10Sstevel@tonic-gate /* 24621Ssemery * Copyright 2007 Sun Microsystems, Inc. All rights reserved. 30Sstevel@tonic-gate * Use is subject to license terms. 40Sstevel@tonic-gate */ 50Sstevel@tonic-gate 60Sstevel@tonic-gate #pragma ident "%Z%%M% %I% %E% SMI" 70Sstevel@tonic-gate 80Sstevel@tonic-gate /* 90Sstevel@tonic-gate * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING 100Sstevel@tonic-gate * 110Sstevel@tonic-gate * Openvision retains the copyright to derivative works of 120Sstevel@tonic-gate * this source code. Do *NOT* create a derivative of this 130Sstevel@tonic-gate * source code before consulting with your legal department. 140Sstevel@tonic-gate * Do *NOT* integrate *ANY* of this source code into another 150Sstevel@tonic-gate * product before consulting with your legal department. 160Sstevel@tonic-gate * 170Sstevel@tonic-gate * For further information, read the top-level Openvision 180Sstevel@tonic-gate * copyright which is contained in the top-level MIT Kerberos 190Sstevel@tonic-gate * copyright. 200Sstevel@tonic-gate * 210Sstevel@tonic-gate * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING 220Sstevel@tonic-gate * 230Sstevel@tonic-gate */ 240Sstevel@tonic-gate 250Sstevel@tonic-gate 260Sstevel@tonic-gate /* 270Sstevel@tonic-gate * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved. 280Sstevel@tonic-gate * 292881Smp153739 * $Id: server_init.c,v 1.8 2002/10/15 15:40:49 epeisach Exp $ 300Sstevel@tonic-gate * $Source: /cvs/krbdev/krb5/src/lib/kadm5/srv/server_init.c,v $ 310Sstevel@tonic-gate */ 320Sstevel@tonic-gate 330Sstevel@tonic-gate #if !defined(lint) && !defined(__CODECENTER__) 342881Smp153739 static char *rcsid = "$Header: /cvs/krbdev/krb5/src/lib/kadm5/srv/server_init.c,v 1.8 2002/10/15 15:40:49 epeisach Exp $"; 350Sstevel@tonic-gate #endif 360Sstevel@tonic-gate 370Sstevel@tonic-gate #include <stdio.h> 380Sstevel@tonic-gate #include <stdlib.h> 390Sstevel@tonic-gate #include <com_err.h> 400Sstevel@tonic-gate #include <kadm5/admin.h> 410Sstevel@tonic-gate #include <krb5.h> 420Sstevel@tonic-gate #include "server_internal.h" 430Sstevel@tonic-gate #include <kdb/kdb_log.h> 440Sstevel@tonic-gate 450Sstevel@tonic-gate /* 460Sstevel@tonic-gate * Function check_handle 470Sstevel@tonic-gate * 480Sstevel@tonic-gate * Purpose: Check a server handle and return a com_err code if it is 490Sstevel@tonic-gate * invalid or 0 if it is valid. 500Sstevel@tonic-gate * 510Sstevel@tonic-gate * Arguments: 520Sstevel@tonic-gate * 530Sstevel@tonic-gate * handle The server handle. 540Sstevel@tonic-gate */ 550Sstevel@tonic-gate 560Sstevel@tonic-gate static int check_handle(void *handle) 570Sstevel@tonic-gate { 580Sstevel@tonic-gate CHECK_HANDLE(handle); 590Sstevel@tonic-gate return 0; 600Sstevel@tonic-gate } 610Sstevel@tonic-gate 62*4960Swillf static int dup_db_args(kadm5_server_handle_t handle, char **db_args) 63*4960Swillf { 64*4960Swillf int count = 0; 65*4960Swillf int ret = 0; 66*4960Swillf 67*4960Swillf for (count=0; db_args && db_args[count]; count++); 68*4960Swillf if (count == 0) { 69*4960Swillf