10Sstevel@tonic-gate /* 2*6426Smp153739 * Copyright 2008 Sun Microsystems, Inc. All rights reserved. 30Sstevel@tonic-gate * Use is subject to license terms. 40Sstevel@tonic-gate */ 50Sstevel@tonic-gate 60Sstevel@tonic-gate #pragma ident "%Z%%M% %I% %E% SMI" 70Sstevel@tonic-gate 80Sstevel@tonic-gate /* 90Sstevel@tonic-gate * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING 100Sstevel@tonic-gate * 110Sstevel@tonic-gate * Openvision retains the copyright to derivative works of 120Sstevel@tonic-gate * this source code. Do *NOT* create a derivative of this 130Sstevel@tonic-gate * source code before consulting with your legal department. 140Sstevel@tonic-gate * Do *NOT* integrate *ANY* of this source code into another 150Sstevel@tonic-gate * product before consulting with your legal department. 160Sstevel@tonic-gate * 170Sstevel@tonic-gate * For further information, read the top-level Openvision 180Sstevel@tonic-gate * copyright which is contained in the top-level MIT Kerberos 190Sstevel@tonic-gate * copyright. 200Sstevel@tonic-gate * 210Sstevel@tonic-gate * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING 220Sstevel@tonic-gate * 230Sstevel@tonic-gate */ 240Sstevel@tonic-gate 250Sstevel@tonic-gate 260Sstevel@tonic-gate /* 270Sstevel@tonic-gate * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved. 280Sstevel@tonic-gate * 292881Smp153739 * $Id: server_init.c,v 1.8 2002/10/15 15:40:49 epeisach Exp $ 300Sstevel@tonic-gate * $Source: /cvs/krbdev/krb5/src/lib/kadm5/srv/server_init.c,v $ 310Sstevel@tonic-gate */ 320Sstevel@tonic-gate 330Sstevel@tonic-gate #if !defined(lint) && !defined(__CODECENTER__) 342881Smp153739 static char *rcsid = "$Header: /cvs/krbdev/krb5/src/lib/kadm5/srv/server_init.c,v 1.8 2002/10/15 15:40:49 epeisach Exp $"; 350Sstevel@tonic-gate #endif 360Sstevel@tonic-gate 370Sstevel@tonic-gate #include <stdio.h> 380Sstevel@tonic-gate #include <stdlib.h> 390Sstevel@tonic-gate #include <com_err.h> 400Sstevel@tonic-gate #include <kadm5/admin.h> 410Sstevel@tonic-gate #include <krb5.h> 420Sstevel@tonic-gate #include "server_internal.h" 430Sstevel@tonic-gate #include <kdb/kdb_log.h> 440Sstevel@tonic-gate 450Sstevel@tonic-gate /* 460Sstevel@tonic-gate * Function check_handle 470Sstevel@tonic-gate * 480Sstevel@tonic-gate * Purpose: Check a server handle and return a com_err code if it is 490Sstevel@tonic-gate * invalid or 0 if it is valid. 500Sstevel@tonic-gate * 510Sstevel@tonic-gate * Arguments: 520Sstevel@tonic-gate * 530Sstevel@tonic-gate * handle The server handle. 540Sstevel@tonic-gate */ 550Sstevel@tonic-gate 560Sstevel@tonic-gate static int check_handle(void *handle) 570Sstevel@tonic-gate { 580Sstevel@tonic-gate CHECK_HANDLE(handle); 590Sstevel@tonic-gate return 0; 600Sstevel@tonic-gate } 610Sstevel@tonic-gate 624960Swillf static int dup_db_args(kadm5_server_handle_t handle, char **db_args) 634960Swillf { 644960Swillf int count = 0; 654960Swillf int ret = 0; 664960Swillf 674960Swillf for (count=0; db_args && db_args[count]; count++); 684960Swillf if (count == 0) { 694960Swillf handle->db_args = NULL; 704960Swillf goto clean_n_exit; 