -{ - int ret; - - ret = osa_adb_get_lock(db, locktype); - if (ret != OSA_ADB_OK) - return ret; - if (db->opencnt) - goto open_ok; - - db->db = dbopen(db->filename, O_RDWR, 0600, DB_BTREE, &db->btinfo); - if (db->db != NULL) - goto open_ok; - switch (errno) { -#ifdef EFTYPE - case EFTYPE: -#endif - case EINVAL: - db->db = dbopen(db->filename, O_RDWR, 0600, DB_HASH, &db->info); - if (db->db != NULL) - goto open_ok; - default: - (void) osa_adb_release_lock(db); - if (errno == EINVAL) - return OSA_ADB_BAD_DB; - return errno; - } -open_ok: - db->opencnt++; - return OSA_ADB_OK; -} - -osa_adb_ret_t osa_adb_close_and_unlock(osa_adb_princ_t db) -{ - if (--db->opencnt) - return osa_adb_release_lock(db); - if(db->db != NULL && db->db->close(db->db) == -1) { - (void) osa_adb_release_lock(db); - return OSA_ADB_FAILURE; - } - - db->db = NULL; - - return(osa_adb_release_lock(db)); -} diff --git a/src/lib/kadm5/srv/adb_policy.c b/src/lib/kadm5/srv/adb_policy.c deleted file mode 100644 index f081551..0000000 --- a/src/lib/kadm5/srv/adb_policy.c +++ /dev/null @@ -1,410 +0,0 @@ -/* - * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved - * - * $Header$ - */ - -#if !defined(lint) && !defined(__CODECENTER__) -static char *rcsid = "$Header$"; -#endif - -#include <sys/file.h> -#include <fcntl.h> -#include "adb.h" -#include <stdlib.h> -#include <string.h> -#include <errno.h> - - -#define OPENLOCK(db, mode) \ -{ \ - int olret; \ - if (db == NULL) \ - return EINVAL; \ - else if (db->magic != OSA_ADB_POLICY_DB_MAGIC) \ - return OSA_ADB_DBINIT; \ - else if ((olret = osa_adb_open_and_lock(db, mode)) != OSA_ADB_OK) \ - return olret; \ - } - -#define CLOSELOCK(db) \ -{ \ - int cl_ret; \ - if ((cl_ret = osa_adb_close_and_unlock(db)) != OSA_ADB_OK) \ - return cl_ret; \ -} - -osa_adb_ret_t osa_adb_create_policy_db(kadm5_config_params *params) -{ - return osa_adb_create_db(params->admin_dbname, - params->admin_lockfile, - OSA_ADB_POLICY_DB_MAGIC); -} - -osa_adb_ret_t osa_adb_rename_policy_db(kadm5_config_params *fromparams, - kadm5_config_params *toparams) -{ - return osa_adb_rename_db(fromparams->admin_dbname, - fromparams->admin_lockfile, - toparams->admin_dbname, - toparams->admin_lockfile, - OSA_ADB_POLICY_DB_MAGIC); -} - -osa_adb_ret_t osa_adb_destroy_policy_db(kadm5_config_params *params) -{ - return osa_adb_destroy_db(params->admin_dbname, - params->admin_lockfile, - OSA_ADB_POLICY_DB_MAGIC); -} - -osa_adb_ret_t osa_adb_open_policy(osa_adb_princ_t *dbp, - kadm5_config_params *rparams) -{ - return osa_adb_init_db(dbp, rparams->admin_dbname, - rparams->admin_lockfile, - OSA_ADB_POLICY_DB_MAGIC); -} - -osa_adb_ret_t osa_adb_close_policy(osa_adb_princ_t db) -{ - return osa_adb_fini_db(db, OSA_ADB_POLICY_DB_MAGIC); -} - -/* - * Function: osa_adb_create_policy - * - * Purpose: create a policy entry in the policy db. - * - * Arguments: - * entry (input) pointer to the entry to be added - * <return value> OSA_ADB_OK on success, else error code. - * - * Requires: - * entry have a valid name. - * - * Effects: - * creates the entry in the db - * - * Modifies: - * the policy db. - * - */ -osa_adb_ret_t -osa_adb_create_policy(osa_adb_policy_t db, osa_policy_ent_t entry) -{ - DBT dbkey; - DBT dbdata; - XDR xdrs; - int ret; - - OPENLOCK(db, OSA_ADB_EXCLUSIVE); - - if(entry->name == NULL) { - ret = EINVAL; - goto error; - } - dbkey.data = entry->name; - dbkey.size = (strlen(entry->name) + 1); - - switch(db->db->get(db->db, &dbkey, &dbdata, 0)) { - case 0: - ret = OSA_ADB_DUP; - goto error; - case 1: - break; - default: - ret = errno; - goto error; - } - xdralloc_create(&xdrs, XDR_ENCODE); - if(!xdr_osa_policy_ent_rec(&xdrs, entry)) { - xdr_destroy(&xdrs); - ret = OSA_ADB_XDR_FAILURE; - goto error; - } - dbdata.data = xdralloc_getdata(&xdrs); - dbdata.size = xdr_getpos(&xdrs); - switch(db->db->put(db->db, &dbkey, &dbdata, R_NOOVERWRITE)) { - case 0: - if((db->db->sync(db->db, 0)) == -1) - ret = OSA_ADB_FAILURE; - ret = OSA_ADB_OK; - break; - case 1: - ret = OSA_ADB_DUP; - break; - default: - ret = OSA_ADB_FAILURE; - break; - } - xdr_destroy(&xdrs); - -error: - CLOSELOCK(db); - return ret; -} - -/* - * Function: osa_adb_destroy_policy - * - * Purpose: destroy a policy entry - * - * Arguments: - * db (input) database handle - * name (input) name of policy - * <return value> OSA_ADB_OK on success, or error code. - * - * Requires: - * db being valid. - * name being non-null. - * Effects: - * deletes policy from db. - * - * Modifies: - * policy db. - * - */ -osa_adb_ret_t -osa_adb_destroy_policy(osa_adb_policy_t db, kadm5_policy_t name) -{ - DBT dbkey; - int status, ret; - - OPENLOCK(db, OSA_ADB_EXCLUSIVE); - - if(name == NULL) { - ret = EINVAL; - goto error; - } - dbkey.data = name; - dbkey.size = (strlen(name) + 1); - - status = db->db->del(db->db, &dbkey, 0); - switch(status) { - case 1: - ret = OSA_ADB_NOENT; - goto error; - case 0: - if ((db->db->sync(db->db, 0)) == -1) { - ret = OSA_ADB_FAILURE; - goto error; - } - ret = OSA_ADB_OK; - break; - default: - ret = OSA_ADB_FAILURE; - goto error; - } - -error: - CLOSELOCK(db); - return ret; -} - -/* - * Function: osa_adb_get_policy - * - * Purpose: retrieve policy - * - * Arguments: - * db (input) db handle - * name (input) name of policy - * entry (output) policy entry - * <return value> 0 on success, error code on failure. - * - * Requires: - * Effects: - * Modifies: - */ -osa_adb_ret_t -osa_adb_get_policy(osa_adb_policy_t db, kadm5_policy_t name, - osa_policy_ent_t *entry) -{ - DBT dbkey; - DBT dbdata; - XDR xdrs; - int ret; - char *aligned_data; - - OPENLOCK(db, OSA_ADB_SHARED); - - if(name == NULL) { - ret = EINVAL; - goto error; - } - dbkey.data = name; - dbkey.size = (strlen(dbkey.data) + 1); - dbdata.data = NULL; - dbdata.size = 0; - switch((db->db->get(db->db, &dbkey, &dbdata, 0))) { - case 1: - ret = OSA_ADB_NOENT; - goto error; - case 0: - break; - default: - ret = OSA_ADB_FAILURE; - goto error; - } - if (!(*(entry) = (osa_policy_ent_t)malloc(sizeof(osa_policy_ent_rec)))) { - ret = ENOMEM; - goto error; - } - if (!