1 /*
2  * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
3  * Use is subject to license terms.
4  */
5 
6 
7 /*
8  * Copyright 2006 by the Massachusetts Institute of Technology.
9  * All Rights Reserved.
10  *
11  * Export of this software from the United States of America may
12  *   require a specific license from the United States Government.
13  *   It is the responsibility of any person or organization contemplating
14  *   export to obtain such a license before exporting.
15  *
16  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
17  * distribute this software and its documentation for any purpose and
18  * without fee is hereby granted, provided that the above copyright
19  * notice appear in all copies and that both that copyright notice and
20  * this permission notice appear in supporting documentation, and that
21  * the name of M.I.T. not be used in advertising or publicity pertaining
22  * to distribution of the software without specific, written prior
23  * permission.  Furthermore if you modify this software you must label
24  * your software as modified software and not distribute it in such a
25  * fashion that it might be confused with the original M.I.T. software.
26  * M.I.T. makes no representations about the suitability of
27  * this software for any purpose.  It is provided "as is" without express
28  * or implied warranty.
29  */
30 
31 /**********************************************************************
32 *
33 *	C %name:		db2_exp.c %
34 *	Instance:		idc_sec_2
35 *	Description:
36 *	%created_by:	spradeep %
37 *	%date_created:	Tue Apr  5 11:44:00 2005 %
38 *
39 **********************************************************************/
40 #ifndef lint
41 static char *_csrc = "@(#) %filespec: db2_exp.c~5 %  (%full_filespec: db2_exp.c~5:csrc:idc_sec#2 %)";
42 #endif
43 
44 #include "k5-int.h"
45 
46 #if HAVE_UNISTD_H
47 #include <unistd.h>
48 #endif
49 
50 #include <db.h>
51 #include <stdio.h>
52 #include <errno.h>
53 #include <utime.h>
54 #include <kdb/kdb5.h>
55 #include "kdb_db2.h"
56 #include "kdb_xdr.h"
57 #include "policy_db.h"
58 
59 /* Quick and dirty wrapper functions to provide for thread safety
60    within the plugin, instead of making the kdb5 library do it.  Eventually
61    these should be integrated into the real functions.
62 
63    Some of the functions wrapped here are also called directly from
64    within this library (e.g., create calls open), so simply dropping
65    locking code into the top and bottom of each referenced function
66    won't do.  (We aren't doing recursive locks, currently.)  */
67 
68 static k5_mutex_t *krb5_db2_mutex;
69 
70 #define WRAP(NAME,TYPE,ARGLIST,ARGNAMES,ERROR_RESULT)	\
71 	static TYPE wrap_##NAME ARGLIST			\
72 	{						\
73 	    TYPE result;				\
74 	    int code = k5_mutex_lock (krb5_db2_mutex);	\
75 	    if (code) { return ERROR_RESULT; }		\
76 	    result = NAME ARGNAMES;			\
77 	    k5_mutex_unlock (krb5_db2_mutex);		\
78 	    return result;				\
79 	}						\
80 	/* hack: decl to allow a following ";" */	\
81 	static TYPE wrap_##NAME ()
82 
83 /* Two special cases: void (can't assign result), and krb5_error_code
84    (return error from locking code).  */
85 
86 #define WRAP_VOID(NAME,ARGLIST,ARGNAMES)		\
