1
/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
2
/*
3
 * Copyright 2006 by the Massachusetts Institute of Technology.
4
 * All Rights Reserved.
5
 *
6
 * Export of this software from the United States of America may
7
 *   require a specific license from the United States Government.
8
 *   It is the responsibility of any person or organization contemplating
9
 *   export to obtain such a license before exporting.
10
 *
11
 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
12
 * distribute this software and its documentation for any purpose and
13
 * without fee is hereby granted, provided that the above copyright
14
 * notice appear in all copies and that both that copyright notice and
15
 * this permission notice appear in supporting documentation, and that
16
 * the name of M.I.T. not be used in advertising or publicity pertaining
17
 * to distribution of the software without specific, written prior
18
 * permission.  Furthermore if you modify this software you must label
19
 * your software as modified software and not distribute it in such a
20
 * fashion that it might be confused with the original M.I.T. software.
21
 * M.I.T. makes no representations about the suitability of
22
 * this software for any purpose.  It is provided "as is" without express
23
 * or implied warranty.
24
 */
25

26
/**********************************************************************
27
 *
28
 *       C %name:                db2_exp.c %
29
 *       Instance:               idc_sec_2
30
 *       Description:
31
 *       %created_by:    spradeep %
32
 *       %date_created:  Tue Apr  5 11:44:00 2005 %
33
 *
34
 **********************************************************************/
35
#include "k5-int.h"
36

37
#if HAVE_UNISTD_H
38
#include <unistd.h>
39
#endif
40

41
#include <db.h>
42
#include <stdio.h>
43
#include <errno.h>
44
#include <utime.h>
45
#include "kdb5.h"
46
#include "kdb_db2.h"
47
#include "kdb_xdr.h"
48
#include "policy_db.h"
49

50
/* Quick and dirty wrapper functions to provide for thread safety
51
   within the plugin, instead of making the kdb5 library do it.  Eventually
52
   these should be integrated into the real functions.
53

54
   Some of the functions wrapped here are also called directly from
55
   within this library (e.g., create calls open), so simply dropping
56
   locking code into the top and bottom of each referenced function
57
   won't do.  (We aren't doing recursive locks, currently.)  */
58

59
k5_mutex_t *krb5_db2_mutex;
60

61
#define WRAP(NAME,TYPE,ARGLIST,ARGNAMES)                \
62
    static TYPE wrap_##NAME ARGLIST                     \
63
    {                                                   \
64
        TYPE result;                                    \
65
        k5_mutex_lock (krb5_db2_mutex);                 \
66
        result = NAME ARGNAMES;                         \
67
        k5_mutex_unlock (krb5_db2_mutex);               \
68
        return result;                                  \
69
    }                                                   \
70
    /* hack: decl to allow a following ";" */           \
71
    static TYPE wrap_##NAME ARGLIST
72

73
/* Two special cases: void (can't assign result), and krb5_error_code
74
   (return error from locking code).  */
75

76
#define WRAP_VOID(NAME,ARGLIST,ARGNAMES)                \
77
    static void wrap_##NAME ARGLIST                     \
78
    {                                                   \
79
        k5_mutex_lock (krb5_db2_mutex);                 \
80
        NAME ARGNAMES;                                  \
81
        k5_mutex_unlock (krb5_db2_mutex);               \
82
    }                                                   \
83
    /* hack: decl to allow a following ";" */           \
84
    static void wrap_##NAME ARGLIST
85

86
#define WRAP_K(NAME,ARGLIST,ARGNAMES)                   \
87
    WRAP(NAME,krb5_error_code,ARGLIST,ARGNAMES)
88

89
WRAP_K (krb5_db2_open,
90
        ( krb5_context kcontext,
91
          char *conf_section,
92
          char **db_args,
93
          int mode ),
94
        (kcontext, conf_section, db_args, mode));
95
WRAP_K (krb5_db2_fini, (krb5_context ctx), (ctx));
96
WRAP_K (krb5_db2_create,
97
        ( krb5_context kcontext, char *conf_section, char **db_args ),
98
        (kcontext, conf_section, db_args));
99
WRAP_K (krb5_db2_destroy,
100
        ( krb5_context kcontext, char *conf_section, char **db_args ),
101
        (kcontext, conf_section, db_args));
102
WRAP_K (krb5_db2_get_age,
103
        (krb5_context ctx,
104
         char *s,
105
         time_t *t),
106
        (ctx, s, t));
107

108
WRAP_K (krb5_db2_lock,
109
        ( krb5_context    context,
110
          int             in_mode),
111
        (context, in_mode));
112
WRAP_K (krb5_db2_unlock, (krb5_context ctx), (ctx));
113

114
WRAP_K (krb5_db2_get_principal,
115
        (krb5_context ctx,
116
         krb5_const_principal p,
117
         unsigned int f,
118
         krb5_db_entry **d),
119
        (ctx, p, f, d));
120
WRAP_K (krb5_db2_put_principal,
121
        (krb5_context ctx,
122
         krb5_db_entry *d,
123
         char **db_args),
124
        (ctx, d, db_args));
125
WRAP_K (krb5_db2_delete_principal,
126
        (krb5_context context,
127
         krb5_const_principal searchfor),
128
        (context, searchfor));
129

