From 640690c6555142190fc81575bcdbb2122994c7a6 Mon Sep 17 00:00:00 2001
From: Greg Hudson <ghudson@mit.edu>
Date: Sat, 3 Jul 2010 19:22:08 +0000
Subject: Make the APIs for iterate, get_master_key_list, set_master_key_list,
 and promote_db return KRB5_PLUGIN_OP_NOTSUPP if the KDB module does not
 implement them, avoiding the need for stub default implementations.

ticket: 6749

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24171 dc483132-0cff-0310-8789-dd5450dbe970
---
 src/include/kdb.h         | 34 ++++++++++------------------------
 src/lib/kdb/kdb5.c        | 31 ++++++++++++++-----------------
 src/lib/kdb/kdb_default.c | 21 ---------------------
 3 files changed, 24 insertions(+), 62 deletions(-)

(limited to 'src')

diff --git a/src/include/kdb.h b/src/include/kdb.h
index 425e724..a576eb9 100644
--- a/src/include/kdb.h
+++ b/src/include/kdb.h
@@ -708,12 +708,6 @@ krb5_def_fetch_mkey_list( krb5_context            context,
                           krb5_kvno             mkvno,
                           krb5_keylist_node  **mkeys_list);
 
-krb5_error_code kdb_def_set_mkey_list ( krb5_context kcontext,
-                                        krb5_keylist_node *keylist );
-
-krb5_error_code kdb_def_get_mkey_list ( krb5_context kcontext,
-                                        krb5_keylist_node **keylist );
-
 krb5_error_code
 krb5_dbe_def_cpw( krb5_context    context,
                   krb5_keyblock       * master_key,
@@ -725,9 +719,6 @@ krb5_dbe_def_cpw( krb5_context    context,
                   krb5_db_entry * db_entry);
 
 krb5_error_code
-krb5_def_promote_db(krb5_context, char *, char **);
-
-krb5_error_code
 krb5_dbe_def_decrypt_key_data( krb5_context             context,
                                const krb5_keyblock    * mkey,
                                const krb5_key_data    * key_data,
@@ -1096,20 +1087,18 @@ typedef struct _kdb_vftabl {
     void (*free)(krb5_context kcontext, void *ptr);
 
     /*
-     * Optional with default: Inform the module of the master key.  The module
-     * may remember an alias to the provided memory.  This function is called
-     * at startup by the KDC and kadmind with the value returned by
-     * fetch_master_key_list.  The default implementation does nothing.
+     * Optional: Inform the module of the master key list.  The module may
+     * remember an alias to the provided memory.  This function is called at
+     * startup by the KDC and kadmind with the value returned by
+     * fetch_master_key_list.
      */
     krb5_error_code (*set_master_key_list)(krb5_context kcontext,
                                            krb5_keylist_node *keylist);
 
     /*
-     * Optional with default: Retrieve an alias to the master key list as
-     * previously set by set_master_key_list.  This function is used by the KDB
-     * keytab implementation in libkdb5, which is used by kadmind.  The default
-     * implementation returns success without modifying *keylist, which is an
-     * invalid implementation.
+     * Optional: Retrieve an alias to the master key list as previously set by
+     * set_master_key_list.  This function is used by the KDB keytab
+     * implementation in libkdb5, which is used by kadmind.
      */
     krb5_error_code (*get_master_key_list)(krb5_context kcontext,
                                            krb5_keylist_node **keylist);
@@ -1195,13 +1184,10 @@ typedef struct _kdb_vftabl {
                                   krb5_db_entry *db_entry);
 
