10Sstevel@tonic-gate /*
26426Smp153739 * Copyright 2008 Sun Microsystems, Inc. All rights reserved.
30Sstevel@tonic-gate * Use is subject to license terms.
40Sstevel@tonic-gate */
50Sstevel@tonic-gate
60Sstevel@tonic-gate
70Sstevel@tonic-gate /*
80Sstevel@tonic-gate * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
90Sstevel@tonic-gate *
100Sstevel@tonic-gate * Openvision retains the copyright to derivative works of
110Sstevel@tonic-gate * this source code. Do *NOT* create a derivative of this
120Sstevel@tonic-gate * source code before consulting with your legal department.
130Sstevel@tonic-gate * Do *NOT* integrate *ANY* of this source code into another
140Sstevel@tonic-gate * product before consulting with your legal department.
150Sstevel@tonic-gate *
160Sstevel@tonic-gate * For further information, read the top-level Openvision
170Sstevel@tonic-gate * copyright which is contained in the top-level MIT Kerberos
180Sstevel@tonic-gate * copyright.
190Sstevel@tonic-gate *
200Sstevel@tonic-gate * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
210Sstevel@tonic-gate *
220Sstevel@tonic-gate */
230Sstevel@tonic-gate
240Sstevel@tonic-gate
250Sstevel@tonic-gate /*
260Sstevel@tonic-gate * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved.
270Sstevel@tonic-gate *
28*7934SMark.Phalan@Sun.COM * $Id: server_init.c 18584 2006-09-13 20:30:23Z raeburn $
29*7934SMark.Phalan@Sun.COM * $Source$
300Sstevel@tonic-gate */
310Sstevel@tonic-gate
320Sstevel@tonic-gate #if !defined(lint) && !defined(__CODECENTER__)
332881Smp153739 static char *rcsid = "$Header: /cvs/krbdev/krb5/src/lib/kadm5/srv/server_init.c,v 1.8 2002/10/15 15:40:49 epeisach Exp $";
340Sstevel@tonic-gate #endif
350Sstevel@tonic-gate
360Sstevel@tonic-gate #include <stdio.h>
370Sstevel@tonic-gate #include <stdlib.h>
38*7934SMark.Phalan@Sun.COM #include <errno.h>
390Sstevel@tonic-gate #include <com_err.h>
40*7934SMark.Phalan@Sun.COM #include "k5-int.h" /* needed for gssapiP_krb5.h */
410Sstevel@tonic-gate #include <kadm5/admin.h>
420Sstevel@tonic-gate #include <krb5.h>
430Sstevel@tonic-gate #include "server_internal.h"
440Sstevel@tonic-gate #include <kdb/kdb_log.h>
450Sstevel@tonic-gate
460Sstevel@tonic-gate /*
470Sstevel@tonic-gate * Function check_handle
480Sstevel@tonic-gate *
490Sstevel@tonic-gate * Purpose: Check a server handle and return a com_err code if it is
500Sstevel@tonic-gate * invalid or 0 if it is valid.
510Sstevel@tonic-gate *
520Sstevel@tonic-gate * Arguments:
530Sstevel@tonic-gate *
540Sstevel@tonic-gate * handle The server handle.