130
WRAP_K (krb5_db2_iterate,
131
        (krb5_context ctx, char *s,
132
         krb5_error_code (*f) (krb5_pointer,
133
                               krb5_db_entry *),
134
         krb5_pointer p, krb5_flags flags),
135
        (ctx, s, f, p, flags));
136

137
WRAP_K (krb5_db2_create_policy,
138
        (krb5_context context, osa_policy_ent_t entry),
139
        (context, entry));
140
WRAP_K (krb5_db2_get_policy,
141
        ( krb5_context kcontext,
142
          char *name,
143
          osa_policy_ent_t *policy),
144
        (kcontext, name, policy));
145
WRAP_K (krb5_db2_put_policy,
146
        ( krb5_context kcontext, osa_policy_ent_t policy ),
147
        (kcontext, policy));
148
WRAP_K (krb5_db2_iter_policy,
149
        ( krb5_context kcontext,
150
          char *match_entry,
151
          osa_adb_iter_policy_func func,
152
          void *data ),
153
        (kcontext, match_entry, func, data));
154
WRAP_K (krb5_db2_delete_policy,
155
        ( krb5_context kcontext, char *policy ),
156
        (kcontext, policy));
157

158
WRAP_K (krb5_db2_promote_db,
159
        ( krb5_context kcontext, char *conf_section, char **db_args ),
160
        (kcontext, conf_section, db_args));
161

162
WRAP_K (krb5_db2_check_policy_as,
163
        (krb5_context kcontext, krb5_kdc_req *request, krb5_db_entry *client,
164
         krb5_db_entry *server, krb5_timestamp kdc_time, const char **status,
165
         krb5_pa_data ***e_data),
166
        (kcontext, request, client, server, kdc_time, status, e_data));
167

168
WRAP_VOID (krb5_db2_audit_as_req,
169
           (krb5_context kcontext, krb5_kdc_req *request,
170
            const krb5_address *local_addr,
171
            const krb5_address *remote_addr,
172
            krb5_db_entry *client, krb5_db_entry *server,
173
            krb5_timestamp authtime, krb5_error_code error_code),
174
           (kcontext, request, local_addr, remote_addr, client, server,
175
            authtime, error_code));
176

177
static krb5_error_code
178
hack_init (void)
179
{
180
    krb5_error_code c;
181

182
    c = krb5int_mutex_alloc (&krb5_db2_mutex);
183
    if (c)
184
        return c;
185
    return krb5_db2_lib_init ();
186
}
187

188
static krb5_error_code
189
hack_cleanup (void)
190
{
191
    krb5int_mutex_free (krb5_db2_mutex);
192
    krb5_db2_mutex = NULL;
193
    return krb5_db2_lib_cleanup();
194
}
195

196

197
/*
198
 *      Exposed API
199
 */
200

201
kdb_vftabl PLUGIN_SYMBOL_NAME(krb5_db2, kdb_function_table) = {
202
    KRB5_KDB_DAL_MAJOR_VERSION,             /* major version number */
203
    0,                                      /* minor version number 0 */
204
    /* init_library */                  hack_init,
205
    /* fini_library */                  hack_cleanup,
206
    /* init_module */                   wrap_krb5_db2_open,
207
    /* fini_module */                   wrap_krb5_db2_fini,
208
    /* create */                        wrap_krb5_db2_create,
209
    /* destroy */                       wrap_krb5_db2_destroy,
210
    /* get_age */                       wrap_krb5_db2_get_age,
211
    /* lock */                          wrap_krb5_db2_lock,
212
    /* unlock */                        wrap_krb5_db2_unlock,
213
    /* get_principal */                 wrap_krb5_db2_get_principal,
214
    /* put_principal */                 wrap_krb5_db2_put_principal,
215
    /* delete_principal */              wrap_krb5_db2_delete_principal,
216
    /* rename_principal */              NULL,
217
    /* iterate */                       wrap_krb5_db2_iterate,
218
    /* create_policy */                 wrap_krb5_db2_create_policy,
219
    /* get_policy */                    wrap_krb5_db2_get_policy,
220
    /* put_policy */                    wrap_krb5_db2_put_policy,
221
    /* iter_policy */                   wrap_krb5_db2_iter_policy,
222
    /* delete_policy */                 wrap_krb5_db2_delete_policy,
223
    /* fetch_master_key */              NULL,
224
    /* fetch_master_key_list */         NULL,
225
    /* store_master_key_list */         NULL,
226
    /* dbe_search_enctype */            NULL,
227
    /* change_pwd */                    NULL,
228
    /* promote_db */                    wrap_krb5_db2_promote_db,
229
    /* decrypt_key_data */              NULL,
230
    /* encrypt_key_data */              NULL,
231
    /* check_transited_realms */        NULL,
232
    /* check_policy_as */               wrap_krb5_db2_check_policy_as,
233
    /* check_policy_tgs */              NULL,
234
    /* audit_as_req */                  wrap_krb5_db2_audit_as_req,
235
};
236

237