(aligned_data = (char *) malloc(dbdata.size))) { - ret = ENOMEM; - goto error; - } - memcpy(aligned_data, dbdata.data, dbdata.size); - memset(*entry, 0, sizeof(osa_policy_ent_rec)); - xdrmem_create(&xdrs, aligned_data, dbdata.size, XDR_DECODE); - if (!xdr_osa_policy_ent_rec(&xdrs, *entry)) - ret = OSA_ADB_FAILURE; - else ret = OSA_ADB_OK; - xdr_destroy(&xdrs); - free(aligned_data); - -error: - CLOSELOCK(db); - return ret; -} - -/* - * Function: osa_adb_put_policy - * - * Purpose: update a policy in the dababase - * - * Arguments: - * db (input) db handle - * entry (input) policy entry - * <return value> 0 on success error code on failure. - * - * Requires: - * [requires] - * - * Effects: - * [effects] - * - * Modifies: - * [modifies] - * - */ -osa_adb_ret_t -osa_adb_put_policy(osa_adb_policy_t db, osa_policy_ent_t entry) -{ - DBT dbkey; - DBT dbdata; - DBT tmpdb; - XDR xdrs; - int ret; - - OPENLOCK(db, OSA_ADB_EXCLUSIVE); - - if(entry->name == NULL) { - ret = EINVAL; - goto error; - } - dbkey.data = entry->name; - dbkey.size = (strlen(entry->name) + 1); - switch(db->db->get(db->db, &dbkey, &tmpdb, 0)) { - case 0: - break; - case 1: - ret = OSA_ADB_NOENT; - goto error; - default: - ret = OSA_ADB_FAILURE; - goto error; - } - xdralloc_create(&xdrs, XDR_ENCODE); - if(!xdr_osa_policy_ent_rec(&xdrs, entry)) { - xdr_destroy(&xdrs); - ret = OSA_ADB_XDR_FAILURE; - goto error; - } - dbdata.data = xdralloc_getdata(&xdrs); - dbdata.size = xdr_getpos(&xdrs); - switch(db->db->put(db->db, &dbkey, &dbdata, 0)) { - case 0: - if((db->db->sync(db->db, 0)) == -1) - ret = OSA_ADB_FAILURE; - ret = OSA_ADB_OK; - break; - default: - ret = OSA_ADB_FAILURE; - break; - } - xdr_destroy(&xdrs); - -error: - CLOSELOCK(db); - return ret; -} - -/* - * Function: osa_adb_iter_policy - * - * Purpose: iterate over the policy database. - * - * Arguments: - * db (input) db handle - * func (input) fucntion pointer to call - * data opaque data type - * <return value> 0 on success error code on failure - * - * Requires: - * Effects: - * Modifies: - */ -osa_adb_ret_t -osa_adb_iter_policy(osa_adb_policy_t db, osa_adb_iter_policy_func func, - void *data) -{ - DBT dbkey, - dbdata; - XDR xdrs; - int ret; - osa_policy_ent_t entry; - char *aligned_data; - - OPENLOCK(db, OSA_ADB_EXCLUSIVE); /* hmmm */ - - if((ret = db->db->seq(db->db, &dbkey, &dbdata, R_FIRST)) == -1) { - ret = errno; - goto error; - } - - while (ret == 0) { - if (!(entry = (osa_policy_ent_t) malloc(sizeof(osa_policy_ent_rec)))) { - ret = ENOMEM; - goto error; - } - - if(!(aligned_data = (char *) malloc(dbdata.size))) { - ret = ENOMEM; - goto error; - } - memcpy(aligned_data, dbdata.data, dbdata.size); - - memset(entry, 0, sizeof(osa_policy_ent_rec)); - xdrmem_create(&xdrs, aligned_data, dbdata.size, XDR_DECODE); - if(!xdr_osa_policy_ent_rec(&xdrs, entry)) { - xdr_destroy(&xdrs); - free(aligned_data); - ret = OSA_ADB_FAILURE; - goto error; - } - (*func)(data, entry); - xdr_destroy(&xdrs); - free(aligned_data); - osa_free_policy_ent(entry); - ret = db->db->seq(db->db, &dbkey, &dbdata, R_NEXT); - } - if(ret == -1) - ret = errno; - else ret = OSA_ADB_OK; - -error: - CLOSELOCK(db); - return ret; -} diff --git a/src/lib/kadm5/srv/adb_xdr.c b/src/lib/kadm5/srv/adb_xdr.c index 757cf92..d5d1706 100644 --- a/src/lib/kadm5/srv/adb_xdr.c +++ b/src/lib/kadm5/srv/adb_xdr.c @@ -11,7 +11,7 @@ static char *rcsid = "$Header$"; #include <sys/types.h> #include <krb5.h> #include <gssrpc/rpc.h> -#include "adb.h" +#include "server_internal.h" #include "admin_xdr.h" #ifdef HAVE_MEMORY_H #include <memory.h> @@ -97,38 +97,14 @@ xdr_osa_princ_ent_rec(XDR *xdrs, osa_princ_ent_t objp) return (TRUE); } -bool_t -xdr_osa_policy_ent_rec(XDR *xdrs, osa_policy_ent_t objp) +void +osa_free_princ_ent(osa_princ_ent_t val) { - switch (xdrs->x_op) { - case XDR_ENCODE: - objp->version = OSA_ADB_POLICY_VERSION_1; - /* fall through */ - case XDR_FREE: - if (!xdr_int(xdrs, &objp->version)) - return FALSE; - break; - case XDR_DECODE: - if (!xdr_int(xdrs, &objp->version)) - return FALSE; - if (objp->version != OSA_ADB_POLICY_VERSION_1) - return FALSE; - break; - } - - if(!xdr_nullstring(xdrs, &objp->name)) - return (FALSE); - if (!xdr_u_int32(xdrs, &objp->pw_min_life)) - return (FALSE); - if (!xdr_u_int32(xdrs, &objp->pw_max_life)) - return (FALSE); - if (!xdr_u_int32(xdrs, &objp->pw_min_length)) - return (FALSE); - if (!xdr_u_int32(xdrs, &objp->pw_min_classes)) - return (FALSE); - if (!xdr_u_int32(xdrs, &objp->pw_history_num)) - return (FALSE); - if (!xdr_u_int32(xdrs, &objp->policy_refcnt)) - return (FALSE); - return (TRUE); + XDR xdrs; + + xdrmem_create(&xdrs, NULL, 0, XDR_FREE); + + xdr_osa_princ_ent_rec(&xdrs, val); + free(val); } + diff --git a/src/lib/kadm5/srv/server_init.c b/src/lib/kadm5/srv/server_init.c index dc3526a..a536929 100644 --- a/src/lib/kadm5/srv/server_init.c +++ b/src/lib/kadm5/srv/server_init.c @@ -33,15 +33,70 @@ static int check_handle(void *handle) return 0; } +static int dup_db_args( kadm5_server_handle_t handle, char **db_args ) +{ + int count = 0; + int ret = 0; + + for( count=0; db_args && db_args[count]; count++ ); + if( count == 0 ) + { + handle->db_args = NULL; + goto clean_n_exit; + } + + handle->db_args = calloc(sizeof(char*), count+1); + if( handle->db_args == NULL ) + { + ret=ENOMEM; + goto clean_n_exit; + } + + for(count=0; db_args[count]; count++) + { + handle->db_args[count] = strdup(db_args[count]); + if( handle->db_args[count] == NULL ) + { + ret = ENOMEM; + goto clean_n_exit; + } + } + + clean_n_exit: + if( ret && handle->db_args ) + { + for(count=0; handle->db_args[count]; count++ ) + free( handle->db_args[count] ); + + free(handle->db_args), handle->db_args = NULL; + } + + return ret; +} + +static void free_db_args(kadm5_server_handle_t handle) +{ + int count; + + if( handle->db_args ) + { + for(count=0; handle->db_args[count]; count++ ) + free( handle->db_args[count] ); + + free(handle->db_args), handle->db_args = NULL; + } +} + kadm5_ret_t kadm5_init_with_password(char *client_name, char *pass, char *service_name, kadm5_config_params *params, krb5_ui_4 struct_version, krb5_ui_4 api_version, + char **db_args, void **server_handle) { return kadm5_init(client_name, pass, service_name, params, - struct_version, api_version, + struct_version, api_version, db_args, server_handle); } @@ -51,6 +106,7 @@ kadm5_ret_t kadm5_init_with_creds(char *client_name, kadm5_config_params *params, krb5_ui_4 struct_version, krb5_ui_4 api_version, + char **db_args, void **server_handle) { /* @@ -64,7 +120,7 @@ kadm5_ret_t kadm5_init_with_creds(char *client_name, params->mkey_from_kbd) return KADM5_BAD_SERVER_PARAMS; return kadm5_init(client_name, NULL, service_name, params, - struct_version, api_version, + struct_version, api_version, db_args, server_handle); } @@ -74,6 +130,7 @@ kadm5_ret_t kadm5_init_with_skey(char *client_name, char *keytab, kadm5_config_params *params, krb5_ui_4 