handle->db_args = NULL; 70*4960Swillf goto clean_n_exit; 71*4960Swillf } 72*4960Swillf 73*4960Swillf handle->db_args = calloc(sizeof(char*), count+1); 74*4960Swillf if (handle->db_args == NULL) { 75*4960Swillf ret=ENOMEM; 76*4960Swillf goto clean_n_exit; 77*4960Swillf } 78*4960Swillf 79*4960Swillf for (count=0; db_args[count]; count++) { 80*4960Swillf handle->db_args[count] = strdup(db_args[count]); 81*4960Swillf if (handle->db_args[count] == NULL) { 82*4960Swillf ret = ENOMEM; 83*4960Swillf goto clean_n_exit; 84*4960Swillf } 85*4960Swillf } 86*4960Swillf 87*4960Swillf clean_n_exit: 88*4960Swillf if (ret && handle->db_args) { 89*4960Swillf for (count=0; handle->db_args[count]; count++) 90*4960Swillf free(handle->db_args[count]); 91*4960Swillf 92*4960Swillf free(handle->db_args), handle->db_args = NULL; 93*4960Swillf } 94*4960Swillf 95*4960Swillf return ret; 96*4960Swillf } 97*4960Swillf 98*4960Swillf static void free_db_args(kadm5_server_handle_t handle) 99*4960Swillf { 100*4960Swillf int count; 101*4960Swillf 102*4960Swillf if (handle->db_args) { 103*4960Swillf for (count=0; handle->db_args[count]; count++) 104*4960Swillf free(handle->db_args[count]); 105*4960Swillf 106*4960Swillf free(handle->db_args), handle->db_args = NULL; 107*4960Swillf } 108*4960Swillf } 109*4960Swillf 1100Sstevel@tonic-gate kadm5_ret_t kadm5_init_with_password(char *client_name, char *pass, 1110Sstevel@tonic-gate char *service_name, 1120Sstevel@tonic-gate kadm5_config_params *params, 1130Sstevel@tonic-gate krb5_ui_4 struct_version, 1140Sstevel@tonic-gate krb5_ui_4 api_version, 115*4960Swillf char **db_args, 1160Sstevel@tonic-gate void **server_handle) 1170Sstevel@tonic-gate { 1180Sstevel@tonic-gate return kadm5_init(client_name, pass, service_name, params, 119*4960Swillf struct_version, api_version, db_args, 1200Sstevel@tonic-gate server_handle); 1210Sstevel@tonic-gate } 1220Sstevel@tonic-gate 1230Sstevel@tonic-gate kadm5_ret_t kadm5_init_with_creds(char *client_name, 1240Sstevel@tonic-gate krb5_ccache ccache, 1250Sstevel@tonic-gate char *service_name, 1260Sstevel@tonic-gate kadm5_config_params *params, 1270Sstevel@tonic-gate krb5_ui_4 struct_version, 1280Sstevel@tonic-gate krb5_ui_4 api_version, 129*4960Swillf char **db_args, 1300Sstevel@tonic-gate void **server_handle) 1310Sstevel@tonic-gate { 1320Sstevel@tonic-gate /* 1330Sstevel@tonic-gate * A program calling init_with_creds *never* expects to prompt the 1340Sstevel@tonic-gate * user. Therefore, always pass a dummy password in case this is 1350Sstevel@tonic-gate * KADM5_API_VERSION_1. If this is KADM5_API_VERSION_2 and 1360Sstevel@tonic-gate * MKEY_FROM_KBD is non-zero, return an error. 