87 	static void wrap_##NAME ARGLIST			\
88 	{						\
89 	    int code = k5_mutex_lock (krb5_db2_mutex);	\
90 	    if (code) { return; }			\
91 	    NAME ARGNAMES;				\
92 	    k5_mutex_unlock (krb5_db2_mutex);		\
93 	}						\
94 	/* hack: decl to allow a following ";" */	\
95 	static void wrap_##NAME ()
96 
97 #define WRAP_K(NAME,ARGLIST,ARGNAMES)			\
98 	WRAP(NAME,krb5_error_code,ARGLIST,ARGNAMES,code)
99 
100 WRAP_K (krb5_db2_open,
101 	( krb5_context kcontext,
102 	  char *conf_section,
103 	  char **db_args,
104 	  int mode ),
105 	(kcontext, conf_section, db_args, mode));
106 WRAP_K (krb5_db2_db_fini, (krb5_context ctx), (ctx));
107 WRAP_K (krb5_db2_create,
108 	( krb5_context kcontext, char *conf_section, char **db_args ),
109 	(kcontext, conf_section, db_args));
110 WRAP_K (krb5_db2_destroy,
111 	( krb5_context kcontext, char *conf_section, char **db_args ),
112 	(kcontext, conf_section, db_args));
113 WRAP_K (krb5_db2_db_get_age,
114 	(krb5_context ctx,
115 		   char *s,
116 	 time_t *t),
117 	(ctx, s, t));
118 WRAP_K (krb5_db2_db_set_option,
119 	( krb5_context kcontext,
120 	  int option,
121 	  void *value ),
122 	(kcontext, option, value));
123 
124 WRAP_K (krb5_db2_db_lock,
125 	( krb5_context 	  context,
126 	  int 	 	  in_mode),
127 	(context, in_mode));
128 WRAP_K (krb5_db2_db_unlock, (krb5_context ctx), (ctx));
129 
130 WRAP_K (krb5_db2_db_get_principal,
131 	(krb5_context ctx,
132 		   krb5_const_principal p,
133 		   krb5_db_entry *d,
134 		   int * i,
135 	 krb5_boolean *b),
136 	(ctx, p, d, i, b));
137 WRAP_K (krb5_db2_db_free_principal,
138 	(krb5_context ctx,
139 		   krb5_db_entry *d,
140 	 int i),
141 	(ctx, d, i));
142 WRAP_K (krb5_db2_db_put_principal,
143 	(krb5_context ctx,
144 	 krb5_db_entry *d,
145 	 int *i,
146 	 char **db_args),
147 	(ctx, d, i, db_args));
148 WRAP_K (krb5_db2_db_delete_principal,
149 	(krb5_context context,
150 	 krb5_const_principal searchfor,
151 	 int *nentries),
152 	(context, searchfor, nentries));
153 
154 /* Solaris Kerberos: adding support for db_args */
155 WRAP_K (krb5_db2_db_iterate,
156 	(krb5_context ctx, char *s,
157 	 krb5_error_code (*f) (krb5_pointer,
158 			      krb5_db_entry *),
159 	 krb5_pointer p,
160 	 char **db_args),
161 	(ctx, s, f, p, db_args));
162 
163 WRAP_K (krb5_db2_create_policy,
164 	(krb5_context context, osa_policy_ent_t entry),
165 	(context, entry));
166 WRAP_K (krb5_db2_get_policy,
167 	( krb5_context kcontext,
168 	  char *name,
169 	  osa_policy_ent_t *policy,
170 	  int *cnt),
171 	(kcontext, name, policy, cnt));
172 WRAP_K (krb5_db2_put_policy,
173 	( krb5_context kcontext, osa_policy_ent_t policy ),
174 	(kcontext, policy));
175 WRAP_K (krb5_db2_iter_policy,
176 	( krb5_context kcontext,
177 	  char *match_entry,
178 	  osa_adb_iter_policy_func func,
179 	  void *data ),
180 	(kcontext, match_entry, func, data));
181 WRAP_K (krb5_db2_delete_policy,
182 	( krb5_context kcontext, char *policy ),
183 	(kcontext, policy));
184 WRAP_VOID (krb5_db2_free_policy,
185 	   ( krb5_context kcontext, osa_policy_ent_t entry ),
186 	   (kcontext, entry));
187 
188 WRAP (krb5_db2_alloc, void *,
189       ( krb5_context kcontext,
190 	void *ptr,
191 	size_t size ),
192       (kcontext, ptr, size), NULL);
193 WRAP_VOID (krb5_db2_free,
