third_party/heimdal/lib/kadm5/context_s.c

   1 /*
   2  * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan
   3  * (Royal Institute of Technology, Stockholm, Sweden).
   4  * All rights reserved.
   5  *
   6  * Redistribution and use in source and binary forms, with or without
   7  * modification, are permitted provided that the following conditions
   8  * are met:
   9  *
  10  * 1. Redistributions of source code must retain the above copyright
  11  *    notice, this list of conditions and the following disclaimer.
  12  *
  13  * 2. Redistributions in binary form must reproduce the above copyright
  14  *    notice, this list of conditions and the following disclaimer in the
  15  *    documentation and/or other materials provided with the distribution.
  16  *
  17  * 3. Neither the name of the Institute nor the names of its contributors
  18  *    may be used to endorse or promote products derived from this software
  19  *    without specific prior written permission.
  20  *
  21  * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
  22  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  23  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  24  * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
  25  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  26  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  27  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  28  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  29  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  30  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  31  * SUCH DAMAGE.
  32  */
  33
  34 #include "kadm5_locl.h"
  35
  36 RCSID("$Id$");
  37
  38 static kadm5_ret_t
  39 kadm5_s_lock(void *server_handle)
  40 {
  41     kadm5_server_context *context = server_handle;
  42     kadm5_ret_t ret;
  43
  44     if (context->keep_open) {
  45         /*
  46          * We open/close around every operation, but we retain the DB
  47          * open if the DB was locked with a prior call to kadm5_lock(),
  48          * so if it's open here that must be because the DB is locked.
  49          */
  50         heim_assert(context->db->lock_count > 0,
  51                     "Internal error in tracking HDB locks");
  52         return KADM5_ALREADY_LOCKED;
  53     }
  54
  55     ret = context->db->hdb_open(context->context, context->db, O_RDWR, 0);
  56     if (ret)
  57         return ret;
  58
  59     ret = context->db->hdb_lock(context->context, context->db, HDB_WLOCK);
  60     if (ret) {
  61         (void) context->db->hdb_close(context->context, context->db);
  62         return ret;
  63     }
  64
  65     /*
  66      * Attempt to recover the log.  This will generally fail on slaves,
  67      * and we can't tell if we're on a slave here.
  68      *
  69      * Perhaps we could set a flag in the kadm5_server_context to
  70      * indicate whether a read has been done without recovering the log,
  71      * in which case we could fail any subsequent writes.
  72      */
  73     if (kadm5_log_init(context) == 0)
  74         (void) kadm5_log_end(context);
  75
  76     context->keep_open = 1;
  77     return 0;
  78 }
  79
  80 static kadm5_ret_t
  81 kadm5_s_unlock(void *server_handle)
  82 {
  83     kadm5_server_context *context = server_handle;
  84     kadm5_ret_t ret;
  85
  86     if (!context->keep_open)
  87         return KADM5_NOT_LOCKED;
  88
  89     context->keep_open = 0;
  90     ret = context->db->hdb_unlock(context->context, context->db);
  91     (void) context->db->hdb_close(context->context, context->db);
  92     return ret;
  93 }
  94
  95 static void
  96 set_funcs(kadm5_server_context *c)
  97 {
  98 #define SET(C, F) (C)->funcs.F = kadm5_s_ ## F
  99     SET(c, chpass_principal);
 100     SET(c, chpass_principal_with_key);
 101     SET(c, create_principal);
 102     SET(c, delete_principal);
 103     SET(c, destroy);
 104     SET(c, flush);
 105     SET(c, get_principal);
 106     SET(c, get_principals);
 107     SET(c, get_privs);
 108     SET(c, modify_principal);
 109     SET(c, prune_principal);
 110     SET(c, randkey_principal);
 111     SET(c, rename_principal);
 112     SET(c, lock);
 113     SET(c, unlock);
 114     SET(c, setkey_principal_3);
 115 }
 116
 117 #ifndef NO_UNIX_SOCKETS
 118
 119 static void
 120 set_socket_name(krb5_context context, struct sockaddr_un *un)
 121 {
 122     const char *fn = kadm5_log_signal_socket(context);
 123
 124     memset(un, 0, sizeof(*un));
 125     un->sun_family = AF_UNIX;
 126     strlcpy (un->sun_path, fn, sizeof(un->sun_path));
 127
 128 }
 129 #else
 130
 131 static void
 132 set_socket_info(krb5_context context, struct addrinfo **info)
 133 {
 134     kadm5_log_signal_socket_info(context, 0, info);
 135 }
 136
 137 #endif
 138
 139 static kadm5_ret_t
 140 find_db_spec(kadm5_server_context *ctx)
 141 {
 142     krb5_context context = ctx->context;
 143     struct hdb_dbinfo *info, *d;
 144     krb5_error_code ret;
 145     int aret;
 146
 147     if (ctx->config.realm) {
 148         /* fetch the databases */
 149         ret = hdb_get_dbinfo(context, &info);
 150         if (ret)
 151             return ret;
 152
 153         d = NULL;