550Sstevel@tonic-gate */
560Sstevel@tonic-gate
check_handle(void * handle)570Sstevel@tonic-gate static int check_handle(void *handle)
580Sstevel@tonic-gate {
590Sstevel@tonic-gate CHECK_HANDLE(handle);
600Sstevel@tonic-gate return 0;
610Sstevel@tonic-gate }
620Sstevel@tonic-gate
dup_db_args(kadm5_server_handle_t handle,char ** db_args)634960Swillf static int dup_db_args(kadm5_server_handle_t handle, char **db_args)
644960Swillf {
654960Swillf int count = 0;
664960Swillf int ret = 0;
674960Swillf
684960Swillf for (count=0; db_args && db_args[count]; count++);
694960Swillf if (count == 0) {
704960Swillf handle->db_args = NULL;
714960Swillf goto clean_n_exit;
724960Swillf }
734960Swillf
744960Swillf handle->db_args = calloc(sizeof(char*), count+1);
754960Swillf if (handle->db_args == NULL) {
764960Swillf ret=ENOMEM;
774960Swillf goto clean_n_exit;
784960Swillf }
794960Swillf
804960Swillf for (count=0; db_args[count]; count++) {
814960Swillf handle->db_args[count] = strdup(db_args[count]);
824960Swillf if (handle->db_args[count] == NULL) {
834960Swillf ret = ENOMEM;
844960Swillf goto clean_n_exit;
854960Swillf }
864960Swillf }
874960Swillf
884960Swillf clean_n_exit:
894960Swillf if (ret && handle->db_args) {
904960Swillf for (count=0; handle->db_args[count]; count++)
914960Swillf free(handle->db_args[count]);
924960Swillf
934960Swillf free(handle->db_args), handle->db_args = NULL;
944960Swillf }
954960Swillf
964960Swillf return ret;
974960Swillf }
984960Swillf
free_db_args(kadm5_server_handle_t handle)994960Swillf static void free_db_args(kadm5_server_handle_t handle)
1004960Swillf {
1014960Swillf int count;
1024960Swillf
1034960Swillf if (handle->db_args) {
1044960Swillf for (count=0; handle->db_args[count]; count++)
1054960Swillf free(handle->db_args[count]);
1064960Swillf
1074960Swillf free(handle->db_args), handle->db_args = NULL;
1084960Swillf }
1094960Swillf }
1104960Swillf
kadm5_init_with_password(char * client_name,char * pass,char * service_name,kadm5_config_params * params,krb5_ui_4 struct_version,krb5_ui_4 api_version,char ** db_args,void ** server_handle)1110Sstevel@tonic-gate kadm5_ret_t kadm5_init_with_password(char *client_name, char *pass,
1120Sstevel@tonic-gate char *service_name,
1130Sstevel@tonic-gate kadm5_config_params *params,
1140Sstevel@tonic-gate krb5_ui_4 struct_version,
1150Sstevel@tonic-gate krb5_ui_4 api_version,
1164960Swillf char **db_args,
1170Sstevel@tonic-gate void **server_handle)
1180Sstevel@tonic-gate {
1190Sstevel@tonic-gate return kadm5_init(client_name, pass, service_name, params,
1204960Swillf struct_version, api_version, db_args,
1210Sstevel@tonic-gate server_handle);
1220Sstevel@tonic-gate }
1230Sstevel@tonic-gate
kadm5_init_with_creds(char * client_name,krb5_ccache ccache,char * service_name,kadm5_config_params * params,krb5_ui_4 struct_version,krb5_ui_4 api_version,char ** db_args,void ** server_handle)1240Sstevel@tonic-gate kadm5_ret_t kadm5_init_with_creds(char *client_name,
1250Sstevel@tonic-gate krb5_ccache ccache,
1260Sstevel@tonic-gate char *service_name,
1270Sstevel@tonic-gate kadm5_config_params *params,
1280Sstevel@tonic-gate krb5_ui_4 struct_version,
1290Sstevel@tonic-gate krb5_ui_4 api_version,
1304960Swillf char **db_args,
1310Sstevel@tonic-gate void **server_handle)
1320Sstevel@tonic-gate {
1330Sstevel@tonic-gate /*
1340Sstevel@tonic-gate * A program calling init_with_creds *never* expects to prompt the
1350Sstevel@tonic-gate * user. Therefore, always pass a dummy password in case this is
1360Sstevel@tonic-gate * KADM5_API_VERSION_1. If this is KADM5_API_VERSION_2 and
1370Sstevel@tonic-gate * MKEY_FROM_KBD is non-zero, return an error.