194 	   ( krb5_context kcontext, void *ptr ),
195 	   (kcontext, ptr));
196 
197 WRAP_K (krb5_db2_set_master_key_ext,
198 	( krb5_context kcontext, char *pwd, krb5_keyblock *key),
199 	(kcontext, pwd, key));
200 WRAP_K (krb5_db2_db_get_mkey,
201 	( krb5_context context, krb5_keyblock **key),
202 	(context, key));
203 WRAP_K (krb5_db2_promote_db,
204 	( krb5_context kcontext, char *conf_section, char **db_args ),
205 	(kcontext, conf_section, db_args));
206 
207 static krb5_error_code
hack_init()208 hack_init ()
209 {
210     krb5_error_code c;
211     c = krb5int_mutex_alloc (&krb5_db2_mutex);
212     if (c)
213 	return c;
214     return krb5_db2_lib_init ();
215 }
216 
217 static krb5_error_code
hack_cleanup(void)218 hack_cleanup (void)
219 {
220     krb5int_mutex_free (krb5_db2_mutex);
221     krb5_db2_mutex = NULL;
222     return krb5_db2_lib_cleanup();
223 }
224 
225 
226 /*
227  *      Exposed API
228  */
229 
230 kdb_vftabl kdb_function_table = {
231   /* major version number 1 */		       1,
232   /* minor version number 0 */		       0,
233   /* Solaris Kerberos: iprop support */
234   /* iprop_supported, yes for db2 */	       1,
235   /* init_library */			       hack_init,
236   /* fini_library */			       hack_cleanup,
237   /* init_module */			       wrap_krb5_db2_open,
238   /* fini_module */			       wrap_krb5_db2_db_fini,
239   /* db_create */			       wrap_krb5_db2_create,
240   /* db_destroy */			       wrap_krb5_db2_destroy,
241   /* db_get_age */                             wrap_krb5_db2_db_get_age,
242   /* db_set_option */			       wrap_krb5_db2_db_set_option,
243   /* db_lock */				       wrap_krb5_db2_db_lock,
244   /* db_unlock */			       wrap_krb5_db2_db_unlock,
245   /* db_get_principal */		       wrap_krb5_db2_db_get_principal,
246   /* Solaris Kerberos: need a nolock for iprop */
247   /* db_get_principal_nolock */		       krb5_db2_db_get_principal,
248   /* db_free_principal */		       wrap_krb5_db2_db_free_principal,
249   /* db_put_principal */		       wrap_krb5_db2_db_put_principal,
250   /* db_delete_principal */		       wrap_krb5_db2_db_delete_principal,
251   /* db_iterate */			       wrap_krb5_db2_db_iterate,
252   /* db_create_policy */                       wrap_krb5_db2_create_policy,
253   /* db_get_policy */                          wrap_krb5_db2_get_policy,
254   /* db_put_policy */                          wrap_krb5_db2_put_policy,
255   /* db_iter_policy */                         wrap_krb5_db2_iter_policy,
256   /* db_delete_policy */                       wrap_krb5_db2_delete_policy,
257   /* db_free_policy */                         wrap_krb5_db2_free_policy,
258   /* db_supported_realms */		       NULL,
259   /* db_free_supported_realms */	       NULL,
260   /* errcode_2_string */                       krb5_db2_errcode_2_string,
261   /* release_errcode_string */		       krb5_db2_release_errcode_string,
262   /* db_alloc */                               wrap_krb5_db2_alloc,
263   /* db_free */                                wrap_krb5_db2_free,
264   /* set_master_key */			       wrap_krb5_db2_set_master_key_ext,
265   /* get_master_key */			       wrap_krb5_db2_db_get_mkey,
266   /* blah blah blah */ 0,0,0,0,0,0,
267   /* promote_db */			       wrap_krb5_db2_promote_db,
268 };
269