struct_version, krb5_ui_4 api_version, + char **db_args, void **server_handle) { /* @@ -87,7 +144,7 @@ kadm5_ret_t kadm5_init_with_skey(char *client_name, char *keytab, params->mkey_from_kbd) return KADM5_BAD_SERVER_PARAMS; return kadm5_init(client_name, NULL, service_name, params, - struct_version, api_version, + struct_version, api_version, db_args, server_handle); } @@ -96,6 +153,7 @@ kadm5_ret_t kadm5_init(char *client_name, char *pass, kadm5_config_params *params_in, krb5_ui_4 struct_version, krb5_ui_4 api_version, + char **db_args, void **server_handle) { int ret; @@ -112,14 +170,22 @@ kadm5_ret_t kadm5_init(char *client_name, char *pass, return ENOMEM; memset(handle, 0, sizeof(*handle)); + ret = dup_db_args( handle, db_args ); + if( ret ) + { + free(handle); + return ret; + } + ret = (int) krb5_init_context(&(handle->context)); if (ret) { + free_db_args(handle); free(handle); return(ret); } initialize_ovk_error_table(); - initialize_adb_error_table(); +/* initialize_adb_error_table(); */ initialize_ovku_error_table(); handle->magic_number = KADM5_SERVER_HANDLE_MAGIC; @@ -153,6 +219,7 @@ kadm5_ret_t kadm5_init(char *client_name, char *pass, #define ILLEGAL_PARAMS (KADM5_CONFIG_ADMIN_SERVER) if (params_in && (params_in->mask & ILLEGAL_PARAMS)) { krb5_free_context(handle->context); + free_db_args(handle); free(handle); return KADM5_BAD_SERVER_PARAMS; } @@ -162,6 +229,7 @@ kadm5_ret_t kadm5_init(char *client_name, char *pass, &handle->params); if (ret) { krb5_free_context(handle->context); + free_db_args(handle); free(handle); return(ret); } @@ -176,24 +244,24 @@ kadm5_ret_t kadm5_init(char *client_name, char *pass, if ((handle->params.mask & REQUIRED_PARAMS) != REQUIRED_PARAMS) { krb5_free_context(handle->context); + free_db_args(handle); free(handle); return KADM5_MISSING_CONF_PARAMS; } - /* - * Set the db_name based on configuration before calling - * krb5_db_init, so it will get used. - */ - - ret = krb5_db_set_name(handle->context, handle->params.dbname); - if (ret) { - free(handle); - return(ret); - } + ret = krb5_set_default_realm(handle->context, handle->params.realm); + if( ret ) + { + krb5_free_context(handle->context); + free_db_args(handle); + free(handle); + return ret; + } - ret = krb5_db_init(handle->context); + ret = krb5_db_open(handle->context, db_args, KRB5_KDB_OPEN_RW); if (ret) { krb5_free_context(handle->context); + free_db_args(handle); free(handle); return(ret); } @@ -202,6 +270,7 @@ kadm5_ret_t kadm5_init(char *client_name, char *pass, &handle->current_caller))) { krb5_db_fini(handle->context); krb5_free_context(handle->context); + free_db_args(handle); free(handle); return ret; } @@ -209,6 +278,7 @@ kadm5_ret_t kadm5_init(char *client_name, char *pass, if (! (handle->lhandle = malloc(sizeof(*handle)))) { krb5_db_fini(handle->context); krb5_free_context(handle->context); + free_db_args(handle); free(handle); return ENOMEM; } @@ -220,6 +290,7 @@ kadm5_ret_t kadm5_init(char *client_name, char *pass, /* can't check the handle until current_caller is set */ ret = check_handle((void *) handle); if (ret) { + free_db_args(handle); free(handle); return ret; } @@ -250,6 +321,7 @@ kadm5_ret_t kadm5_init(char *client_name, char *pass, if (ret) { krb5_db_fini(handle->context); krb5_free_context(handle->context); + free_db_args(handle); free(handle); return ret; } @@ -258,6 +330,7 @@ kadm5_ret_t kadm5_init(char *client_name, char *pass, if (ret) { krb5_db_fini(handle->context); krb5_free_context(handle->context); + free_db_args(handle); free(handle); return ret; } @@ -267,20 +340,11 @@ kadm5_ret_t kadm5_init(char *client_name, char *pass, krb5_db_fini(handle->context); krb5_free_principal(handle->context, handle->current_caller); krb5_free_context(handle->context); + free_db_args(handle); free(handle); return ret; } - ret = adb_policy_init(handle); - if (ret) { - krb5_db_fini(handle->context); - krb5_free_principal(handle->context, handle->current_caller); - krb5_free_context(handle->context); - free(handle); - return ret; - } - handle->lhandle->policy_db = handle->policy_db; - *server_handle = (void *) handle; return KADM5_OK; @@ -301,6 +365,7 @@ kadm5_ret_t kadm5_destroy(void *server_handle) krb5_free_context(handle->context); handle->magic_number = 0; free(handle->lhandle); + free_db_args(handle); free(handle); return KADM5_OK; @@ -312,10 +377,7 @@ kadm5_ret_t kadm5_lock(void *server_handle) kadm5_ret_t ret; CHECK_HANDLE(server_handle); - ret = osa_adb_open_and_lock(handle->policy_db, OSA_ADB_EXCLUSIVE); - if (ret) - return ret; - ret = krb5_db_lock(handle->context, KRB5_LOCKMODE_EXCLUSIVE); + ret = krb5_db_lock(handle->context, KRB5_DB_LOCKMODE_EXCLUSIVE); if (ret) return ret; @@ -328,9 +390,6 @@ kadm5_ret_t kadm5_unlock(void *server_handle) kadm5_ret_t ret; CHECK_HANDLE(server_handle); - ret = osa_adb_close_and_unlock(handle->policy_db); - if (ret) - return ret; ret = krb5_db_unlock(handle->context); if (ret) return ret; @@ -346,13 +405,7 @@ kadm5_ret_t kadm5_flush(void *server_handle) CHECK_HANDLE(server_handle); if ((ret = krb5_db_fini(handle->context)) || - /* - * Set the db_name based on configuration before calling - * krb5_db_init, so it will get used. - */ - (ret = krb5_db_set_name(handle->context, - handle->params.dbname)) || - (ret = krb5_db_init(handle->context)) || + (ret = krb5_db_open(handle->context, handle->db_args, KRB5_KDB_OPEN_RW)) || (ret = adb_policy_close(handle)) || (ret = adb_policy_init(handle))) { (void) kadm5_destroy(server_handle); diff --git a/src/lib/kadm5/srv/server_kdb.c b/src/lib/kadm5/srv/server_kdb.c index 97d38c7..6392ef1 100644 --- a/src/lib/kadm5/srv/server_kdb.c +++ b/src/lib/kadm5/srv/server_kdb.c @@ -42,7 +42,7 @@ krb5_error_code kdb_init_master(kadm5_server_handle_t handle, } else { realm = r; } - + if ((ret = krb5_db_setup_mkey_name(handle->context, handle->params.mkey_name, realm, NULL, &master_princ))) @@ -60,9 +60,6 @@ krb5_error_code kdb_init_master(kadm5_server_handle_t handle, if (ret) goto done; - if ((ret = krb5_db_init(handle->context)) != KSUCCESS) - goto done; - if ((ret = krb5_db_verify_master_key(handle->context, master_princ, &master_keyblock))) { krb5_db_fini(handle->context); @@ -264,7 +261,7 @@ kdb_get_entry(kadm5_server_handle_t handle, if (! xdr_osa_princ_ent_rec(&xdrs, adb)) { xdr_destroy(&xdrs); krb5_db_free_principal(handle->context, kdb, 1); - return(OSA_ADB_XDR_FAILURE); + return(KADM5_XDR_FAILURE); } xdr_destroy(&xdrs); } @@ -346,7 +343,7 @@ kdb_put_entry(kadm5_server_handle_t