1380Sstevel@tonic-gate */
1390Sstevel@tonic-gate if (api_version == KADM5_API_VERSION_2 && params &&
1400Sstevel@tonic-gate (params->mask & KADM5_CONFIG_MKEY_FROM_KBD) &&
1410Sstevel@tonic-gate params->mkey_from_kbd)
1420Sstevel@tonic-gate return KADM5_BAD_SERVER_PARAMS;
1430Sstevel@tonic-gate return kadm5_init(client_name, NULL, service_name, params,
1444960Swillf struct_version, api_version, db_args,
1450Sstevel@tonic-gate server_handle);
1460Sstevel@tonic-gate }
1470Sstevel@tonic-gate
1480Sstevel@tonic-gate
kadm5_init_with_skey(char * client_name,char * keytab,char * service_name,kadm5_config_params * params,krb5_ui_4 struct_version,krb5_ui_4 api_version,char ** db_args,void ** server_handle)1490Sstevel@tonic-gate kadm5_ret_t kadm5_init_with_skey(char *client_name, char *keytab,
1500Sstevel@tonic-gate char *service_name,
1510Sstevel@tonic-gate kadm5_config_params *params,
1520Sstevel@tonic-gate krb5_ui_4 struct_version,
1530Sstevel@tonic-gate krb5_ui_4 api_version,
1544960Swillf char **db_args,
1550Sstevel@tonic-gate void **server_handle)
1560Sstevel@tonic-gate {
1570Sstevel@tonic-gate /*
1580Sstevel@tonic-gate * A program calling init_with_skey *never* expects to prompt the
1590Sstevel@tonic-gate * user. Therefore, always pass a dummy password in case this is
1600Sstevel@tonic-gate * KADM5_API_VERSION_1. If this is KADM5_API_VERSION_2 and
1610Sstevel@tonic-gate * MKEY_FROM_KBD is non-zero, return an error.
1620Sstevel@tonic-gate */
1630Sstevel@tonic-gate if (api_version == KADM5_API_VERSION_2 && params &&
1640Sstevel@tonic-gate (params->mask & KADM5_CONFIG_MKEY_FROM_KBD) &&
1650Sstevel@tonic-gate params->mkey_from_kbd)
1660Sstevel@tonic-gate return KADM5_BAD_SERVER_PARAMS;
1670Sstevel@tonic-gate return kadm5_init(client_name, NULL, service_name, params,
1684960Swillf struct_version, api_version, db_args,
1690Sstevel@tonic-gate server_handle);
1700Sstevel@tonic-gate }
1710Sstevel@tonic-gate
1726426Smp153739 /*
1736426Smp153739 * Solaris Kerberos:
1746426Smp153739 * A private extended version of kadm5_init which potentially
1756426Smp153739 * returns more information in case of an error.
1766426Smp153739 */
kadm5_init2(char * client_name,char * pass,char * service_name,kadm5_config_params * params_in,krb5_ui_4 struct_version,krb5_ui_4 api_version,char ** db_args,void ** server_handle,char ** emsg)1776426Smp153739 kadm5_ret_t kadm5_init2(char *client_name, char *pass,
1780Sstevel@tonic-gate char *service_name,
1790Sstevel@tonic-gate kadm5_config_params *params_in,
1800Sstevel@tonic-gate krb5_ui_4 struct_version,
1810Sstevel@tonic-gate krb5_ui_4 api_version,
1824960Swillf char **db_args,
1836426Smp153739 void **server_handle,
1846426Smp153739 char **emsg)
1850Sstevel@tonic-gate {
1860Sstevel@tonic-gate int ret;
1870Sstevel@tonic-gate kadm5_server_handle_t handle;
1880Sstevel@tonic-gate kadm5_config_params params_local; /* for v1 compat */
1890Sstevel@tonic-gate
1906426Smp153739 if (emsg)
1916426Smp153739 *emsg = NULL;