714960Swillf } 724960Swillf 734960Swillf handle->db_args = calloc(sizeof(char*), count+1); 744960Swillf if (handle->db_args == NULL) { 754960Swillf ret=ENOMEM; 764960Swillf goto clean_n_exit; 774960Swillf } 784960Swillf 794960Swillf for (count=0; db_args[count]; count++) { 804960Swillf handle->db_args[count] = strdup(db_args[count]); 814960Swillf if (handle->db_args[count] == NULL) { 824960Swillf ret = ENOMEM; 834960Swillf goto clean_n_exit; 844960Swillf } 854960Swillf } 864960Swillf 874960Swillf clean_n_exit: 884960Swillf if (ret && handle->db_args) { 894960Swillf for (count=0; handle->db_args[count]; count++) 904960Swillf free(handle->db_args[count]); 914960Swillf 924960Swillf free(handle->db_args), handle->db_args = NULL; 934960Swillf } 944960Swillf 954960Swillf return ret; 964960Swillf } 974960Swillf 984960Swillf static void free_db_args(kadm5_server_handle_t handle) 994960Swillf { 1004960Swillf int count; 1014960Swillf 1024960Swillf if (handle->db_args) { 1034960Swillf for (count=0; handle->db_args[count]; count++) 1044960Swillf free(handle->db_args[count]); 1054960Swillf 1064960Swillf free(handle->db_args), handle->db_args = NULL; 1074960Swillf } 1084960Swillf } 1094960Swillf 1100Sstevel@tonic-gate kadm5_ret_t kadm5_init_with_password(char *client_name, char *pass, 1110Sstevel@tonic-gate char *service_name, 1120Sstevel@tonic-gate kadm5_config_params *params, 1130Sstevel@tonic-gate krb5_ui_4 struct_version, 1140Sstevel@tonic-gate krb5_ui_4 api_version, 1154960Swillf char **db_args, 1160Sstevel@tonic-gate void **server_handle) 1170Sstevel@tonic-gate { 1180Sstevel@tonic-gate return kadm5_init(client_name, pass, service_name, params, 1194960Swillf struct_version, api_version, db_args, 1200Sstevel@tonic-gate server_handle); 1210Sstevel@tonic-gate } 1220Sstevel@tonic-gate 1230Sstevel@tonic-gate kadm5_ret_t kadm5_init_with_creds(char *client_name, 1240Sstevel@tonic-gate krb5_ccache ccache, 1250Sstevel@tonic-gate char *service_name, 1260Sstevel@tonic-gate kadm5_config_params *params, 1270Sstevel@tonic-gate krb5_ui_4 struct_version, 1280Sstevel@tonic-gate krb5_ui_4 api_version, 1294960Swillf char **db_args, 1300Sstevel@tonic-gate void **server_handle) 1310Sstevel@tonic-gate { 1320Sstevel@tonic-gate /* 1330Sstevel@tonic-gate * A program calling init_with_creds *never* expects to prompt the 1340Sstevel@tonic-gate * user. Therefore, always pass a dummy password in case this is 1350Sstevel@tonic-gate * KADM5_API_VERSION_1. If this is KADM5_API_VERSION_2 and 1360Sstevel@tonic-gate * MKEY_FROM_KBD is non-zero, return an error. 1370Sstevel@tonic-gate */ 1380Sstevel@tonic-gate if (api_version == KADM5_API_VERSION_2 && params && 1390Sstevel@tonic-gate (params->mask & KADM5_CONFIG_MKEY_FROM_KBD) && 1400Sstevel@tonic-gate params->mkey_from_kbd) 1410Sstevel@tonic-gate return KADM5_BAD_SERVER_PARAMS; 1420Sstevel@tonic-gate return kadm5_init(client_name, NULL, service_name, params, 1434960Swillf struct_version, api_version, db_args, 1440Sstevel@tonic-gate server_handle); 1450Sstevel@tonic-gate } 1460Sstevel@tonic-gate 1470Sstevel@tonic-gate 1480Sstevel@tonic-gate