 154         while ((d = hdb_dbinfo_get_next(info, d)) != NULL) {
 155             const char *p = hdb_dbinfo_get_realm(context, d);
 156
 157             /* match default (realm-less) */
 158             if(p != NULL && strcmp(ctx->config.realm, p) != 0)
 159                 continue;
 160
 161             p = hdb_dbinfo_get_dbname(context, d);
 162             if (p) {
 163                 ctx->config.dbname = strdup(p);
 164                 if (ctx->config.dbname == NULL)
 165                     return krb5_enomem(context);
 166             }
 167
 168             p = hdb_dbinfo_get_acl_file(context, d);
 169             if (p) {
 170                 ctx->config.acl_file = strdup(p);
 171                 if (ctx->config.acl_file == NULL)
 172                     return krb5_enomem(context);
 173             }
 174
 175             p = hdb_dbinfo_get_mkey_file(context, d);
 176             if (p) {
 177                 ctx->config.stash_file = strdup(p);
 178                 if (ctx->config.stash_file == NULL)
 179                     return krb5_enomem(context);
 180             }
 181
 182             p = hdb_dbinfo_get_log_file(context, d);
 183             if (p) {
 184                 ctx->log_context.log_file = strdup(p);
 185                 if (ctx->log_context.log_file == NULL)
 186                     return krb5_enomem(context);
 187             }
 188             break;
 189         }
 190         hdb_free_dbinfo(context, &info);
 191     }
 192
 193     /* If any of the values was unset, pick up the default value */
 194
 195     if (ctx->config.dbname == NULL) {
 196         ctx->config.dbname = strdup(hdb_default_db(context));
 197         if (ctx->config.dbname == NULL)
 198             return krb5_enomem(context);
 199     }
 200     if (ctx->config.acl_file == NULL) {
 201         aret = asprintf(&ctx->config.acl_file, "%s/kadmind.acl",
 202                         hdb_db_dir(context));
 203         if (aret == -1)
 204             return krb5_enomem(context);
 205     }
 206     if (ctx->config.stash_file == NULL) {
 207         aret = asprintf(&ctx->config.stash_file, "%s/m-key",
 208                         hdb_db_dir(context));
 209         if (aret == -1)
 210             return krb5_enomem(context);
 211     }
 212     if (ctx->log_context.log_file == NULL) {
 213         aret = asprintf(&ctx->log_context.log_file, "%s/log",
 214                         hdb_db_dir(context));
 215         if (aret == -1)
 216             return krb5_enomem(context);
 217     }
 218
 219 #ifndef NO_UNIX_SOCKETS
 220     set_socket_name(context, &ctx->log_context.socket_name);
 221 #else
 222     set_socket_info(context, &ctx->log_context.socket_info);
 223 #endif
 224
 225     return 0;
 226 }
 227
 228 kadm5_ret_t
 229 _kadm5_s_init_context(kadm5_server_context **ctx,
 230                       kadm5_config_params *params,
 231                       krb5_context context)
 232 {
 233     kadm5_ret_t ret = 0;
 234
 235     *ctx = calloc(1, sizeof(**ctx));
 236     if (*ctx == NULL)
 237         return krb5_enomem(context);
 238     (*ctx)->log_context.socket_fd = rk_INVALID_SOCKET;
 239
 240     set_funcs(*ctx);
 241     (*ctx)->context = context;
 242     krb5_add_et_list (context, initialize_kadm5_error_table_r);
 243
 244 #define is_set(M) (params && params->mask & KADM5_CONFIG_ ## M)
 245     if (is_set(REALM)) {
 246         (*ctx)->config.realm = strdup(params->realm);
 247         if ((*ctx)->config.realm == NULL)
 248             return krb5_enomem(context);
 249     } else {
 250         ret = krb5_get_default_realm(context, &(*ctx)->config.realm);
 251         if (ret)
 252             return ret;
 253     }
 254     if (is_set(DBNAME)) {
 255         (*ctx)->config.dbname = strdup(params->dbname);
 256         if ((*ctx)->config.dbname == NULL)
 257             return krb5_enomem(context);
 258     }
 259     if (is_set(ACL_FILE)) {
 260         (*ctx)->config.acl_file = strdup(params->acl_file);
 261         if ((*ctx)->config.acl_file == NULL)
 262             return krb5_enomem(context);
 263     }
 264     if (is_set(STASH_FILE)) {
 265         (*ctx)->config.stash_file = strdup(params->stash_file);
 266         if ((*ctx)->config.stash_file == NULL)
 267             return krb5_enomem(context);
 268     }
 269
 270     find_db_spec(*ctx);
 271
 272     ret = _kadm5_s_init_hooks(*ctx);
 273     if (ret != 0) {
 274         kadm5_s_destroy(*ctx);
 275         *ctx = NULL;
 276         return ret;
 277     }
 278
 279     /* PROFILE can't be specified for now */
 280     /* KADMIND_PORT is supposed to be used on the server also,
 281        but this doesn't make sense */
 282     /* ADMIN_SERVER is client only */
 283     /* ADNAME is not used at all (as far as I can tell) */
 284     /* ADB_LOCKFILE ditto */
 285     /* DICT_FILE */
 286     /* ADMIN_KEYTAB */
 287     /* MKEY_FROM_KEYBOARD is not supported */
 288     /* MKEY_NAME neither */
 289     /* ENCTYPE */
 290     /* MAX_LIFE */
 291     /* MAX_RLIFE */
 292     /* EXPIRATION */
 293     /* FLAGS */
 294     /* ENCTYPES */
 295
 296     return 0;
 297 }
 298
 299 HDB *
 300 _kadm5_s_get_db(void *server_handle)
 301 {
 302     kadm5_server_context *context = server_handle;
 303     return context->db;
 304 }