1926426Smp153739
1930Sstevel@tonic-gate if (! server_handle)
1940Sstevel@tonic-gate return EINVAL;
1950Sstevel@tonic-gate
1960Sstevel@tonic-gate if (! client_name)
1970Sstevel@tonic-gate return EINVAL;
1984960Swillf
1990Sstevel@tonic-gate if (! (handle = (kadm5_server_handle_t) malloc(sizeof *handle)))
2000Sstevel@tonic-gate return ENOMEM;
2010Sstevel@tonic-gate memset(handle, 0, sizeof(*handle));
2020Sstevel@tonic-gate
2034960Swillf ret = dup_db_args(handle, db_args);
2042881Smp153739 if (ret) {
2054960Swillf free(handle);
2064960Swillf return ret;
2074960Swillf }
2084960Swillf
2094960Swillf ret = (int) krb5int_init_context_kdc(&(handle->context));
2104960Swillf if (ret) {
2114960Swillf free_db_args(handle);
2120Sstevel@tonic-gate free(handle);
2130Sstevel@tonic-gate return(ret);
2140Sstevel@tonic-gate }
2150Sstevel@tonic-gate
2160Sstevel@tonic-gate handle->magic_number = KADM5_SERVER_HANDLE_MAGIC;
2170Sstevel@tonic-gate handle->struct_version = struct_version;
2180Sstevel@tonic-gate handle->api_version = api_version;
2190Sstevel@tonic-gate
2200Sstevel@tonic-gate /*
2210Sstevel@tonic-gate * Verify the version numbers before proceeding; we can't use
2220Sstevel@tonic-gate * CHECK_HANDLE because not all fields are set yet.
2230Sstevel@tonic-gate */
2240Sstevel@tonic-gate GENERIC_CHECK_HANDLE(handle, KADM5_OLD_SERVER_API_VERSION,
2250Sstevel@tonic-gate KADM5_NEW_SERVER_API_VERSION);
2264960Swillf
2270Sstevel@tonic-gate /*
2280Sstevel@tonic-gate * Acquire relevant profile entries. In version 2, merge values
2290Sstevel@tonic-gate * in params_in with values from profile, based on
2300Sstevel@tonic-gate * params_in->mask.
2310Sstevel@tonic-gate *
2320Sstevel@tonic-gate * In version 1, we've given a realm (which may be NULL) instead
2330Sstevel@tonic-gate * of params_in. So use that realm, make params_in contain an
2340Sstevel@tonic-gate * empty mask, and behave like version 2.
2350Sstevel@tonic-gate */
2360Sstevel@tonic-gate memset((char *) ¶ms_local, 0, sizeof(params_local));
2370Sstevel@tonic-gate if (api_version == KADM5_API_VERSION_1) {
2380Sstevel@tonic-gate params_local.realm = (char *) params_in;
2390Sstevel@tonic-gate if (params_in)
2400Sstevel@tonic-gate params_local.mask = KADM5_CONFIG_REALM;
2410Sstevel@tonic-gate params_in = ¶ms_local;
2420Sstevel@tonic-gate }
2430Sstevel@tonic-gate
2444960Swillf #if 0 /* Now that we look at krb5.conf as well as kdc.conf, we can
2454960Swillf expect to see admin_server being set sometimes. */
2460Sstevel@tonic-gate #define ILLEGAL_PARAMS (KADM5_CONFIG_ADMIN_SERVER)
2470Sstevel@tonic-gate if (params_in && (params_in->mask & ILLEGAL_PARAMS)) {
2480Sstevel@tonic-gate krb5_free_context(handle->context);
2494960Swillf free_db_args(handle);
2500Sstevel@tonic-gate free(handle);
2510Sstevel@tonic-gate return KADM5_BAD_SERVER_PARAMS;
2520Sstevel@tonic-gate }
2534960Swillf #endif
2540Sstevel@tonic-gate
255*7934SMark.Phalan@Sun.COM ret = kadm5_get_config_params(handle->context, 1, params_in,