kadm5_ret_t kadm5_init_with_skey(char *client_name, char *keytab, 1490Sstevel@tonic-gate char *service_name, 1500Sstevel@tonic-gate kadm5_config_params *params, 1510Sstevel@tonic-gate krb5_ui_4 struct_version, 1520Sstevel@tonic-gate krb5_ui_4 api_version, 1534960Swillf char **db_args, 1540Sstevel@tonic-gate void **server_handle) 1550Sstevel@tonic-gate { 1560Sstevel@tonic-gate /* 1570Sstevel@tonic-gate * A program calling init_with_skey *never* expects to prompt the 1580Sstevel@tonic-gate * user. Therefore, always pass a dummy password in case this is 1590Sstevel@tonic-gate * KADM5_API_VERSION_1. If this is KADM5_API_VERSION_2 and 1600Sstevel@tonic-gate * MKEY_FROM_KBD is non-zero, return an error. 1610Sstevel@tonic-gate */ 1620Sstevel@tonic-gate if (api_version == KADM5_API_VERSION_2 && params && 1630Sstevel@tonic-gate (params->mask & KADM5_CONFIG_MKEY_FROM_KBD) && 1640Sstevel@tonic-gate params->mkey_from_kbd) 1650Sstevel@tonic-gate return KADM5_BAD_SERVER_PARAMS; 1660Sstevel@tonic-gate return kadm5_init(client_name, NULL, service_name, params, 1674960Swillf struct_version, api_version, db_args, 1680Sstevel@tonic-gate server_handle); 1690Sstevel@tonic-gate } 1700Sstevel@tonic-gate 171*6426Smp153739 /* 172*6426Smp153739 * Solaris Kerberos: 173*6426Smp153739 * A private extended version of kadm5_init which potentially 174*6426Smp153739 * returns more information in case of an error. 175*6426Smp153739 */ 176*6426Smp153739 kadm5_ret_t kadm5_init2(char *client_name, char *pass, 1770Sstevel@tonic-gate char *service_name, 1780Sstevel@tonic-gate kadm5_config_params *params_in, 1790Sstevel@tonic-gate krb5_ui_4 struct_version, 1800Sstevel@tonic-gate krb5_ui_4 api_version, 1814960Swillf char **db_args, 182*6426Smp153739 void **server_handle, 183*6426Smp153739 char **emsg) 1840Sstevel@tonic-gate { 1850Sstevel@tonic-gate int ret; 1860Sstevel@tonic-gate kadm5_server_handle_t handle; 1870Sstevel@tonic-gate kadm5_config_params params_local; /* for v1 compat */ 1880Sstevel@tonic-gate 189*6426Smp153739 if (emsg) 190*6426Smp153739 *emsg = NULL; 191*6426Smp153739 1920Sstevel@tonic-gate if (! server_handle) 1930Sstevel@tonic-gate return EINVAL; 1940Sstevel@tonic-gate 1950Sstevel@tonic-gate if (! client_name) 1960Sstevel@tonic-gate return EINVAL; 1974960Swillf 1980Sstevel@tonic-gate if (! (handle = (kadm5_server_handle_t) malloc(sizeof *handle))) 1990Sstevel@tonic-gate return ENOMEM; 2000Sstevel@tonic-gate memset(handle, 0, sizeof(*handle)); 2010Sstevel@tonic-gate 2024960Swillf ret = dup_db_args(handle, db_args); 2032881Smp153739 if (ret) { 2044960Swillf free(handle); 2054960Swillf return ret; 2064960Swillf } 2074960Swillf 2084960Swillf ret = (int) krb5int_init_context_kdc(&(handle->context)); 2094960Swillf if (ret) { 2104960Swillf free_db_args(handle); 2110Sstevel@tonic-gate free(handle); 2120Sstevel@tonic-gate return(ret); 2130Sstevel@tonic-gate } 2140Sstevel@tonic-gate 2150Sstevel@tonic-gate handle->magic_number = KADM5_SERVER_HANDLE_MAGIC; 2160Sstevel@tonic-gate handle->struct_version = struct_version; 2170Sstevel@tonic-gate handle->api_version = api_version; 