handle, xdralloc_create(&xdrs, XDR_ENCODE); if(! xdr_osa_princ_ent_rec(&xdrs, adb)) { xdr_destroy(&xdrs); - return(OSA_ADB_XDR_FAILURE); + return(KADM5_XDR_FAILURE); } tl_data.tl_data_type = KRB5_TL_KADM_DATA; tl_data.tl_data_length = xdr_getpos(&xdrs); @@ -395,7 +392,7 @@ kdb_iter_func(krb5_pointer data, krb5_db_entry *kdb) } krb5_error_code -kdb_iter_entry(kadm5_server_handle_t handle, +kdb_iter_entry(kadm5_server_handle_t handle, char *match_entry, void (*iter_fct)(void *, krb5_principal), void *data) { iter_data id; @@ -404,11 +401,10 @@ kdb_iter_entry(kadm5_server_handle_t handle, id.func = iter_fct; id.data = data; - ret = krb5_db_iterate(handle->context, kdb_iter_func, &id); + ret = krb5_db_iterate(handle->context, match_entry, kdb_iter_func, &id); if (ret) return(ret); return(0); } - diff --git a/src/lib/kadm5/srv/server_misc.c b/src/lib/kadm5/srv/server_misc.c index 02c7dce..4f15fd3 100644 --- a/src/lib/kadm5/srv/server_misc.c +++ b/src/lib/kadm5/srv/server_misc.c @@ -11,7 +11,6 @@ static char *rcsid = "$Header$"; #include "k5-int.h" #include <krb5/kdb.h> #include <ctype.h> -#include "adb.h" #include <pwd.h> /* for strcasecmp */ @@ -22,22 +21,17 @@ static char *rcsid = "$Header$"; kadm5_ret_t adb_policy_init(kadm5_server_handle_t handle) { - osa_adb_ret_t ret; - if(handle->policy_db == (osa_adb_policy_t) NULL) - if((ret = osa_adb_open_policy(&handle->policy_db, - &handle->params)) != OSA_ADB_OK) - return ret; - return KADM5_OK; + /* now policy is initialized as part of database. No seperate call needed */ + if( krb5_db_inited( handle->context ) ) + return KADM5_OK; + + return krb5_db_open( handle->context, NULL, KRB5_KDB_OPEN_RW ); } kadm5_ret_t adb_policy_close(kadm5_server_handle_t handle) { - osa_adb_ret_t ret; - if(handle->policy_db != (osa_adb_policy_t) NULL) - if((ret = osa_adb_close_policy(handle->policy_db)) != OSA_ADB_OK) - return ret; - handle->policy_db = NULL; + /* will be taken care by database close */ return KADM5_OK; } @@ -185,3 +179,4 @@ passwd_check(kadm5_server_handle_t handle, } return KADM5_OK; } + diff --git a/src/lib/kadm5/srv/svr_iters.c b/src/lib/kadm5/srv/svr_iters.c index 8c04d78..ea1ee27 100644 --- a/src/lib/kadm5/srv/svr_iters.c +++ b/src/lib/kadm5/srv/svr_iters.c @@ -21,7 +21,6 @@ static char *rcsid = "$Header$"; #include <sys/types.h> #include <string.h> #include <kadm5/admin.h> -#include "adb.h" #ifdef SOLARIS_REGEXPS #include <regexpr.h> #endif @@ -230,18 +229,18 @@ static kadm5_ret_t kadm5_get_either(int princ, if (princ) { data.context = handle->context; - ret = kdb_iter_entry(handle, get_princs_iter, (void *) &data); + ret = kdb_iter_entry(handle, exp, get_princs_iter, (void *) &data); } else { - ret = osa_adb_iter_policy(handle->policy_db, get_pols_iter, (void *)&data); + ret = krb5_db_iter_policy(handle->context, exp, get_pols_iter, (void *)&data); } free(regexp); #ifdef POSIX_REGEXPS regfree(&data.preg); #endif - if (ret == OSA_ADB_OK && data.malloc_failed) + if ( !ret && data.malloc_failed) ret = ENOMEM; - if (ret != OSA_ADB_OK) { + if ( ret ) { for (i = 0; i < data.n_names; i++) free(data.names[i]); free(data.names); diff --git a/src/lib/kadm5/srv/svr_policy.c b/src/lib/kadm5/srv/svr_policy.c index d03cfd0..24398c1 100644 --- a/src/lib/kadm5/srv/svr_policy.c +++ b/src/lib/kadm5/srv/svr_policy.c @@ -10,7 +10,6 @@ static char *rcsid = "$Header$"; #include <sys/types.h> #include <kadm5/admin.h> -#include "adb.h" #include "server_internal.h" #include <stdlib.h> @@ -47,6 +46,8 @@ kadm5_create_policy(void *server_handle, { CHECK_HANDLE(server_handle); + krb5_db_clr_error(); + if (mask & KADM5_REF_COUNT) return KADM5_BAD_MASK; else @@ -139,10 +140,10 @@ kadm5_create_policy_internal(void *server_handle, pent.policy_refcnt = 0; else pent.policy_refcnt = entry->policy_refcnt; - if ((ret = osa_adb_create_policy(handle->policy_db, &pent)) == OSA_ADB_OK) - return KADM5_OK; - else + if ((ret = krb5_db_create_policy(handle->context, &pent))) return ret; + else + return KADM5_OK; } kadm5_ret_t @@ -151,24 +152,30 @@ kadm5_delete_policy(void *server_handle, kadm5_policy_t name) kadm5_server_handle_t handle = server_handle; osa_policy_ent_t entry; int ret; + int cnt=1; CHECK_HANDLE(server_handle); + krb5_db_clr_error(); + if(name == (kadm5_policy_t) NULL) return EINVAL; if(strlen(name) == 0) return KADM5_BAD_POLICY; - if ((ret = osa_adb_get_policy(handle->policy_db, name, &entry)) != OSA_ADB_OK) + if((ret = krb5_db_get_policy(handle->context, name, &entry,&cnt))) return ret; + if( cnt != 1 ) + return KADM5_UNK_POLICY; + if(entry->policy_refcnt != 0) { - osa_free_policy_ent(entry); + krb5_db_free_policy(handle->context, entry); return KADM5_POLICY_REF; } - osa_free_policy_ent(entry); - if ((ret = osa_adb_destroy_policy(handle->policy_db, name)) == OSA_ADB_OK) - return KADM5_OK; - else + krb5_db_free_policy(handle->context, entry); + if ((ret = krb5_db_delete_policy(handle->context, name))) return ret; + else + return KADM5_OK; } kadm5_ret_t @@ -177,6 +184,8 @@ kadm5_modify_policy(void *server_handle, { CHECK_HANDLE(server_handle); + krb5_db_clr_error(); + if (mask & KADM5_REF_COUNT) return KADM5_BAD_MASK; else @@ -190,6 +199,7 @@ kadm5_modify_policy_internal(void *server_handle, kadm5_server_handle_t handle = server_handle; osa_policy_ent_t p; int ret; + int cnt=1; CHECK_HANDLE(server_handle); @@ -200,26 +210,22 @@ kadm5_modify_policy_internal(void *server_handle, if((mask & KADM5_POLICY)) return KADM5_BAD_MASK; - switch ((ret = osa_adb_get_policy(handle->policy_db, entry->policy, &p))) { - case OSA_ADB_OK: - break; - case OSA_ADB_NOENT: + ret = krb5_db_get_policy(handle->context, entry->policy, &p, &cnt); + if( ret && (cnt==0) ) return KADM5_UNK_POLICY; - default: - break; - } + if ((mask & KADM5_PW_MAX_LIFE)) p->pw_max_life = entry->pw_max_life; if ((mask & KADM5_PW_MIN_LIFE)) { if(entry->pw_min_life > p->pw_max_life && p->pw_max_life != 0) { - osa_free_policy_ent(p); + krb5_db_free_policy(handle->context, p); return KADM5_BAD_MIN_PASS_LIFE; } p->pw_min_life = entry->pw_min_life; } if ((mask & KADM5_PW_MIN_LENGTH)) { if(entry->pw_min_length < MIN_PW_LENGTH) { - osa_free_policy_ent(p); + krb5_db_free_policy(handle->context, p); return KADM5_BAD_LENGTH; } p->pw_min_length = entry->pw_min_length; @@ -227,7 +233,7 @@ kadm5_modify_policy_internal(void *server_handle, if ((mask & KADM5_PW_MIN_CLASSES)) { if(entry->pw_min_classes > MAX_PW_CLASSES || entry->pw_min_classes < MIN_PW_CLASSES) { - osa_free_policy_ent(p); + krb5_db_free_policy(handle->context, p); return