1370Sstevel@tonic-gate */ 1380Sstevel@tonic-gate if (api_version == KADM5_API_VERSION_2 && params && 1390Sstevel@tonic-gate (params->mask & KADM5_CONFIG_MKEY_FROM_KBD) && 1400Sstevel@tonic-gate params->mkey_from_kbd) 1410Sstevel@tonic-gate return KADM5_BAD_SERVER_PARAMS; 1420Sstevel@tonic-gate return kadm5_init(client_name, NULL, service_name, params, 143*4960Swillf struct_version, api_version, db_args, 1440Sstevel@tonic-gate server_handle); 1450Sstevel@tonic-gate } 1460Sstevel@tonic-gate 1470Sstevel@tonic-gate 1480Sstevel@tonic-gate kadm5_ret_t kadm5_init_with_skey(char *client_name, char *keytab, 1490Sstevel@tonic-gate char *service_name, 1500Sstevel@tonic-gate kadm5_config_params *params, 1510Sstevel@tonic-gate krb5_ui_4 struct_version, 1520Sstevel@tonic-gate krb5_ui_4 api_version, 153*4960Swillf char **db_args, 1540Sstevel@tonic-gate void **server_handle) 1550Sstevel@tonic-gate { 1560Sstevel@tonic-gate /* 1570Sstevel@tonic-gate * A program calling init_with_skey *never* expects to prompt the 1580Sstevel@tonic-gate * user. Therefore, always pass a dummy password in case this is 1590Sstevel@tonic-gate * KADM5_API_VERSION_1. If this is KADM5_API_VERSION_2 and 1600Sstevel@tonic-gate * MKEY_FROM_KBD is non-zero, return an error. 1610Sstevel@tonic-gate */ 1620Sstevel@tonic-gate if (api_version == KADM5_API_VERSION_2 && params && 1630Sstevel@tonic-gate (params->mask & KADM5_CONFIG_MKEY_FROM_KBD) && 1640Sstevel@tonic-gate params->mkey_from_kbd) 1650Sstevel@tonic-gate return KADM5_BAD_SERVER_PARAMS; 1660Sstevel@tonic-gate return kadm5_init(client_name, NULL, service_name, params, 167*4960Swillf struct_version, api_version, db_args, 1680Sstevel@tonic-gate server_handle); 1690Sstevel@tonic-gate } 1700Sstevel@tonic-gate 1710Sstevel@tonic-gate kadm5_ret_t kadm5_init(char *client_name, char *pass, 1720Sstevel@tonic-gate char *service_name, 1730Sstevel@tonic-gate kadm5_config_params *params_in, 1740Sstevel@tonic-gate krb5_ui_4 struct_version, 1750Sstevel@tonic-gate krb5_ui_4 api_version, 176*4960Swillf char **db_args, 1770Sstevel@tonic-gate void **server_handle) 1780Sstevel@tonic-gate { 1790Sstevel@tonic-gate int ret; 1800Sstevel@tonic-gate kadm5_server_handle_t handle; 1810Sstevel@tonic-gate kadm5_config_params params_local; /* for v1 compat */ 1820Sstevel@tonic-gate 1830Sstevel@tonic-gate if (! server_handle) 1840Sstevel@tonic-gate return EINVAL; 1850Sstevel@tonic-gate 1860Sstevel@tonic-gate if (! client_name) 1870Sstevel@tonic-gate return EINVAL; 188*4960Swillf 1890Sstevel@tonic-gate if (! (handle = (kadm5_server_handle_t) malloc(sizeof *handle))) 1900Sstevel@tonic-gate return ENOMEM; 1910Sstevel@tonic-gate memset(handle, 0, sizeof(*handle)); 1920Sstevel@tonic-gate 193*4960Swillf ret = dup_db_args(handle, db_args); 1942881Smp153739 if (ret) { 195*4960Swillf free(handle); 196*4960Swillf return ret; 197*4960Swillf } 198*4960Swillf 199*4960Swillf ret = (int) krb5int_init_context_kdc(&(handle->context)); 200*4960Swillf if (ret) { 201*4960Swillf free_db_args(handle); 2020Sstevel@tonic-gate free(handle); 2030Sstevel@tonic-gate return(ret); 2040Sstevel@tonic-gate } 2050Sstevel@tonic-gate 2060Sstevel@tonic-gate handle->magic_number = KADM5_SERVER_HANDLE_MAGIC; 2070Sstevel@tonic-gate handle->struct_version = struct_version; 2080Sstevel@tonic-gate handle->api_version = api_version; 2090Sstevel@tonic-gate 2100Sstevel@tonic-gate /* 2110Sstevel@tonic-gate * Verify the version numbers before proceeding; we can't use 2120Sstevel@tonic-gate * CHECK_HANDLE because not all fields are set yet. 2130Sstevel@tonic-gate */ 2140Sstevel@tonic-gate GENERIC_CHECK_HANDLE(handle, KADM5_OLD_SERVER_API_VERSION, 2150Sstevel@tonic-gate KADM5_NEW_SERVER_API_VERSION); 216*4960Swillf 2170Sstevel@tonic-gate /* 2180Sstevel@tonic-gate * Acquire relevant profile entries. In version 2, merge values 2190Sstevel@tonic-gate * in params_in with values from profile, based on 2200Sstevel@tonic-gate * params_in->mask. 2210Sstevel@tonic-gate * 2220Sstevel@tonic-gate * In version 1, we've given a realm (which may be NULL) instead 2230Sstevel@tonic-gate * of params_in. So use that realm, make params_in contain an 2240Sstevel@tonic-gate * empty mask, and behave like version 2. 2250Sstevel@tonic-gate */ 2260Sstevel@tonic-gate memset((char *) ¶ms_local, 0, sizeof(params_local)); 2270Sstevel@tonic-gate if (api_version == KADM5_API_VERSION_1) { 2280Sstevel@tonic-gate params_local.realm = (char *) params_in; 2290Sstevel@tonic-gate if (params_in) 2300Sstevel@tonic-gate params_local.mask = KADM5_CONFIG_REALM; 2310Sstevel@tonic-gate params_in = ¶ms_local; 2320Sstevel@tonic-gate } 2330Sstevel@tonic-gate 234*4960Swillf #if 0 /* Now that we look at krb5.conf as well as kdc.conf, we can 235*4960Swillf expect to see admin_server being set sometimes. */ 2360Sstevel@tonic-gate #define ILLEGAL_PARAMS (KADM5_CONFIG_ADMIN_SERVER) 2370Sstevel@tonic-gate if (params_in && (params_in->mask & ILLEGAL_PARAMS)) { 2380Sstevel@tonic-gate krb5_free_context(handle->context); 239*4960Swillf free_db_args(handle); 2400Sstevel@tonic-gate free(handle); 2410Sstevel@tonic-gate return KADM5_BAD_SERVER_PARAMS; 2420Sstevel@tonic-gate } 243*4960Swillf #endif 2440Sstevel@tonic-gate 2452881Smp153739 ret = kadm5_get_config_params(handle->context, (char *) NULL, 2462881Smp153739 (char *) NULL, params_in, 2472881Smp153739 &handle->params); 248*4960Swillf 2492881Smp153739 if (ret) { 2500Sstevel@tonic-gate krb5_free_context(handle->context); 251*4960Swillf free_db_args(handle); 2520Sstevel@tonic-gate free(handle); 2530Sstevel@tonic-gate return(ret); 2540Sstevel@tonic-gate } 2550Sstevel@tonic-gate 2560Sstevel@tonic-gate #define REQUIRED_PARAMS (KADM5_CONFIG_REALM | KADM5_CONFIG_DBNAME | \ 2570Sstevel@tonic-gate KADM5_CONFIG_ADBNAME | \ 2580Sstevel@tonic-gate KADM5_CONFIG_ADB_LOCKFILE | \ 2590Sstevel@tonic-gate KADM5_CONFIG_ENCTYPE | \ 2600Sstevel@tonic-gate KADM5_CONFIG_FLAGS | \ 2610Sstevel@tonic-gate KADM5_CONFIG_MAX_LIFE | KADM5_CONFIG_MAX_RLIFE | \ 262*4960Swillf KADM5_CONFIG_EXPIRATION | KADM5_CONFIG_ENCTYPES) 2632881Smp153739 2640Sstevel@tonic-gate if ((handle->params.mask & REQUIRED_PARAMS) != REQUIRED_PARAMS) { 2650Sstevel@tonic-gate krb5_free_context(handle->context); 266*4960Swillf free_db_args(handle); 2670Sstevel@tonic-gate free(handle); 2680Sstevel@tonic-gate return KADM5_MISSING_CONF_PARAMS; 2690Sstevel@tonic-gate } 2700Sstevel@tonic-gate 271*4960Swillf ret = krb5_set_default_realm(handle->context, handle->params.realm); 272*4960Swillf if (ret) { 273*4960Swillf krb5_free_context(handle->context); 