2 * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 #include "kadm5_locl.h"
39 kadm5_s_lock(void *server_handle
)
41 kadm5_server_context
*context
= server_handle
;
44 if (context
->keep_open
) {
46 * We open/close around every operation, but we retain the DB
47 * open if the DB was locked with a prior call to kadm5_lock(),
48 * so if it's open here that must be because the DB is locked.
50 heim_assert(context
->db
->lock_count
> 0,
51 "Internal error in tracking HDB locks");
52 return KADM5_ALREADY_LOCKED
;
55 ret
= context
->db
->hdb_open(context
->context
, context
->db
, O_RDWR
, 0);
59 ret
= context
->db
->hdb_lock(context
->context
, context
->db
, HDB_WLOCK
);
61 (void) context
->db
->hdb_close(context
->context
, context
->db
);
66 * Attempt to recover the log. This will generally fail on slaves,
67 * and we can't tell if we're on a slave here.
69 * Perhaps we could set a flag in the kadm5_server_context to
70 * indicate whether a read has been done without recovering the log,
71 * in which case we could fail any subsequent writes.
73 if (kadm5_log_init(context
) == 0)
74 (void) kadm5_log_end(context
);
76 context
->keep_open
= 1;
81 kadm5_s_unlock(void *server_handle
)
83 kadm5_server_context
*context
= server_handle
;
86 if (!context
->keep_open
)
87 return KADM5_NOT_LOCKED
;
89 context
->keep_open
= 0;
90 ret
= context
->db
->hdb_unlock(context
->context
, context
->db
);
91 (void) context
->db
->hdb_close(context
->context
, context
->db
);
96 set_funcs(kadm5_server_context
*c
)
98 #define SET(C, F) (C)->funcs.F = kadm5_s_ ## F
99 SET(c
, chpass_principal
);
100 SET(c
, chpass_principal_with_key
);
101 SET(c
, create_principal
);
102 SET(c
, delete_principal
);
105 SET(c
, get_principal
);
106 SET(c
, get_principals
);
108 SET(c
, modify_principal
);
109 SET(c
, prune_principal
);
110 SET(c
, randkey_principal
);
111 SET(c
, rename_principal
);
114 SET(c
, setkey_principal_3
);
117 #ifndef NO_UNIX_SOCKETS
120 set_socket_name(krb5_context context
, struct sockaddr_un
*un
)
122 const char *fn
= kadm5_log_signal_socket(context
);
124 memset(un
, 0, sizeof(*un
));
125 un
->sun_family
= AF_UNIX
;
126 strlcpy (un
->sun_path
, fn
, sizeof(un
->sun_path
));
132 set_socket_info(krb5_context context
, struct addrinfo
**info
)
134 kadm5_log_signal_socket_info(context
, 0, info
);
140 find_db_spec(kadm5_server_context
*ctx
)
142 krb5_context context
= ctx
->context
;
143 struct hdb_dbinfo
*info
, *d
;
147 if (ctx
->config
.realm
) {
148 /* fetch the databases */
149 ret
= hdb_get_dbinfo(context
, &info
);
154 while ((d
= hdb_dbinfo_get_next(info
, d
)) != NULL
) {
155 const char *p
= hdb_dbinfo_get_realm(context
, d
);
157 /* match default (realm-less) */
158 if(p
!= NULL
&& strcmp(ctx
->config
.realm
, p
) != 0)
161 p
= hdb_dbinfo_get_dbname(context
, d
);
163 ctx
->config
.dbname
= strdup(p
);
164 if (ctx
->config
.dbname
== NULL
)
165 return krb5_enomem(context
);
168 p
= hdb_dbinfo_get_acl_file(context
, d
);
170 ctx
->config
.acl_file
= strdup(p
);
171 if (ctx
->config
.acl_file
== NULL
)
172 return krb5_enomem(context
);
175 p
= hdb_dbinfo_get_mkey_file(context
, d
);
177 ctx
->config
.stash_file
= strdup(p
);
178 if (ctx
->config
.stash_file
== NULL
)
179 return krb5_enomem(context
);
182 p
= hdb_dbinfo_get_log_file(context
, d
);
184 ctx
->log_context
.log_file
= strdup(p
);
185 if (ctx
->log_context
.log_file
== NULL
)
186 return krb5_enomem(context
);
190 hdb_free_dbinfo(context
, &info
);
193 /* If any of the values was unset, pick up the default value */
195 if (ctx
->config
.dbname
== NULL
) {
196 ctx
->config
.dbname
= strdup(hdb_default_db(context
));
197 if (ctx
->config
.dbname
== NULL
)
198 return krb5_enomem(context
);
200 if (ctx
->config
.acl_file
== NULL
) {
201 aret
= asprintf(&ctx
->config
.acl_file
, "%s/kadmind.acl",
202 hdb_db_dir(context
));
204 return krb5_enomem(context
);
206 if (ctx
->config
.stash_file
== NULL
) {
207 aret
= asprintf(&ctx
->config
.stash_file
, "%s/m-key",
208 hdb_db_dir(context
));
210 return krb5_enomem(context
);
212 if (ctx
->log_context
.log_file
== NULL
) {
213 aret
= asprintf(&ctx
->log_context
.log_file
, "%s/log",
214 hdb_db_dir(context
));
216 return krb5_enomem(context
);
219 #ifndef NO_UNIX_SOCKETS
220 set_socket_name(context
, &ctx
->log_context
.socket_name
);
222 set_socket_info(context
, &ctx
->log_context
.socket_info
);
229 _kadm5_s_init_context(kadm5_server_context
**ctx
,
230 kadm5_config_params
*params
,
231 krb5_context context
)
235 *ctx
= calloc(1, sizeof(**ctx
));
237 return krb5_enomem(context
);
238 (*ctx
)->log_context
.socket_fd
= rk_INVALID_SOCKET
;
241 (*ctx
)->context
= context
;
242 krb5_add_et_list (context
, initialize_kadm5_error_table_r
);
244 #define is_set(M) (params && params->mask & KADM5_CONFIG_ ## M)
246 (*ctx
)->config
.realm
= strdup(params
->realm
);
247 if ((*ctx
)->config
.realm
== NULL
)
248 return krb5_enomem(context
);
250 ret
= krb5_get_default_realm(context
, &(*ctx
)->config
.realm
);
254 if (is_set(DBNAME
)) {
255 (*ctx
)->config
.dbname
= strdup(params
->dbname
);
256 if ((*ctx
)->config
.dbname
== NULL
)
257 return krb5_enomem(context
);
259 if (is_set(ACL_FILE
)) {
260 (*ctx
)->config
.acl_file
= strdup(params
->acl_file
);
261 if ((*ctx
)->config
.acl_file
== NULL
)
262 return krb5_enomem(context
);
264 if (is_set(STASH_FILE
)) {
265 (*ctx
)->config
.stash_file
= strdup(params
->stash_file
);
266 if ((*ctx
)->config
.stash_file
== NULL
)
267 return krb5_enomem(context
);
272 ret
= _kadm5_s_init_hooks(*ctx
);
274 kadm5_s_destroy(*ctx
);
279 /* PROFILE can't be specified for now */
280 /* KADMIND_PORT is supposed to be used on the server also,
281 but this doesn't make sense */
282 /* ADMIN_SERVER is client only */
283 /* ADNAME is not used at all (as far as I can tell) */
284 /* ADB_LOCKFILE ditto */
287 /* MKEY_FROM_KEYBOARD is not supported */
288 /* MKEY_NAME neither */
300 _kadm5_s_get_db(void *server_handle
)
302 kadm5_server_context
*context
= server_handle
;