2562881Smp153739 &handle->params);
2572881Smp153739 if (ret) {
2580Sstevel@tonic-gate krb5_free_context(handle->context);
2594960Swillf free_db_args(handle);
2600Sstevel@tonic-gate free(handle);
2610Sstevel@tonic-gate return(ret);
2620Sstevel@tonic-gate }
2630Sstevel@tonic-gate
2640Sstevel@tonic-gate #define REQUIRED_PARAMS (KADM5_CONFIG_REALM | KADM5_CONFIG_DBNAME | \
2650Sstevel@tonic-gate KADM5_CONFIG_ADBNAME | \
2660Sstevel@tonic-gate KADM5_CONFIG_ADB_LOCKFILE | \
2670Sstevel@tonic-gate KADM5_CONFIG_ENCTYPE | \
2680Sstevel@tonic-gate KADM5_CONFIG_FLAGS | \
2690Sstevel@tonic-gate KADM5_CONFIG_MAX_LIFE | KADM5_CONFIG_MAX_RLIFE | \
2704960Swillf KADM5_CONFIG_EXPIRATION | KADM5_CONFIG_ENCTYPES)
2712881Smp153739
2720Sstevel@tonic-gate if ((handle->params.mask & REQUIRED_PARAMS) != REQUIRED_PARAMS) {
2736426Smp153739 kadm5_free_config_params(handle->context, &handle->params);
2740Sstevel@tonic-gate krb5_free_context(handle->context);
2754960Swillf free_db_args(handle);
2760Sstevel@tonic-gate free(handle);
2770Sstevel@tonic-gate return KADM5_MISSING_CONF_PARAMS;
2780Sstevel@tonic-gate }
2790Sstevel@tonic-gate
2804960Swillf ret = krb5_set_default_realm(handle->context, handle->params.realm);
2814960Swillf if (ret) {
2826426Smp153739 kadm5_free_config_params(handle->context, &handle->params);
2834960Swillf krb5_free_context(handle->context);
2844960Swillf free_db_args(handle);
2854960Swillf free(handle);
2864960Swillf return ret;
2874960Swillf }
2882881Smp153739
2894960Swillf ret = krb5_db_open(handle->context, db_args,
2904960Swillf KRB5_KDB_OPEN_RW | KRB5_KDB_SRV_TYPE_ADMIN);
2912881Smp153739 if (ret) {
2926426Smp153739 if (emsg) {
2936426Smp153739 const char *m = krb5_get_error_message(handle->context, ret);
2946426Smp153739 *emsg = strdup(m);
2956426Smp153739 krb5_free_error_message(handle->context, m);
2966426Smp153739 }
2976426Smp153739 kadm5_free_config_params(handle->context, &handle->params);
2980Sstevel@tonic-gate krb5_free_context(handle->context);
2994960Swillf free_db_args(handle);
3000Sstevel@tonic-gate free(handle);
3010Sstevel@tonic-gate return(ret);
3020Sstevel@tonic-gate }
3030Sstevel@tonic-gate
3040Sstevel@tonic-gate if ((ret = krb5_parse_name(handle->context, client_name,
3050Sstevel@tonic-gate &handle->current_caller))) {
3060Sstevel@tonic-gate krb5_db_fini(handle->context);
3076426Smp153739 kadm5_free_config_params(handle->context, &handle->params);
3080Sstevel@tonic-gate krb5_free_context(handle->context);
3094960Swillf free_db_args(handle);
3100Sstevel@tonic-gate free(handle);
3110Sstevel@tonic-gate return ret;
3120Sstevel@tonic-gate }
3130Sstevel@tonic-gate
3142881Smp153739 if (! (handle->lhandle = malloc(sizeof(*handle)))) {
3152881Smp153739 krb5_db_fini(handle->context);
3166426Smp153739 kadm5_free_config_params(handle->context, &handle->params);
3172881Smp153739 krb5_free_context(handle->context);
3184960Swillf free_db_args(handle);
3190Sstevel@tonic-gate free(handle);
3202881Smp153739 return ENOMEM;