274*4960Swillf free_db_args(handle); 275*4960Swillf free(handle); 276*4960Swillf return ret; 277*4960Swillf } 2782881Smp153739 279*4960Swillf ret = krb5_db_open(handle->context, db_args, 280*4960Swillf KRB5_KDB_OPEN_RW | KRB5_KDB_SRV_TYPE_ADMIN); 2812881Smp153739 if (ret) { 2820Sstevel@tonic-gate krb5_free_context(handle->context); 283*4960Swillf free_db_args(handle); 2840Sstevel@tonic-gate free(handle); 2850Sstevel@tonic-gate return(ret); 2860Sstevel@tonic-gate } 2870Sstevel@tonic-gate 2880Sstevel@tonic-gate if ((ret = krb5_parse_name(handle->context, client_name, 2890Sstevel@tonic-gate &handle->current_caller))) { 2900Sstevel@tonic-gate krb5_db_fini(handle->context); 2910Sstevel@tonic-gate krb5_free_context(handle->context); 292*4960Swillf free_db_args(handle); 2930Sstevel@tonic-gate free(handle); 2940Sstevel@tonic-gate return ret; 2950Sstevel@tonic-gate } 2960Sstevel@tonic-gate 2972881Smp153739 if (! (handle->lhandle = malloc(sizeof(*handle)))) { 2982881Smp153739 krb5_db_fini(handle->context); 2992881Smp153739 krb5_free_context(handle->context); 300*4960Swillf free_db_args(handle); 3010Sstevel@tonic-gate free(handle); 3022881Smp153739 return ENOMEM; 3030Sstevel@tonic-gate } 3042881Smp153739 *handle->lhandle = *handle; 3052881Smp153739 handle->lhandle->api_version = KADM5_API_VERSION_2; 3062881Smp153739 handle->lhandle->struct_version = KADM5_STRUCT_VERSION; 3072881Smp153739 handle->lhandle->lhandle = handle->lhandle; 3080Sstevel@tonic-gate 3092881Smp153739 /* can't check the handle until current_caller is set */ 3102881Smp153739 ret = check_handle((void *) handle); 3112881Smp153739 if (ret) { 312*4960Swillf free_db_args(handle); 313*4960Swillf free(handle); 3142881Smp153739 return ret; 3152881Smp153739 } 316*4960Swillf 3172881Smp153739 /* 3182881Smp153739 * The KADM5_API_VERSION_1 spec said "If pass (or keytab) is NULL 3192881Smp153739 * or an empty string, reads the master password from [the stash 3202881Smp153739 * file]. Otherwise, the non-NULL password is ignored and the 3212881Smp153739 * user is prompted for it via the tty." However, the code was 3222881Smp153739 * implemented the other way: when a non-NULL password was 3232881Smp153739 * provided, the stash file was used. This is somewhat more 3242881Smp153739 * sensible, as then a local or remote client that provides a 3252881Smp153739 * password does not prompt the user. This code maintains the 3262881Smp153739 * previous actual behavior, and not the old spec behavior, 3272881Smp153739 * because that is how the unit tests are written. 3282881Smp153739 * 3292881Smp153739 * In KADM5_API_VERSION_2, this decision is controlled by 3302881Smp153739 * params. 3312881Smp153739 * 3322881Smp153739 * kdb_init_master's third argument is "from_keyboard". 3332881Smp153739 */ 3344621Ssemery /* 3354621Ssemery * Solaris Kerberos: Setting to an unknown enc type will make the function 3364621Ssemery * read the encryption type in the stash file instead of assumming that it 3374621Ssemery * is the default type. 3384621Ssemery */ 3394621Ssemery if (handle->params.enctype == DEFAULT_KDC_ENCTYPE) 3404621Ssemery handle->params.enctype = ENCTYPE_UNKNOWN; 3412881Smp153739 ret = kdb_init_master(handle, handle->params.realm, 3422881Smp153739 (handle->api_version == KADM5_API_VERSION_1 ? 