KADM5_BAD_CLASS; } p->pw_min_classes = entry->pw_min_classes; @@ -235,22 +241,15 @@ kadm5_modify_policy_internal(void *server_handle, if ((mask & KADM5_PW_HISTORY_NUM)) { if(entry->pw_history_num < MIN_PW_HISTORY || entry->pw_history_num > MAX_PW_HISTORY) { - osa_free_policy_ent(p); + krb5_db_free_policy(handle->context, p); return KADM5_BAD_HISTORY; } p->pw_history_num = entry->pw_history_num; } if ((mask & KADM5_REF_COUNT)) p->policy_refcnt = entry->policy_refcnt; - switch ((ret = osa_adb_put_policy(handle->policy_db, p))) { - case OSA_ADB_OK: - ret = KADM5_OK; - break; - case OSA_ADB_NOENT: /* this should not happen here ... */ - ret = KADM5_UNK_POLICY; - break; - } - osa_free_policy_ent(p); + ret = krb5_db_put_policy(handle->context, p); + krb5_db_free_policy(handle->context, p); return ret; } @@ -262,9 +261,12 @@ kadm5_get_policy(void *server_handle, kadm5_policy_t name, kadm5_policy_ent_rec entry_local, **entry_orig, *new; int ret; kadm5_server_handle_t handle = server_handle; + int cnt=1; CHECK_HANDLE(server_handle); + krb5_db_clr_error(); + /* * In version 1, entry is a pointer to a kadm5_policy_ent_t that * should be filled with allocated memory. @@ -279,16 +281,14 @@ kadm5_get_policy(void *server_handle, kadm5_policy_t name, return EINVAL; if(strlen(name) == 0) return KADM5_BAD_POLICY; - switch((ret = osa_adb_get_policy(handle->policy_db, name, &t))) { - case OSA_ADB_OK: - break; - case OSA_ADB_NOENT: - return KADM5_UNK_POLICY; - default: + if((ret = krb5_db_get_policy(handle->context, name, &t, &cnt))) return ret; - } + + if( cnt != 1 ) + return KADM5_UNK_POLICY; + if ((entry->policy = (char *) malloc(strlen(t->name) + 1)) == NULL) { - osa_free_policy_ent(t); + krb5_db_free_policy(handle->context, t); return ENOMEM; } strcpy(entry->policy, t->name); @@ -298,13 +298,13 @@ kadm5_get_policy(void *server_handle, kadm5_policy_t name, entry->pw_min_classes = t->pw_min_classes; entry->pw_history_num = t->pw_history_num; entry->policy_refcnt = t->policy_refcnt; - osa_free_policy_ent(t); + krb5_db_free_policy(handle->context, t); if (handle->api_version == KADM5_API_VERSION_1) { new = (kadm5_policy_ent_t) malloc(sizeof(kadm5_policy_ent_rec)); if (new == NULL) { free(entry->policy); - osa_free_policy_ent(t); + krb5_db_free_policy(handle->context, t); return ENOMEM; } *new = *entry; diff --git a/src/lib/kadm5/srv/svr_principal.c b/src/lib/kadm5/srv/svr_principal.c index 7dc2d8f..f1a0717 100644 --- a/src/lib/kadm5/srv/svr_principal.c +++ b/src/lib/kadm5/srv/svr_principal.c @@ -11,7 +11,6 @@ static char *rcsid = "$Header$"; #include <sys/types.h> #include <sys/time.h> #include <kadm5/admin.h> -#include "adb.h" #include "k5-int.h" #include <krb5/kdb.h> #include <stdio.h> @@ -35,6 +34,79 @@ static int decrypt_key_data(krb5_context context, int n_key_data, krb5_key_data *key_data, krb5_keyblock **keyblocks, int *n_keys); +static krb5_error_code +kadm5_copy_principal(krb5_context context, krb5_const_principal inprinc, krb5_principal *outprinc) +{ + register krb5_principal tempprinc; + register int i, nelems; + + tempprinc = (krb5_principal)krb5_db_alloc(context, NULL, sizeof(krb5_principal_data)); + + if (tempprinc == 0) + return ENOMEM; + + memcpy(tempprinc, inprinc, sizeof(krb5_principal_data)); + + nelems = (int) krb5_princ_size(context, inprinc); + tempprinc->data = krb5_db_alloc(context, NULL, nelems * sizeof(krb5_data)); + + if (tempprinc->data == 0) { + krb5_db_free(context, (char *)tempprinc); + return ENOMEM; + } + + for (i = 0; i < nelems; i++) { + unsigned int len = krb5_princ_component(context, inprinc, i)->length; + krb5_princ_component(context, tempprinc, i)->length = len; + if (((krb5_princ_component(context, tempprinc, i)->data = + krb5_db_alloc(context, NULL, len)) == 0) && len) { + while (--i >= 0) + krb5_db_free(context, krb5_princ_component(context, tempprinc, i)->data); + krb5_db_free (context, tempprinc->data); + krb5_db_free (context, tempprinc); + return ENOMEM; + } + if (len) + memcpy(krb5_princ_component(context, tempprinc, i)->data, + krb5_princ_component(context, inprinc, i)->data, len); + } + + tempprinc->realm.data = + krb5_db_alloc(context, NULL, tempprinc->realm.length = inprinc->realm.length); + if (!tempprinc->realm.data && tempprinc->realm.length) { + for (i = 0; i < nelems; i++) + krb5_db_free(context, krb5_princ_component(context, tempprinc, i)->data); + krb5_db_free(context, tempprinc->data); + krb5_db_free(context, tempprinc); + return ENOMEM; + } + if (tempprinc->realm.length) + memcpy(tempprinc->realm.data, inprinc->realm.data, + inprinc->realm.length); + + *outprinc = tempprinc; + return 0; +} + +static void +kadm5_free_principal(krb5_context context, krb5_principal val) +{ + register krb5_int32 i; + + if (!val) + return; + + if (val->data) { + i = krb5_princ_size(context, val); + while(--i >= 0) + krb5_db_free(context, krb5_princ_component(context, val, i)->data); + krb5_db_free(context, val->data); + } + if (val->realm.data) + krb5_db_free(context, val->realm.data); + krb5_db_free(context, val); +} + /* * XXX Functions that ought to be in libkrb5.a, but aren't. */ @@ -98,8 +170,8 @@ static void cleanup_key_data(context, count, data) for (i = 0; i < count; i++) for (j = 0; j < data[i].key_data_ver; j++) if (data[i].key_data_length[j]) - free(data[i].key_data_contents[j]); - free(data); + krb5_db_free(context, data[i].key_data_contents[j]); + krb5_db_free(context, data); } kadm5_ret_t @@ -127,6 +199,8 @@ kadm5_create_principal_3(void *server_handle, CHECK_HANDLE(server_handle); + krb5_db_clr_error(); + /* * Argument sanity checking, and opening up the DB */ @@ -231,20 +305,37 @@ kadm5_create_principal_3(void *server_handle, to free the entire kdb entry, and that will try to free the principal. */ - if ((ret = krb5_copy_principal(handle->context, - entry->principal, &(kdb.princ)))) { + if ((ret = kadm5_copy_principal(handle->context, + entry->principal, &(kdb.princ)))) { if (mask & KADM5_POLICY) (void) kadm5_free_policy_ent(handle->lhandle, &polent); return(ret); } if ((ret = krb5_dbe_update_last_pwd_change(handle->context, &kdb, now))) { - krb5_dbe_free_contents(handle->context, &kdb); + krb5_db_free_principal(handle->context, &kdb, 1); if (mask & KADM5_POLICY) (void) kadm5_free_policy_ent(handle->lhandle, &polent); return(ret); } + if (mask & KADM5_TL_DATA) { + /* splice entry->tl_data onto the front of kdb.tl_data */ + tl_data_orig = kdb.tl_data; + for (tl_data_tail = entry->tl_data; tl_data_tail; + tl_data_tail = tl_data_tail->tl_data_next) + { + ret = krb5_dbe_update_tl_data(handle->context, &kdb, tl_data_tail); + if( ret ) + { + krb5_db_free_principal(handle->context, &kdb, 1); + if (mask & KADM5_POLICY) + (void) kadm5_free_policy_ent(handle->lhandle, &polent); + return ret; + } + } + } + /* initialize the keys */ if ((ret = krb5_dbe_cpw(handle->context, &master_keyblock, @@ -253,7 +344,7 @@ kadm5_create_principal_3(void *server_handle, password, (mask & KADM5_KVNO)?entry->kvno:1, FALSE, &kdb))) { - krb5_dbe_free_contents(handle->context, &kdb); + krb5_db_free_principal(handle->context, &kdb, 1); if (mask & KADM5_POLICY) (void) kadm5_free_policy_ent(handle->lhandle, &polent); return(ret); @@ -282,33 +373,17 @@ kadm5_create_principal_3(void *server_handle, if ((ret = kadm5_modify_policy_internal(handle->lhandle, &polent, KADM5_REF_COUNT)) != KADM5_OK) { - krb5_dbe_free_contents(handle->context, &kdb); + krb5_db_free_principal(handle->context, &kdb, 1); if (mask & KADM5_POLICY) (void) kadm5_free_policy_ent(handle->lhandle, &polent); return(ret); } } - if (mask & KADM5_TL_DATA) { - /* splice entry->tl_data onto the front of kdb.tl_data */ - tl_data_orig = kdb.tl_data; - for (tl_data_tail = entry->tl_data; tl_data_tail->tl_data_next; - tl_data_tail = tl_data_tail->tl_data_next) - ; - tl_data_tail->tl_data_next = kdb.tl_data; - kdb.tl_data = entry->tl_data; - } - /* store the new db entry */ ret = kdb_put_entry(handle, &kdb, &adb); - if (mask & KADM5_TL_DATA) { - /* remove entry->tl_data from the front of kdb.tl_data */ - tl_data_tail->tl_data_next = NULL; - kdb.tl_data = tl_data_orig; - } - - krb5_dbe_free_contents(handle->context, &kdb); + krb5_db_free_principal(handle->context, &kdb, 1); if (ret) { if ((mask & KADM5_POLICY)) { @@ -346,6 +421,8 @@ kadm5_delete_principal(void *server_handle, krb5_principal principal) CHECK_HANDLE(server_handle); + krb5_db_clr_error(); + if (principal == NULL) return EINVAL; @@ -392,6 +469,8 @@ kadm5_modify_principal(void *server_handle, CHECK_HANDLE(server_handle); + krb5_db_clr_error(); + if((mask & KADM5_PRINCIPAL) || (mask & KADM5_LAST_PWD_CHANGE) || (mask & KADM5_MOD_TIME) || (mask & KADM5_MOD_NAME) || (mask & KADM5_MKVNO) || (mask & KADM5_AUX_ATTRIBUTES) || @@ -534,34 +613,18 @@ kadm5_modify_principal(void *server_handle, } if (mask & KADM5_TL_DATA) { - krb5_tl_data *tl, *tl2; - /* - * Replace kdb.tl_data with what was passed in. The - * KRB5_TL_KADM_DATA will be re-added (based on adb) by - * kdb_put_entry, below. - * - * Note that we have to duplicate the passed in tl_data - * before adding it to kdb. The reason is that kdb_put_entry - * will add its own tl_data entries that we will need to - * free, but we cannot free the caller's tl_data (an - * alternative would be to scan the tl_data after put_entry - * and only free those entries that were not passed in). - */ - while (kdb.tl_data) { - tl = kdb.tl_data->tl_data_next; - free(kdb.tl_data->tl_data_contents); - free(kdb.tl_data); - kdb.tl_data = tl; - } + krb5_tl_data *tl; + + /* may have to change the version number of the API. Updates the list with the given tl_data rather than over-writting */ - kdb.n_tl_data = entry->n_tl_data; - kdb.tl_data = NULL; - tl2 = entry->tl_data; - while (tl2) { - tl = dup_tl_data(tl2); - tl->tl_data_next = kdb.tl_data; - kdb.tl_data = tl; - tl2 = tl2->tl_data_next; + for (tl = entry->tl_data; tl; + tl = tl->tl_data_next) + { + ret = krb5_dbe_update_tl_data(handle->context, &kdb, tl); + if( ret ) + { + goto done; + } } } @@ -593,6 +656,8 @@ kadm5_rename_principal(void *server_handle, CHECK_HANDLE(server_handle); + krb5_db_clr_error(); + if (source == NULL || target == NULL) return EINVAL; @@ -614,8 +679,8 @@ kadm5_rename_principal(void *server_handle, } } - krb5_free_principal(handle->context, kdb.princ); - ret = krb5_copy_principal(handle->context, target, &kdb.princ); + kadm5_free_principal(handle->context, kdb.princ); + ret = kadm5_copy_principal(handle->context, target, &kdb.princ); if (ret) { kdb.princ = NULL; /* so freeing the dbe doesn't lose */ goto done; @@ -638,7 +703,7 @@ kadm5_get_principal(void *server_handle, krb5_principal principal, { krb5_db_entry kdb; osa_princ_ent_rec adb; - osa_adb_ret_t ret = 0; + krb5_error_code ret = 0; long mask; int i; kadm5_server_handle_t handle = server_handle; @@ -646,6 +711,8 @@ kadm5_get_principal(void *server_handle, krb5_principal principal, CHECK_HANDLE(server_handle); + krb5_db_clr_error(); + /* * In version 1, all the defined fields are always returned. * entry is a pointer to a kadm5_principal_ent_t_v1 that should be @@ -1222,6 +1289,8 @@ kadm5_chpass_principal_3(void *server_handle, CHECK_HANDLE(server_handle); + krb5_db_clr_error(); + hist_added = 0; memset(&hist, 0, sizeof(hist)); @@ -1373,7 +1442,7 @@ done: free_history_entry(handle->context, &hist); kdb_free_entry(handle, &kdb, &adb); kdb_free_entry(handle, &kdb_save, NULL); - krb5_dbe_free_contents(handle->context, &kdb); + krb5_db_free_principal(handle->context, &kdb, 1); if (have_pol && (ret2 = kadm5_free_policy_ent(handle->lhandle, &pol)) && !ret) @@ -1409,6 +1478,8 @@ kadm5_randkey_principal_3(void *server_handle, int ret, last_pwd, have_pol = 0; kadm5_server_handle_t handle = server_handle; + krb5_db_clr_error(); + if (keyblocks) *keyblocks = NULL; @@ -1538,11 +1609,16 @@ kadm5_setv4key_principal(void *server_handle, krb5_int32 now; kadm5_policy_ent_rec pol; krb5_keysalt keysalt; - int i, kvno, ret, have_pol = 0; + int i, k, kvno, ret, have_pol = 0; #if 0 int last_pwd; #endif kadm5_server_handle_t handle = server_handle; + krb5_key_data tmp_key_data; + + krb5_db_clr_error(); + + memset( &tmp_key_data, 0, sizeof(tmp_key_data)); CHECK_HANDLE(server_handle); @@ -1566,7 +1642,7 @@ kadm5_setv4key_principal(void *server_handle, if (kdb.key_data != NULL) cleanup_key_data(handle->context, kdb.n_key_data, kdb.key_data); - kdb.key_data = (krb5_key_data*)malloc(sizeof(krb5_key_data)); + kdb.key_data = (krb5_key_data*)krb5_db_alloc(handle->context, NULL, sizeof(krb5_key_data)); if (kdb.key_data == NULL) return ENOMEM; memset(kdb.key_data, 0, sizeof(krb5_key_data)); @@ -1576,13 +1652,39 @@ kadm5_setv4key_principal(void *server_handle, keysalt.data.length = 0; keysalt.data.data = NULL; + /* use tmp_key_data as temporary location and reallocate later */ ret = krb5_dbekd_encrypt_key_data(handle->context, &master_keyblock, keyblock, &keysalt, kvno + 1, - kdb.key_data); + &tmp_key_data); if (ret) { goto done; } + for( k = 0; k < tmp_key_data.key_data_ver; k++ ) + { + kdb.key_data->key_data_type[k] = tmp_key_data.key_data_type[k]; + kdb.key_data->key_data_length[k] = tmp_key_data.key_data_length[k]; + if( tmp_key_data.key_data_contents[k] ) + { + kdb.key_data->key_data_contents[k] = krb5_db_alloc(handle->context, NULL, tmp_key_data.key_data_length[k]); + if( kdb.key_data->key_data_contents[k] == NULL ) + { + cleanup_key_data(handle->context, kdb.n_key_data, kdb.key_data); + kdb.key_data = NULL; + kdb.n_key_data = 0; + ret = ENOMEM; + goto done; + } + memcpy( kdb.key_data->key_data_contents[k], tmp_key_data.key_data_contents[k], tmp_key_data.key_data_length[k]); + + memset( tmp_key_data.key_data_contents[k], 0, tmp_key_data.key_data_length[k]); + free( tmp_key_data.key_data_contents[k] ); + tmp_key_data.key_data_contents[k] = NULL; + } + } + + + kdb.attributes &= ~KRB5_KDB_REQUIRES_PWCHANGE; ret = krb5_timeofday(handle->context, &now); @@ -1646,6 +1748,15 @@ kadm5_setv4key_principal(void *server_handle, ret = KADM5_OK; done: + for( i = 0; i < tmp_key_data.key_data_ver; i++ ) + { + if( tmp_key_data.key_data_contents[i] ) + { + memset( tmp_key_data.key_data_contents[i], 0, tmp_key_data.key_data_length[i]); + free( tmp_key_data.key_data_contents[i] ); + } + } + kdb_free_entry(handle, &kdb, &adb); if (have_pol) kadm5_free_policy_ent(handle->lhandle, &pol); @@ -1679,16 +1790,20 @@ kadm5_setkey_principal_3(void *server_handle, kadm5_policy_ent_rec pol; krb5_key_data *old_key_data; int n_old_keys; - int i, j, kvno, ret, have_pol = 0; + int i, j, k, kvno, ret, have_pol = 0; #if 0 int last_pwd; #endif kadm5_server_handle_t handle = server_handle; krb5_boolean similar; krb5_keysalt keysalt; + krb5_key_data tmp_key_data; + krb5_key_data *tptr; CHECK_HANDLE(server_handle); + krb5_db_clr_error(); + if (principal == NULL || keyblocks == NULL) return EINVAL; if (hist_princ && /* this will be NULL when initializing the databse */ @@ -1733,10 +1848,14 @@ kadm5_setkey_principal_3(void *server_handle, old_key_data = NULL; } - kdb.key_data = (krb5_key_data*)malloc((n_keys+n_old_keys) - *sizeof(krb5_key_data)); + kdb.key_data = (krb5_key_data*)krb5_db_alloc(handle->context, NULL, (n_keys+n_old_keys) + *sizeof(krb5_key_data)); if (kdb.key_data == NULL) - return ENOMEM; + { + ret= ENOMEM; + goto done; + } + memset(kdb.key_data, 0, (n_keys+n_old_keys)*sizeof(krb5_key_data)); kdb.n_key_data = 0; @@ -1746,20 +1865,50 @@ kadm5_setkey_principal_3(void *server_handle, keysalt.data.length = 0; keysalt.data.data = NULL; if (ks_tuple[i].ks_enctype != keyblocks[i].enctype) { - cleanup_key_data(handle->context, kdb.n_key_data, - kdb.key_data); - return KADM5_SETKEY3_ETYPE_MISMATCH; + ret= KADM5_SETKEY3_ETYPE_MISMATCH; + goto done; } } + memset( &tmp_key_data, 0, sizeof(tmp_key_data)); + ret = krb5_dbekd_encrypt_key_data(handle->context, &master_keyblock, &keyblocks[i], n_ks_tuple ? &keysalt : NULL, kvno + 1, - &kdb.key_data[i]); + &tmp_key_data); if (ret) { - cleanup_key_data(handle->context, kdb.n_key_data, kdb.key_data); - return ret; + goto done; + } + tptr = &kdb.key_data[i]; + for( k = 0; k < tmp_key_data.key_data_ver; k++ ) + { + tptr->key_data_type[k] = tmp_key_data.key_data_type[k]; + tptr->key_data_length[k] = tmp_key_data.key_data_length[k]; + if( tmp_key_data.key_data_contents[k] ) + { + tptr->key_data_contents[k] = krb5_db_alloc(handle->context, NULL, tmp_key_data.key_data_length[k]); + if( tptr->key_data_contents[k] == NULL ) + { + int i1; + for( i1 = k; i1 < tmp_key_data.key_data_ver; i1++ ) + { + if( tmp_key_data.key_data_contents[i1] ) + { + memset( tmp_key_data.key_data_contents[i1], 0, tmp_key_data.key_data_length[i1]); + free( tmp_key_data.key_data_contents[i1] ); + } + } + + ret = ENOMEM; + goto done; + } + memcpy( tptr->key_data_contents[k], tmp_key_data.key_data_contents[k], tmp_key_data.key_data_length[k]); + + memset( tmp_key_data.key_data_contents[k], 0, tmp_key_data.key_data_length[k]); + free( tmp_key_data.key_data_contents[k] ); + tmp_key_data.key_data_contents[k] = NULL; + } } kdb.n_key_data++; } @@ -1770,6 +1919,10 @@ kadm5_setkey_principal_3(void *server_handle, memset(&old_key_data[i], 0, sizeof (krb5_key_data)); kdb.n_key_data++; } + + if( old_key_data ) + krb5_db_free(handle->context, old_key_data); + /* assert(kdb.n_key_data == n_keys + n_old_keys) */ kdb.attributes &= ~KRB5_KDB_REQUIRES_PWCHANGE; @@ -1862,6 +2015,14 @@ static int decrypt_key_data(krb5_context context, &key_data[i], &keys[i], NULL); if (ret) { + for(; i >= 0; i-- ) + { + if( keys[i].contents ) + { + memset( keys[i].contents, 0, keys[i].length ); + free( keys[i].contents ); + } + } memset((char *) keys, 0, n_key_data*sizeof(krb5_keyblock)); free(keys); @@ -1946,3 +2107,4 @@ kadm5_ret_t kadm5_decrypt_key(void *server_handle, return KADM5_OK; } + diff --git a/src/lib/kadm5/unit-test/ChangeLog b/src/lib/kadm5/unit-test/ChangeLog index 4b0777e..67c82bc 100644 --- a/src/lib/kadm5/unit-test/ChangeLog +++ b/src/lib/kadm5/unit-test/ChangeLog @@ -1,3 +1,15 @@ +2005-06-20 Ken Raeburn <raeburn@mit.edu> + + Novell merge. + * Makefile.in: + * destroy-test.c: + * handle-test.c: + * init-test.c: + * iter-test.c: + * lock-test.c: + * randkey-test.c: + * setkey-test.c: + 2005-02-10 Tom Yu <tlyu@mit.edu> * api.2/init-v2.exp: Handle improved error codes from diff --git a/src/lib/kadm5/unit-test/Makefile.in b/src/lib/kadm5/unit-test/Makefile.in index 5d4fc1f..242e9c2 100644 --- a/src/lib/kadm5/unit-test/Makefile.in +++ b/src/lib/kadm5/unit-test/Makefile.in @@ -5,6 +5,7 @@ BUILDTOP=$(REL)..$(S)..