1 /* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ 2 /* 3 * Copyright 2006 by the Massachusetts Institute of Technology. 4 * All Rights Reserved. 5 * 6 * Export of this software from the United States of America may 7 * require a specific license from the United States Government. 8 * It is the responsibility of any person or organization contemplating 9 * export to obtain such a license before exporting. 10 * 11 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and 12 * distribute this software and its documentation for any purpose and 13 * without fee is hereby granted, provided that the above copyright 14 * notice appear in all copies and that both that copyright notice and 15 * this permission notice appear in supporting documentation, and that 16 * the name of M.I.T. not be used in advertising or publicity pertaining 17 * to distribution of the software without specific, written prior 18 * permission. Furthermore if you modify this software you must label 19 * your software as modified software and not distribute it in such a 20 * fashion that it might be confused with the original M.I.T. software. 21 * M.I.T. makes no representations about the suitability of 22 * this software for any purpose. It is provided "as is" without express 23 * or implied warranty. 24 */ 25 26 /********************************************************************** 27 * 28 * C %name: db2_exp.c % 29 * Instance: idc_sec_2 30 * Description: 31 * %created_by: spradeep % 32 * %date_created: Tue Apr 5 11:44:00 2005 % 33 * 34 **********************************************************************/ 35 #include "k5-int.h" 36 37 #if HAVE_UNISTD_H 38 #include <unistd.h> 39 #endif 40 41 #include <db.h> 42 #include <stdio.h> 43 #include <errno.h> 44 #include <utime.h> 45 #include "kdb5.h" 46 #include "kdb_db2.h" 47 #include "kdb_xdr.h" 48 #include "policy_db.h" 49 50 /* Quick and dirty wrapper functions to provide for thread safety 51 within the plugin, instead of making the kdb5 library do it. Eventually 52 these should be integrated into the real functions. 53 54 Some of the functions wrapped here are also called directly from 55 within this library (e.g., create calls open), so simply dropping 56 locking code into the top and bottom of each referenced function 57 won't do. (We aren't doing recursive locks, currently.) */ 58 59 k5_mutex_t *krb5_db2_mutex; 60 61 #define WRAP(NAME,TYPE,ARGLIST,ARGNAMES) \ 62 static TYPE wrap_##NAME ARGLIST \ 63 { \ 64 TYPE result; \ 65 k5_mutex_lock (krb5_db2_mutex); \ 66 result = NAME ARGNAMES; \ 67 k5_mutex_unlock (krb5_db2_mutex); \ 68 return result; \ 69 } \ 70 /* hack: decl to allow a following ";" */ \ 71 static TYPE wrap_##NAME ARGLIST 72 73 /* Two special cases: void (can't assign result), and krb5_error_code 74 (return error from locking code). */ 75 76 #define WRAP_VOID(NAME,ARGLIST,ARGNAMES) \ 77 static void wrap_##NAME ARGLIST \ 78 { \ 79 k5_mutex_lock (krb5_db2_mutex); \ 80 NAME ARGNAMES; \ 81 k5_mutex_unlock (krb5_db2_mutex); \ 82 } \ 83 /* hack: decl to allow a following ";" */ \ 84 static void wrap_##NAME ARGLIST 85 86 #define WRAP_K(NAME,ARGLIST,ARGNAMES) \ 87 WRAP(NAME,krb5_error_code,ARGLIST,ARGNAMES) 88 89 WRAP_K (krb5_db2_open, 90 ( krb5_context kcontext, 91 char *conf_section, 92 char **db_args, 93 int mode ), 94 (kcontext, conf_section, db_args, mode)); 95 WRAP_K (krb5_db2_fini, (krb5_context ctx), (ctx)); 96 WRAP_K (krb5_db2_create, 97 ( krb5_context kcontext, char *conf_section, char **db_args ), 98 (kcontext, conf_section, db_args)); 99 WRAP_K (krb5_db2_destroy, 100 ( krb5_context kcontext, char *conf_section, char **db_args ), 101 (kcontext, conf_section, db_args)); 102 WRAP_K (krb5_db2_get_age, 103 (krb5_context ctx, 104 char *s, 105 time_t *t), 106 (ctx, s, t)); 107 108 WRAP_K (krb5_db2_lock, 109 ( krb5_context context, 110 int in_mode), 111 (context, in_mode)); 112 WRAP_K (krb5_db2_unlock, (krb5_context ctx), (ctx)); 113 114 