     /*
-     * Optional with default: Promote a temporary database to be the live one.
-     * kdb5_util load opens the database with the "temporary" db_arg and then
-     * invokes this function when the load is complete, thus replacing the live
+     * Optional: Promote a temporary database to be the live one.  kdb5_util
+     * load opens the database with the "temporary" db_arg and then invokes
+     * this function when the load is complete, thus replacing the live
      * database with no loss of read availability.
-     *
-     * The default implementation returns KRB5_PLUGIN_OP_NOTSUPP; kdb5_util
-     * dump recognizes and ignores this error code.
      */
     krb5_error_code (*promote_db)(krb5_context context, char *conf_section,
                                   char **db_args);
diff --git a/src/lib/kdb/kdb5.c b/src/lib/kdb/kdb5.c
index e89d324..c5095ea 100644
--- a/src/lib/kdb/kdb5.c
+++ b/src/lib/kdb/kdb5.c
@@ -246,10 +246,6 @@ clean_n_exit:
 static void
 kdb_setup_opt_functions(db_library lib)
 {
-    if (lib->vftabl.set_master_key_list == NULL)
-        lib->vftabl.set_master_key_list = kdb_def_set_mkey_list;
-    if (lib->vftabl.get_master_key_list == NULL)
-        lib->vftabl.get_master_key_list = kdb_def_get_mkey_list;
     if (lib->vftabl.fetch_master_key == NULL)
         lib->vftabl.fetch_master_key = krb5_db_def_fetch_mkey;
     if (lib->vftabl.fetch_master_key_list == NULL)
@@ -260,8 +256,6 @@ kdb_setup_opt_functions(db_library lib)
         lib->vftabl.dbe_search_enctype = krb5_dbe_def_search_enctype;
     if (lib->vftabl.change_pwd == NULL)
         lib->vftabl.change_pwd = krb5_dbe_def_cpw;
-    if (lib->vftabl.promote_db == NULL)
-        lib->vftabl.promote_db = krb5_def_promote_db;
     if (lib->vftabl.decrypt_key_data == NULL)
         lib->vftabl.decrypt_key_data = krb5_dbe_def_decrypt_key_data;
     if (lib->vftabl.encrypt_key_data == NULL)
@@ -1062,7 +1056,7 @@ krb5_db_iterate(krb5_context kcontext,
     if (status)
         return status;
     if (v->iterate == NULL)
-        return 0;
+        return KRB5_PLUGIN_OP_NOTSUPP;
     return v->iterate(kcontext, match_entry, func, func_arg);
 }
 
@@ -1076,6 +1070,8 @@ krb5_db_set_mkey_list(krb5_context kcontext,
     status = get_vftabl(kcontext, &v);
     if (status)
         return status;
+    if (v->set_master_key_list == NULL)
+        return KRB5_PLUGIN_OP_NOTSUPP;
     return v->set_master_key_list(kcontext, keylist);
 }
 
@@ -2256,24 +2252,25 @@ krb5_error_code
 krb5_db_promote(krb5_context kcontext, char **db_args)
 {
     krb5_error_code status = 0;
-    char   *section = NULL;
+    char *section = NULL;
     kdb_vftabl *v;
 
+    status = get_vftabl(kcontext, &v);
+    if (status)
+        return status;
+    if (v->promote_db == NULL)
+        return KRB5_PLUGIN_OP_NOTSUPP;
+
     section = kdb_get_conf_section(kcontext);
     if (section == NULL) {
         status = KRB5_KDB_SERVER_INTERNAL_ERR;
-        krb5_set_error_message (kcontext, status,
-                                "unable to determine configuration section for realm %s\n",
-                                kcontext->default_realm);
-        goto clean_n_exit;
+        krb5_set_error_message(kcontext, status, "Unable to determine "
+                               "configuration section for realm %s\n",
+                               kcontext->default_realm);
+        return status;
     }
 
-    status = get_vftabl(kcontext, &v);
-    if (status)
-        goto clean_n_exit;
     status = v->promote_db(kcontext, section, db_args);
-
-clean_n_exit:
     free(section);
     return status;
 }
diff --git a/src/lib/kdb/kdb_default.c b/src/lib/kdb/kdb_default.c
index d9b95c7..5f8d504 100644
--- a/src/lib/kdb/kdb_default.c
+++ b/src/lib/kdb/kdb_default.c
@@ -540,24 +540,3 @@ clean_n_exit:
         krb5_dbe_free_key_list(context, mkey_list_head);
     return retval;
 }
-
-krb5_error_code kdb_def_set_mkey_list ( krb5_context kcontext,
-                                        krb5_keylist_node *keylist )
-{
-    /* printf("default set master key\n"); */
-    return 0;
-}
-
-krb5_error_code kdb_def_get_mkey_list ( krb5_context kcontext,
-                                        krb5_keylist_node **keylist )
-{
-    /* printf("default get master key\n"); */
-    return 0;
-}
-
-krb5_error_code krb5_def_promote_db (krb5_context kcontext,
-                                     char *s, char **args)
-{
-    /* printf("default promote_db\n"); */
-    return KRB5_PLUGIN_OP_NOTSUPP;
-}
-- 
cgit v1.1