$(S).. DEFINES = -DUSE_KADM5_API_VERSION=1 PROG_LIBPATH=-L$(TOPLIBD) PROG_RPATH=$(KRB5_LIBDIR) +KDB_DEP_LIB=-ldl -lpthread all:: init-test destroy-test client-handle-test client-iter-test all:: randkey-test server-handle-test lock-test server-iter-test @@ -40,26 +41,26 @@ client-setkey-test: setkey-test.o $(KADMCLNT_DEPLIBS) $(KRB5_BASE_DEPLIBS) randkey-test: randkey-test.o $(KADMSRV_DEPLIBS) $(KRB5_BASE_DEPLIBS) $(CC_LINK) -o randkey-test randkey-test.o \ - $(KADMSRV_LIBS) $(KRB5_BASE_LIBS) + $(KADMSRV_LIBS) $(KDB_DEP_LIB) $(KRB5_BASE_LIBS) server-handle-test: handle-test.o $(KADMSRV_DEPLIBS) $(KRB5_BASE_DEPLIBS) $(CC_LINK) -o server-handle-test handle-test.o \ - $(KADMSRV_LIBS) $(KRB5_BASE_LIBS) + $(KADMSRV_LIBS) $(KDB_DEP_LIB) $(KRB5_BASE_LIBS) lock-test: lock-test.o $(KADMSRV_DEPLIBS) $(KRB5_BASE_DEPLIBS) $(CC_LINK) -o lock-test lock-test.o \ - $(KADMSRV_LIBS) $(KRB5_BASE_LIBS) + $(KADMSRV_LIBS) $(KDB_DEP_LIB) $(KRB5_BASE_LIBS) server-iter-test: iter-test.o $(KADMSRV_DEPLIBS) $(KRB5_BASE_DEPLIBS) $(CC_LINK) -o server-iter-test iter-test.o \ - $(KADMSRV_LIBS) $(KRB5_BASE_LIBS) + $(KADMSRV_LIBS) $(KDB_DEP_LIB) $(KRB5_BASE_LIBS) setkey-test.o: $(SRCTOP)/lib/kadm5/unit-test/setkey-test.c $(CC) $(ALL_CFLAGS) -UUSE_KADM5_API_VERSION -DUSE_KADM5_API_VERSION=2 -c $(SRCTOP)/lib/kadm5/unit-test/setkey-test.c server-setkey-test: setkey-test.o $(KADMSRV_DEPLIBS) $(KRB5_BASE_DEPLIBS) $(CC_LINK) -o server-setkey-test setkey-test.o \ - $(KADMSRV_LIBS) $(KRB5_BASE_LIBS) + $(KADMSRV_LIBS) $(KDB_DEP_LIB) $(KRB5_BASE_LIBS) # # The unit-test targets diff --git a/src/lib/kadm5/unit-test/destroy-test.c b/src/lib/kadm5/unit-test/destroy-test.c index 02bfb7e..6d7435c 100644 --- a/src/lib/kadm5/unit-test/destroy-test.c +++ b/src/lib/kadm5/unit-test/destroy-test.c @@ -22,7 +22,7 @@ int main() for(x = 0; x < TEST_NUM; x++) { ret = ovsec_kadm_init("admin", "admin", "ovsec_adm/admin", 0, OVSEC_KADM_STRUCT_VERSION, - OVSEC_KADM_API_VERSION_1, + OVSEC_KADM_API_VERSION_1, NULL, &server_handle); if(ret != OVSEC_KADM_OK) { com_err("test", ret, "init"); diff --git a/src/lib/kadm5/unit-test/handle-test.c b/src/lib/kadm5/unit-test/handle-test.c index aa71df4..6743e6e 100644 --- a/src/lib/kadm5/unit-test/handle-test.c +++ b/src/lib/kadm5/unit-test/handle-test.c @@ -25,7 +25,7 @@ int main(int argc, char *argv[]) krb5_init_context(&context); ret = ovsec_kadm_init("admin/none", "admin", "ovsec_adm/admin", 0, - OVSEC_KADM_STRUCT_VERSION, OVSEC_KADM_API_VERSION_1, + OVSEC_KADM_STRUCT_VERSION, OVSEC_KADM_API_VERSION_1, NULL, &server_handle); if(ret != OVSEC_KADM_OK) { com_err("test", ret, "init"); diff --git a/src/lib/kadm5/unit-test/init-test.c b/src/lib/kadm5/unit-test/init-test.c index 86b3566..9677698 100644 --- a/src/lib/kadm5/unit-test/init-test.c +++ b/src/lib/kadm5/unit-test/init-test.c @@ -14,7 +14,7 @@ int main() memset(¶ms, 0, sizeof(params)); params.mask |= KADM5_CONFIG_NO_AUTH; ret = kadm5_init("admin", "admin", NULL, ¶ms, - KADM5_STRUCT_VERSION, KADM5_API_VERSION_2, + KADM5_STRUCT_VERSION, KADM5_API_VERSION_2, NULL, &server_handle); if (ret == KADM5_RPC_ERROR) exit(0); diff --git a/src/lib/kadm5/unit-test/iter-test.c b/src/lib/kadm5/unit-test/iter-test.c index 4c85fe7..4b85a54 100644 --- a/src/lib/kadm5/unit-test/iter-test.c +++ b/src/lib/kadm5/unit-test/iter-test.c @@ -16,7 +16,7 @@ int main(int argc, char **argv) ret = ovsec_kadm_init("admin", "admin", OVSEC_KADM_ADMIN_SERVICE, 0, OVSEC_KADM_STRUCT_VERSION, - OVSEC_KADM_API_VERSION_1, + OVSEC_KADM_API_VERSION_1, NULL, &server_handle); if (ret != OVSEC_KADM_OK) { com_err("iter-test", ret, "while initializing"); diff --git a/src/lib/kadm5/unit-test/lock-test.c b/src/lib/kadm5/unit-test/lock-test.c index 256954c..24ff74a 100644 --- a/src/lib/kadm5/unit-test/lock-test.c +++ b/src/lib/kadm5/unit-test/lock-test.c @@ -6,7 +6,7 @@ #include <stdio.h> #include <krb5.h> #include <kadm5/admin.h> -#include <kadm5/adb.h> +#include <krb5/kdb.h> char *whoami; @@ -20,8 +20,7 @@ static void usage() int main(int argc, char **argv) { - osa_adb_ret_t ret; - osa_adb_policy_t policy_db; + krb5_error_code ret; osa_policy_ent_t entry; krb5_context context; kadm5_config_params params; @@ -36,7 +35,7 @@ int main(int argc, char **argv) } initialize_ovk_error_table(); - initialize_adb_error_table(); +/* initialize_adb_error_table(); */ initialize_ovku_error_table(); params.mask = 0; @@ -52,8 +51,8 @@ int main(int argc, char **argv) exit(1); } - ret = osa_adb_open_policy(&policy_db, ¶ms); - if (ret != OSA_ADB_OK) { + ret = krb5_db_open( context, NULL, KRB5_KDB_OPEN_RW); + if (ret) { com_err(whoami, ret, "while opening database"); exit(1); } @@ -61,38 +60,39 @@ int main(int argc, char **argv) argc--; argv++; while (argc) { if (strcmp(*argv, "shared") == 0) { - ret = osa_adb_get_lock(policy_db, OSA_ADB_SHARED); - if (ret != OSA_ADB_OK) + ret = krb5_db_lock(context, KRB5_DB_LOCKMODE_SHARED); + if (ret) com_err(whoami, ret, "while getting shared lock"); else printf("shared\n"); } else if (strcmp(*argv, "exclusive") == 0) { - ret = osa_adb_get_lock(policy_db, OSA_ADB_EXCLUSIVE); - if (ret != OSA_ADB_OK) + ret = krb5_db_lock(context, KRB5_DB_LOCKMODE_EXCLUSIVE ); + if (ret) com_err(whoami, ret, "while getting exclusive lock"); else printf("exclusive\n"); } else if (strcmp(*argv, "permanent") == 0) { - ret = osa_adb_get_lock(policy_db, OSA_ADB_PERMANENT); - if (ret != OSA_ADB_OK) + ret = krb5_db_lock(context, KRB5_DB_LOCKMODE_EXCLUSIVE ); + if (ret) com_err(whoami, ret, "while getting permanent lock"); else printf("permanent\n"); } else if (strcmp(*argv, "release") == 0) { - ret = osa_adb_release_lock(policy_db); - if (ret != OSA_ADB_OK) + ret = krb5_db_unlock(context); + if (ret) com_err(whoami, ret, "while releasing lock"); else printf("released\n"); } else if (strcmp(*argv, "get") == 0) { + int cnt = 1; argc--; argv++; if (!argc) usage(); - if ((ret = osa_adb_get_policy(policy_db, *argv, - &entry)) != OSA_ADB_OK) { + if ((ret = krb5_db_get_policy(context, *argv, + &entry, &cnt)) ) { com_err(whoami, ret, "while getting policy"); } else { printf("retrieved\n"); - osa_free_policy_ent(entry); + krb5_db_free_policy(context, entry); } } else if (strcmp(*argv, "wait") == 0) { getchar(); @@ -105,8 +105,8 @@ int main(int argc, char **argv) argc--; argv++; } - ret = osa_adb_close_policy(policy_db); - if (ret != OSA_ADB_OK) { + ret = krb5_db_fini(context); + if (ret) { com_err(whoami, ret, "while closing database"); exit(1); } diff --git a/src/lib/kadm5/unit-test/randkey-test.c b/src/lib/kadm5/unit-test/randkey-test.c index cddc165..5722302 100644 --- a/src/lib/kadm5/unit-test/randkey-test.c +++ b/src/lib/kadm5/unit-test/randkey-test.c @@ -23,7 +23,7 @@ int main() krb5_parse_name(context, "testuser", &tprinc); ret = ovsec_kadm_init("admin", "admin", "ovsec_adm/admin", 0, OVSEC_KADM_STRUCT_VERSION, - OVSEC_KADM_API_VERSION_1, + OVSEC_KADM_API_VERSION_1, NULL, &server_handle); if(ret != OVSEC_KADM_OK) { com_err("test", ret, "init"); diff --git a/src/lib/kadm5/unit-test/setkey-test.c b/src/lib/kadm5/unit-test/setkey-test.c index 5b791d8..af78114 100644 --- a/src/lib/kadm5/unit-test/setkey-test.c +++ b/src/lib/kadm5/unit-test/setkey-test.c @@ -119,7 +119,7 @@ main(int argc, char **argv) } ret = kadm5_init(authprinc, NULL, KADM5_ADMIN_SERVICE, NULL, - KADM5_STRUCT_VERSION, KADM5_API_VERSION_2, + KADM5_STRUCT_VERSION, KADM5_API_VERSION_2, NULL, &handle); if (ret) { com_err(whoami, ret, "while initializing connection"); |