WRAP_K (krb5_db2_get_principal, 115 (krb5_context ctx, 116 krb5_const_principal p, 117 unsigned int f, 118 krb5_db_entry **d), 119 (ctx, p, f, d)); 120 WRAP_K (krb5_db2_put_principal, 121 (krb5_context ctx, 122 krb5_db_entry *d, 123 char **db_args), 124 (ctx, d, db_args)); 125 WRAP_K (krb5_db2_delete_principal, 126 (krb5_context context, 127 krb5_const_principal searchfor), 128 (context, searchfor)); 129 130 WRAP_K (krb5_db2_iterate, 131 (krb5_context ctx, char *s, 132 krb5_error_code (*f) (krb5_pointer, 133 krb5_db_entry *), 134 krb5_pointer p, krb5_flags flags), 135 (ctx, s, f, p, flags)); 136 137 WRAP_K (krb5_db2_create_policy, 138 (krb5_context context, osa_policy_ent_t entry), 139 (context, entry)); 140 WRAP_K (krb5_db2_get_policy, 141 ( krb5_context kcontext, 142 char *name, 143 osa_policy_ent_t *policy), 144 (kcontext, name, policy)); 145 WRAP_K (krb5_db2_put_policy, 146 ( krb5_context kcontext, osa_policy_ent_t policy ), 147 (kcontext, policy)); 148 WRAP_K (krb5_db2_iter_policy, 149 ( krb5_context kcontext, 150 char *match_entry, 151 osa_adb_iter_policy_func func, 152 void *data ), 153 (kcontext, match_entry, func, data)); 154 WRAP_K (krb5_db2_delete_policy, 155 ( krb5_context kcontext, char *policy ), 156 (kcontext, policy)); 157 158 WRAP_K (krb5_db2_promote_db, 159 ( krb5_context kcontext, char *conf_section, char **db_args ), 160 (kcontext, conf_section, db_args)); 161 162 WRAP_K (krb5_db2_check_policy_as, 163 (krb5_context kcontext, krb5_kdc_req *request, krb5_db_entry *client, 164 krb5_db_entry *server, krb5_timestamp kdc_time, const char **status, 165 krb5_pa_data ***e_data), 166 (kcontext, request, client, server, kdc_time, status, e_data)); 167 168 WRAP_VOID (krb5_db2_audit_as_req, 169 (krb5_context kcontext, krb5_kdc_req *request, 170 const krb5_address *local_addr, 171 const krb5_address *remote_addr, 172 krb5_db_entry *client, krb5_db_entry *server, 173 krb5_timestamp authtime, krb5_error_code error_code), 174 (kcontext, request, local_addr, remote_addr, client, server, 175 authtime, error_code)); 176 177 static krb5_error_code 178 hack_init (void) 179 { 180 krb5_error_code c; 181 182 c = krb5int_mutex_alloc (&krb5_db2_mutex); 183 if (c) 184 return c; 185 return krb5_db2_lib_init (); 186 } 187 188 static krb5_error_code 189 hack_cleanup (void) 190 { 191 krb5int_mutex_free (krb5_db2_mutex); 192 krb5_db2_mutex = NULL; 193 return krb5_db2_lib_cleanup(); 194 } 195 196 197 /* 198 * Exposed API 199 */ 200 201 kdb_vftabl PLUGIN_SYMBOL_NAME(krb5_db2, kdb_function_table) = { 202 KRB5_KDB_DAL_MAJOR_VERSION, /* major version number */ 203 0, /* minor version number 0 */ 204 /* init_library */ hack_init, 205 /* fini_library */ hack_cleanup, 206 /* init_module */ wrap_krb5_db2_open, 207 /* fini_module */ wrap_krb5_db2_fini, 208 /* create */ wrap_krb5_db2_create, 209 /* destroy */ wrap_krb5_db2_destroy, 210 /* get_age */ wrap_krb5_db2_get_age, 211 /* lock */ wrap_krb5_db2_lock, 212 /* unlock */ wrap_krb5_db2_unlock, 213 /* get_principal */ wrap_krb5_db2_get_principal, 214 /* put_principal */ wrap_krb5_db2_put_principal, 215 /* delete_principal */ wrap_krb5_db2_delete_principal, 216 /* rename_principal */ NULL, 217 /* iterate */ wrap_krb5_db2_iterate, 218 /* create_policy */ wrap_krb5_db2_create_policy, 219 /* get_policy */ wrap_krb5_db2_get_policy, 220 /* put_policy */ wrap_krb5_db2_put_policy, 221 /* iter_policy */ wrap_krb5_db2_iter_policy, 222 /* delete_policy */ wrap_krb5_db2_delete_policy, 223 /* fetch_master_key */ NULL, 224 /* fetch_master_key_list */ NULL, 225 /* store_master_key_list */ NULL, 226 /* dbe_search_enctype */ NULL, 227 /* change_pwd */ NULL, 228 /* promote_db */ wrap_krb5_db2_promote_db, 229 /* decrypt_key_data */ NULL, 230 /* encrypt_key_data */ NULL, 231 /* check_transited_realms */ NULL, 232 /* check_policy_as */ wrap_krb5_db2_check_policy_as, 233 /* check_policy_tgs */ NULL, 234 /* audit_as_req */ wrap_krb5_db2_audit_as_req, 235 }; 236