2180Sstevel@tonic-gate 2190Sstevel@tonic-gate /* 2200Sstevel@tonic-gate * Verify the version numbers before proceeding; we can't use 2210Sstevel@tonic-gate * CHECK_HANDLE because not all fields are set yet. 2220Sstevel@tonic-gate */ 2230Sstevel@tonic-gate GENERIC_CHECK_HANDLE(handle, KADM5_OLD_SERVER_API_VERSION, 2240Sstevel@tonic-gate KADM5_NEW_SERVER_API_VERSION); 2254960Swillf 2260Sstevel@tonic-gate /* 2270Sstevel@tonic-gate * Acquire relevant profile entries. In version 2, merge values 2280Sstevel@tonic-gate * in params_in with values from profile, based on 2290Sstevel@tonic-gate * params_in->mask. 2300Sstevel@tonic-gate * 2310Sstevel@tonic-gate * In version 1, we've given a realm (which may be NULL) instead 2320Sstevel@tonic-gate * of params_in. So use that realm, make params_in contain an 2330Sstevel@tonic-gate * empty mask, and behave like version 2. 2340Sstevel@tonic-gate */ 2350Sstevel@tonic-gate memset((char *) ¶ms_local, 0, sizeof(params_local)); 2360Sstevel@tonic-gate if (api_version == KADM5_API_VERSION_1) { 2370Sstevel@tonic-gate params_local.realm = (char *) params_in; 2380Sstevel@tonic-gate if (params_in) 2390Sstevel@tonic-gate params_local.mask = KADM5_CONFIG_REALM; 2400Sstevel@tonic-gate params_in = ¶ms_local; 2410Sstevel@tonic-gate } 2420Sstevel@tonic-gate 2434960Swillf #if 0 /* Now that we look at krb5.conf as well as kdc.conf, we can 2444960Swillf expect to see admin_server being set sometimes. */ 2450Sstevel@tonic-gate #define ILLEGAL_PARAMS (KADM5_CONFIG_ADMIN_SERVER) 2460Sstevel@tonic-gate if (params_in && (params_in->mask & ILLEGAL_PARAMS)) { 2470Sstevel@tonic-gate krb5_free_context(handle->context); 2484960Swillf free_db_args(handle); 2490Sstevel@tonic-gate free(handle); 2500Sstevel@tonic-gate return KADM5_BAD_SERVER_PARAMS; 2510Sstevel@tonic-gate } 2524960Swillf #endif 2530Sstevel@tonic-gate 2542881Smp153739 ret = kadm5_get_config_params(handle->context, (char *) NULL, 2552881Smp153739 (char *) NULL, params_in, 2562881Smp153739 &handle->params); 2574960Swillf 2582881Smp153739 if (ret) { 2590Sstevel@tonic-gate krb5_free_context(handle->context); 2604960Swillf free_db_args(handle); 2610Sstevel@tonic-gate free(handle); 2620Sstevel@tonic-gate return(ret); 2630Sstevel@tonic-gate } 2640Sstevel@tonic-gate 2650Sstevel@tonic-gate #define REQUIRED_PARAMS (KADM5_CONFIG_REALM | KADM5_CONFIG_DBNAME | \ 2660Sstevel@tonic-gate KADM5_CONFIG_ADBNAME | \ 2670Sstevel@tonic-gate KADM5_CONFIG_ADB_LOCKFILE | \ 2680Sstevel@tonic-gate KADM5_CONFIG_ENCTYPE | \ 2690Sstevel@tonic-gate KADM5_CONFIG_FLAGS | \ 2700Sstevel@tonic-gate KADM5_CONFIG_MAX_LIFE | KADM5_CONFIG_MAX_RLIFE | \ 2714960Swillf KADM5_CONFIG_EXPIRATION | KADM5_CONFIG_ENCTYPES) 2722881Smp153739 2730Sstevel@tonic-gate if ((handle->params.mask & REQUIRED_PARAMS) != REQUIRED_PARAMS) { 274*6426Smp153739 kadm5_free_config_params(handle->context, &handle->params); 2750Sstevel@tonic-gate krb5_free_context(handle->context); 2764960Swillf free_db_args(handle); 2770Sstevel@tonic-gate free(handle); 2780Sstevel@tonic-gate return KADM5_MISSING_CONF_PARAMS; 2790Sstevel@tonic-gate } 2800Sstevel@tonic-gate 