3210Sstevel@tonic-gate }
3222881Smp153739 *handle->lhandle = *handle;
3232881Smp153739 handle->lhandle->api_version = KADM5_API_VERSION_2;
3242881Smp153739 handle->lhandle->struct_version = KADM5_STRUCT_VERSION;
3252881Smp153739 handle->lhandle->lhandle = handle->lhandle;
3260Sstevel@tonic-gate
3272881Smp153739 /* can't check the handle until current_caller is set */
3282881Smp153739 ret = check_handle((void *) handle);
3292881Smp153739 if (ret) {
3306426Smp153739 krb5_db_fini(handle->context);
3316426Smp153739 kadm5_free_config_params(handle->context, &handle->params);
3326426Smp153739 krb5_free_context(handle->context);
3334960Swillf free_db_args(handle);
3344960Swillf free(handle);
3352881Smp153739 return ret;
3362881Smp153739 }
3374960Swillf
3382881Smp153739 /*
3392881Smp153739 * The KADM5_API_VERSION_1 spec said "If pass (or keytab) is NULL
3402881Smp153739 * or an empty string, reads the master password from [the stash
3412881Smp153739 * file]. Otherwise, the non-NULL password is ignored and the
3422881Smp153739 * user is prompted for it via the tty." However, the code was
3432881Smp153739 * implemented the other way: when a non-NULL password was
3442881Smp153739 * provided, the stash file was used. This is somewhat more
3452881Smp153739 * sensible, as then a local or remote client that provides a
3462881Smp153739 * password does not prompt the user. This code maintains the
3472881Smp153739 * previous actual behavior, and not the old spec behavior,
3482881Smp153739 * because that is how the unit tests are written.
3492881Smp153739 *
3502881Smp153739 * In KADM5_API_VERSION_2, this decision is controlled by
3512881Smp153739 * params.
3522881Smp153739 *
3532881Smp153739 * kdb_init_master's third argument is "from_keyboard".
3542881Smp153739 */
3554621Ssemery /*
3564621Ssemery * Solaris Kerberos: Setting to an unknown enc type will make the function
3574621Ssemery * read the encryption type in the stash file instead of assumming that it
3584621Ssemery * is the default type.
3594621Ssemery */
3604621Ssemery if (handle->params.enctype == DEFAULT_KDC_ENCTYPE)
3614621Ssemery handle->params.enctype = ENCTYPE_UNKNOWN;
3622881Smp153739 ret = kdb_init_master(handle, handle->params.realm,
3632881Smp153739 (handle->api_version == KADM5_API_VERSION_1 ?
3642881Smp153739 ((pass == NULL) || !(strlen(pass))) :
3652881Smp153739 ((handle->params.mask & KADM5_CONFIG_MKEY_FROM_KBD)
3662881Smp153739 && handle->params.mkey_from_kbd)
3674960Swillf ));
3682881Smp153739 if (ret) {
3694960Swillf krb5_db_fini(handle->context);
3706426Smp153739 kadm5_free_config_params(handle->context, &handle->params);
3712881Smp153739 krb5_free_context(handle->context);
3724960Swillf free_db_args(handle);
3732881Smp153739 free(handle);
3742881Smp153739 return ret;
3752881Smp153739 }
3764621Ssemery /*
3774621Ssemery * Solaris Kerberos: We used the enc type that was discovered in the stash
3784621Ssemery * file to associate with the other magic principals in the database.