3432881Smp153739 ((pass == NULL) || !(strlen(pass))) : 3442881Smp153739 ((handle->params.mask & KADM5_CONFIG_MKEY_FROM_KBD) 3452881Smp153739 && handle->params.mkey_from_kbd) 346*4960Swillf )); 3472881Smp153739 if (ret) { 348*4960Swillf krb5_db_fini(handle->context); 3492881Smp153739 krb5_free_context(handle->context); 350*4960Swillf free_db_args(handle); 3512881Smp153739 free(handle); 3522881Smp153739 return ret; 3532881Smp153739 } 3544621Ssemery /* 3554621Ssemery * Solaris Kerberos: We used the enc type that was discovered in the stash 3564621Ssemery * file to associate with the other magic principals in the database. 3574621Ssemery */ 3584621Ssemery handle->params.enctype = handle->master_keyblock.enctype; 359*4960Swillf 3602881Smp153739 ret = kdb_init_hist(handle, handle->params.realm); 3612881Smp153739 if (ret) { 3620Sstevel@tonic-gate krb5_db_fini(handle->context); 3630Sstevel@tonic-gate krb5_free_context(handle->context); 364*4960Swillf free_db_args(handle); 3650Sstevel@tonic-gate free(handle); 3660Sstevel@tonic-gate return ret; 3670Sstevel@tonic-gate } 3680Sstevel@tonic-gate 3692881Smp153739 ret = init_dict(&handle->params); 3702881Smp153739 if (ret) { 371*4960Swillf krb5_db_fini(handle->context); 3720Sstevel@tonic-gate krb5_free_principal(handle->context, handle->current_caller); 3730Sstevel@tonic-gate krb5_free_context(handle->context); 374*4960Swillf free_db_args(handle); 3750Sstevel@tonic-gate free(handle); 3760Sstevel@tonic-gate return ret; 3770Sstevel@tonic-gate } 3780Sstevel@tonic-gate 3790Sstevel@tonic-gate *server_handle = (void *) handle; 380*4960Swillf 3810Sstevel@tonic-gate return KADM5_OK; 3820Sstevel@tonic-gate } 3830Sstevel@tonic-gate 3840Sstevel@tonic-gate kadm5_ret_t kadm5_destroy(void *server_handle) 3850Sstevel@tonic-gate { 3860Sstevel@tonic-gate kadm5_server_handle_t handle = server_handle; 3870Sstevel@tonic-gate 3880Sstevel@tonic-gate CHECK_HANDLE(server_handle); 3890Sstevel@tonic-gate 3900Sstevel@tonic-gate destroy_dict(); 3910Sstevel@tonic-gate 3920Sstevel@tonic-gate adb_policy_close(handle); 3930Sstevel@tonic-gate krb5_db_fini(handle->context); 3940Sstevel@tonic-gate krb5_free_principal(handle->context, handle->current_caller); 3950Sstevel@tonic-gate kadm5_free_config_params(handle->context, &handle->params); 3960Sstevel@tonic-gate krb5_free_context(handle->context); 3970Sstevel@tonic-gate handle->magic_number = 0; 3980Sstevel@tonic-gate free(handle->lhandle); 399*4960Swillf free_db_args(handle); 4000Sstevel@tonic-gate free(handle); 401*4960Swillf 4020Sstevel@tonic-gate return KADM5_OK; 4030Sstevel@tonic-gate } 4040Sstevel@tonic-gate 4052881Smp153739 kadm5_ret_t kadm5_lock(void *server_handle) 4062881Smp153739 { 4072881Smp153739 kadm5_server_handle_t handle = server_handle; 4082881Smp153739 kadm5_ret_t ret; 4092881Smp153739 4102881Smp153739 CHECK_HANDLE(server_handle); 