2814960Swillf ret = krb5_set_default_realm(handle->context, handle->params.realm); 2824960Swillf if (ret) { 283*6426Smp153739 kadm5_free_config_params(handle->context, &handle->params); 2844960Swillf krb5_free_context(handle->context); 2854960Swillf free_db_args(handle); 2864960Swillf free(handle); 2874960Swillf return ret; 2884960Swillf } 2892881Smp153739 2904960Swillf ret = krb5_db_open(handle->context, db_args, 2914960Swillf KRB5_KDB_OPEN_RW | KRB5_KDB_SRV_TYPE_ADMIN); 2922881Smp153739 if (ret) { 293*6426Smp153739 if (emsg) { 294*6426Smp153739 const char *m = krb5_get_error_message(handle->context, ret); 295*6426Smp153739 *emsg = strdup(m); 296*6426Smp153739 krb5_free_error_message(handle->context, m); 297*6426Smp153739 } 298*6426Smp153739 kadm5_free_config_params(handle->context, &handle->params); 2990Sstevel@tonic-gate krb5_free_context(handle->context); 3004960Swillf free_db_args(handle); 3010Sstevel@tonic-gate free(handle); 3020Sstevel@tonic-gate return(ret); 3030Sstevel@tonic-gate } 3040Sstevel@tonic-gate 3050Sstevel@tonic-gate if ((ret = krb5_parse_name(handle->context, client_name, 3060Sstevel@tonic-gate &handle->current_caller))) { 3070Sstevel@tonic-gate krb5_db_fini(handle->context); 308*6426Smp153739 kadm5_free_config_params(handle->context, &handle->params); 3090Sstevel@tonic-gate krb5_free_context(handle->context); 3104960Swillf free_db_args(handle); 3110Sstevel@tonic-gate free(handle); 3120Sstevel@tonic-gate return ret; 3130Sstevel@tonic-gate } 3140Sstevel@tonic-gate 3152881Smp153739 if (! (handle->lhandle = malloc(sizeof(*handle)))) { 3162881Smp153739 krb5_db_fini(handle->context); 317*6426Smp153739 kadm5_free_config_params(handle->context, &handle->params); 3182881Smp153739 krb5_free_context(handle->context); 3194960Swillf free_db_args(handle); 3200Sstevel@tonic-gate free(handle); 3212881Smp153739 return ENOMEM; 3220Sstevel@tonic-gate } 3232881Smp153739 *handle->lhandle = *handle; 3242881Smp153739 handle->lhandle->api_version = KADM5_API_VERSION_2; 3252881Smp153739 handle->lhandle->struct_version = KADM5_STRUCT_VERSION; 3262881Smp153739 handle->lhandle->lhandle = handle->lhandle; 3270Sstevel@tonic-gate 3282881Smp153739 /* can't check the handle until current_caller is set */ 3292881Smp153739 ret = check_handle((void *) handle); 3302881Smp153739 if (ret) { 331*6426Smp153739 krb5_db_fini(handle->context); 332*6426Smp153739 kadm5_free_config_params(handle->context, &handle->params); 333*6426Smp153739 krb5_free_context(handle->context); 3344960Swillf free_db_args(handle); 3354960Swillf free(handle); 3362881Smp153739 return ret; 3372881Smp153739 } 3384960Swillf 3392881Smp153739 /* 3402881Smp153739 * The KADM5_API_VERSION_1 spec said "If pass (or keytab) is NULL 3412881Smp153739 * or an empty string, reads the master password from [the stash 3422881Smp153739 * file]. Otherwise, the non-NULL password is ignored and the 3432881Smp153739 * user is prompted for it via the tty." However, the code was 3442881Smp153739 * implemented the other way: when a non-NULL password was 3452881Smp153739 * provided, the stash file was used. This is somewhat more 3462881Smp153739 * sensible, as then a local or remote client that provides a 3472881Smp153739 * password does not prompt the user. This code maintains the 3482881Smp153739 * previous actual behavior, and not the old spec behavior, 3492881Smp153739 * because that is how the unit tests are written. 