3794621Ssemery */
3804621Ssemery handle->params.enctype = handle->master_keyblock.enctype;
3814960Swillf
3822881Smp153739 ret = kdb_init_hist(handle, handle->params.realm);
3832881Smp153739 if (ret) {
3840Sstevel@tonic-gate krb5_db_fini(handle->context);
3856426Smp153739 kadm5_free_config_params(handle->context, &handle->params);
3860Sstevel@tonic-gate krb5_free_context(handle->context);
3874960Swillf free_db_args(handle);
3880Sstevel@tonic-gate free(handle);
3890Sstevel@tonic-gate return ret;
3900Sstevel@tonic-gate }
3910Sstevel@tonic-gate
3922881Smp153739 ret = init_dict(&handle->params);
3932881Smp153739 if (ret) {
3944960Swillf krb5_db_fini(handle->context);
3950Sstevel@tonic-gate krb5_free_principal(handle->context, handle->current_caller);
3966426Smp153739 kadm5_free_config_params(handle->context, &handle->params);
3970Sstevel@tonic-gate krb5_free_context(handle->context);
3984960Swillf free_db_args(handle);
3990Sstevel@tonic-gate free(handle);
4000Sstevel@tonic-gate return ret;
4010Sstevel@tonic-gate }
4020Sstevel@tonic-gate
4030Sstevel@tonic-gate *server_handle = (void *) handle;
4044960Swillf
4050Sstevel@tonic-gate return KADM5_OK;
4060Sstevel@tonic-gate }
4070Sstevel@tonic-gate
kadm5_init(char * client_name,char * pass,char * service_name,kadm5_config_params * params_in,krb5_ui_4 struct_version,krb5_ui_4 api_version,char ** db_args,void ** server_handle)4086426Smp153739 kadm5_ret_t kadm5_init(char *client_name, char *pass,
4096426Smp153739 char *service_name,
4106426Smp153739 kadm5_config_params *params_in,
4116426Smp153739 krb5_ui_4 struct_version,
4126426Smp153739 krb5_ui_4 api_version,
4136426Smp153739 char **db_args,
4146426Smp153739 void **server_handle) {
4156426Smp153739 return (kadm5_init2(client_name, pass, service_name, params_in,
4166426Smp153739 struct_version, api_version, db_args, server_handle, NULL));
4176426Smp153739
4186426Smp153739 }
4196426Smp153739
kadm5_destroy(void * server_handle)4200Sstevel@tonic-gate kadm5_ret_t kadm5_destroy(void *server_handle)
4210Sstevel@tonic-gate {
4220Sstevel@tonic-gate kadm5_server_handle_t handle = server_handle;
4230Sstevel@tonic-gate
4240Sstevel@tonic-gate CHECK_HANDLE(server_handle);
4250Sstevel@tonic-gate
4260Sstevel@tonic-gate destroy_dict();
4270Sstevel@tonic-gate
4280Sstevel@tonic-gate adb_policy_close(handle);
4290Sstevel@tonic-gate krb5_db_fini(handle->context);
4300Sstevel@tonic-gate krb5_free_principal(handle->context, handle->current_caller);
4310Sstevel@tonic-gate kadm5_free_config_params(handle->context, &handle->params);
4320Sstevel@tonic-gate krb5_free_context(handle->context);
4330Sstevel@tonic-gate handle->magic_number = 0;
4340Sstevel@tonic-gate free(handle->lhandle);
4354960Swillf free_db_args(handle);
4360Sstevel@tonic-gate free(handle);
4374960Swillf
4380Sstevel@tonic-gate return KADM5_OK;
4390Sstevel@tonic-gate }
4400Sstevel@tonic-gate
kadm5_lock(void * server_handle)4412881Smp153739 kadm5_ret_t kadm5_lock(void *server_handle)
4422881Smp153739 {
4432881Smp153739 kadm5_server_handle_t handle = server_handle;
4442881Smp153739 kadm5_ret_t ret;
4452881Smp153739
4462881Smp153739 CHECK_HANDLE(server_handle);
4474960Swillf ret = krb5_db_lock(handle->context, KRB5_DB_LOCKMODE_EXCLUSIVE);