411*4960Swillf ret = krb5_db_lock(handle->context, KRB5_DB_LOCKMODE_EXCLUSIVE); 4122881Smp153739 if (ret) 4132881Smp153739 return ret; 4142881Smp153739 4152881Smp153739 return KADM5_OK; 4162881Smp153739 } 4172881Smp153739 4182881Smp153739 kadm5_ret_t kadm5_unlock(void *server_handle) 4192881Smp153739 { 4202881Smp153739 kadm5_server_handle_t handle = server_handle; 4212881Smp153739 kadm5_ret_t ret; 4222881Smp153739 4232881Smp153739 CHECK_HANDLE(server_handle); 4242881Smp153739 ret = krb5_db_unlock(handle->context); 4252881Smp153739 if (ret) 4262881Smp153739 return ret; 4272881Smp153739 4282881Smp153739 return KADM5_OK; 4292881Smp153739 } 4302881Smp153739 4310Sstevel@tonic-gate kadm5_ret_t kadm5_flush(void *server_handle) 4320Sstevel@tonic-gate { 4330Sstevel@tonic-gate kadm5_server_handle_t handle = server_handle; 4340Sstevel@tonic-gate kadm5_ret_t ret; 4350Sstevel@tonic-gate 4360Sstevel@tonic-gate CHECK_HANDLE(server_handle); 4370Sstevel@tonic-gate 4380Sstevel@tonic-gate if ((ret = krb5_db_fini(handle->context)) || 439*4960Swillf (ret = krb5_db_open(handle->context, handle->db_args, 440*4960Swillf KRB5_KDB_OPEN_RW | KRB5_KDB_SRV_TYPE_ADMIN)) || 4410Sstevel@tonic-gate (ret = adb_policy_close(handle)) || 4420Sstevel@tonic-gate (ret = adb_policy_init(handle))) { 4430Sstevel@tonic-gate (void) kadm5_destroy(server_handle); 4440Sstevel@tonic-gate return ret; 4450Sstevel@tonic-gate } 4460Sstevel@tonic-gate return KADM5_OK; 4470Sstevel@tonic-gate } 4480Sstevel@tonic-gate 4490Sstevel@tonic-gate int _kadm5_check_handle(void *handle) 4500Sstevel@tonic-gate { 4510Sstevel@tonic-gate CHECK_HANDLE(handle); 4520Sstevel@tonic-gate return 0; 4530Sstevel@tonic-gate } 4540Sstevel@tonic-gate 455*4960Swillf #include "gssapiP_krb5.h" 456*4960Swillf krb5_error_code kadm5_init_krb5_context (krb5_context *ctx) 457*4960Swillf { 458*4960Swillf /* Solaris Kerberos: not needed */ 459*4960Swillf #if 0 /************** Begin IFDEF'ed OUT *******************************/ 460*4960Swillf static int first_time = 1; 461*4960Swillf if (first_time) { 462*4960Swillf krb5_error_code err; 463*4960Swillf err = krb5_gss_use_kdc_context(); 464*4960Swillf if (err) 465*4960Swillf return err; 466*4960Swillf first_time = 0; 467*4960Swillf } 468*4960Swillf #endif /**************** END IFDEF'ed OUT *******************************/ 469*4960Swillf return krb5int_init_context_kdc(ctx); 470*4960Swillf } 471*4960Swillf 4720Sstevel@tonic-gate krb5_error_code 4730Sstevel@tonic-gate kadm5_init_iprop(void *handle) 4740Sstevel@tonic-gate { 4750Sstevel@tonic-gate kadm5_server_handle_t iprop_h; 4760Sstevel@tonic-gate krb5_error_code retval; 4770Sstevel@tonic-gate 4780Sstevel@tonic-gate iprop_h = handle; 4790Sstevel@tonic-gate if (iprop_h->params.iprop_enabled) { 4800Sstevel@tonic-gate ulog_set_role(iprop_h->context, IPROP_MASTER); 4810Sstevel@tonic-gate if ((retval = ulog_map(iprop_h->context, &iprop_h->params, 4820Sstevel@tonic-gate FKCOMMAND)) != 0) 4830Sstevel@tonic-gate return (retval); 4840Sstevel@tonic-gate } 4850Sstevel@tonic-gate return (0); 4860Sstevel@tonic-gate } 487