4482881Smp153739 if (ret)
4492881Smp153739 return ret;
4502881Smp153739
4512881Smp153739 return KADM5_OK;
4522881Smp153739 }
4532881Smp153739
kadm5_unlock(void * server_handle)4542881Smp153739 kadm5_ret_t kadm5_unlock(void *server_handle)
4552881Smp153739 {
4562881Smp153739 kadm5_server_handle_t handle = server_handle;
4572881Smp153739 kadm5_ret_t ret;
4582881Smp153739
4592881Smp153739 CHECK_HANDLE(server_handle);
4602881Smp153739 ret = krb5_db_unlock(handle->context);
4612881Smp153739 if (ret)
4622881Smp153739 return ret;
4632881Smp153739
4642881Smp153739 return KADM5_OK;
4652881Smp153739 }
4662881Smp153739
kadm5_flush(void * server_handle)4670Sstevel@tonic-gate kadm5_ret_t kadm5_flush(void *server_handle)
4680Sstevel@tonic-gate {
4690Sstevel@tonic-gate kadm5_server_handle_t handle = server_handle;
4700Sstevel@tonic-gate kadm5_ret_t ret;
4710Sstevel@tonic-gate
4720Sstevel@tonic-gate CHECK_HANDLE(server_handle);
4730Sstevel@tonic-gate
4740Sstevel@tonic-gate if ((ret = krb5_db_fini(handle->context)) ||
4754960Swillf (ret = krb5_db_open(handle->context, handle->db_args,
4764960Swillf KRB5_KDB_OPEN_RW | KRB5_KDB_SRV_TYPE_ADMIN)) ||
4770Sstevel@tonic-gate (ret = adb_policy_close(handle)) ||
4780Sstevel@tonic-gate (ret = adb_policy_init(handle))) {
4790Sstevel@tonic-gate (void) kadm5_destroy(server_handle);
4800Sstevel@tonic-gate return ret;
4810Sstevel@tonic-gate }
4820Sstevel@tonic-gate return KADM5_OK;
4830Sstevel@tonic-gate }
4840Sstevel@tonic-gate
_kadm5_check_handle(void * handle)4850Sstevel@tonic-gate int _kadm5_check_handle(void *handle)
4860Sstevel@tonic-gate {
4870Sstevel@tonic-gate CHECK_HANDLE(handle);
4880Sstevel@tonic-gate return 0;
4890Sstevel@tonic-gate }
4900Sstevel@tonic-gate
4914960Swillf #include "gssapiP_krb5.h"
kadm5_init_krb5_context(krb5_context * ctx)4924960Swillf krb5_error_code kadm5_init_krb5_context (krb5_context *ctx)
4934960Swillf {
4944960Swillf /* Solaris Kerberos: not needed */
4954960Swillf #if 0 /************** Begin IFDEF'ed OUT *******************************/
4964960Swillf static int first_time = 1;
4974960Swillf if (first_time) {
4984960Swillf krb5_error_code err;
4994960Swillf err = krb5_gss_use_kdc_context();
5004960Swillf if (err)
5014960Swillf return err;
5024960Swillf first_time = 0;
5034960Swillf }
5044960Swillf #endif /**************** END IFDEF'ed OUT *******************************/
5054960Swillf return krb5int_init_context_kdc(ctx);
5064960Swillf }
5074960Swillf
5080Sstevel@tonic-gate krb5_error_code
kadm5_init_iprop(void * handle)5090Sstevel@tonic-gate kadm5_init_iprop(void *handle)
5100Sstevel@tonic-gate {
5110Sstevel@tonic-gate kadm5_server_handle_t iprop_h;
5120Sstevel@tonic-gate krb5_error_code retval;
5130Sstevel@tonic-gate
5140Sstevel@tonic-gate iprop_h = handle;
5150Sstevel@tonic-gate if (iprop_h->params.iprop_enabled) {
5160Sstevel@tonic-gate ulog_set_role(iprop_h->context, IPROP_MASTER);
5170Sstevel@tonic-gate if ((retval = ulog_map(iprop_h->context, &iprop_h->params,
5180Sstevel@tonic-gate FKCOMMAND)) != 0)
5190Sstevel@tonic-gate return (retval);
5200Sstevel@tonic-gate }
5210Sstevel@tonic-gate return (0);
5220Sstevel@tonic-gate }
523