3502881Smp153739 * 3512881Smp153739 * In KADM5_API_VERSION_2, this decision is controlled by 3522881Smp153739 * params. 3532881Smp153739 * 3542881Smp153739 * kdb_init_master's third argument is "from_keyboard". 3552881Smp153739 */ 3564621Ssemery /* 3574621Ssemery * Solaris Kerberos: Setting to an unknown enc type will make the function 3584621Ssemery * read the encryption type in the stash file instead of assumming that it 3594621Ssemery * is the default type. 3604621Ssemery */ 3614621Ssemery if (handle->params.enctype == DEFAULT_KDC_ENCTYPE) 3624621Ssemery handle->params.enctype = ENCTYPE_UNKNOWN; 3632881Smp153739 ret = kdb_init_master(handle, handle->params.realm, 3642881Smp153739 (handle->api_version == KADM5_API_VERSION_1 ? 3652881Smp153739 ((pass == NULL) || !(strlen(pass))) : 3662881Smp153739 ((handle->params.mask & KADM5_CONFIG_MKEY_FROM_KBD) 3672881Smp153739 && handle->params.mkey_from_kbd) 3684960Swillf )); 3692881Smp153739 if (ret) { 3704960Swillf krb5_db_fini(handle->context); 371*6426Smp153739 kadm5_free_config_params(handle->context, &handle->params); 3722881Smp153739 krb5_free_context(handle->context); 3734960Swillf free_db_args(handle); 3742881Smp153739 free(handle); 3752881Smp153739 return ret; 3762881Smp153739 } 3774621Ssemery /* 3784621Ssemery * Solaris Kerberos: We used the enc type that was discovered in the stash 3794621Ssemery * file to associate with the other magic principals in the database. 3804621Ssemery */ 3814621Ssemery handle->params.enctype = handle->master_keyblock.enctype; 3824960Swillf 3832881Smp153739 ret = kdb_init_hist(handle, handle->params.realm); 3842881Smp153739 if (ret) { 3850Sstevel@tonic-gate krb5_db_fini(handle->context); 386*6426Smp153739 kadm5_free_config_params(handle->context, &handle->params); 3870Sstevel@tonic-gate krb5_free_context(handle->context); 3884960Swillf free_db_args(handle); 3890Sstevel@tonic-gate free(handle); 3900Sstevel@tonic-gate return ret; 3910Sstevel@tonic-gate } 3920Sstevel@tonic-gate 3932881Smp153739 ret = init_dict(&handle->params); 3942881Smp153739 if (ret) { 3954960Swillf krb5_db_fini(handle->context); 3960Sstevel@tonic-gate krb5_free_principal(handle->context, handle->current_caller); 397*6426Smp153739 kadm5_free_config_params(handle->context, &handle->params); 3980Sstevel@tonic-gate krb5_free_context(handle->context); 3994960Swillf free_db_args(handle); 4000Sstevel@tonic-gate free(handle); 4010Sstevel@tonic-gate return ret; 4020Sstevel@tonic-gate } 4030Sstevel@tonic-gate 4040Sstevel@tonic-gate *server_handle = (void *) handle; 4054960Swillf 4060Sstevel@tonic-gate return KADM5_OK; 4070Sstevel@tonic-gate } 4080Sstevel@tonic-gate 409*6426Smp153739 kadm5_ret_t kadm5_init(char *client_name, char *pass, 410*6426Smp153739 char *service_name, 411*6426Smp153739 kadm5_config_params *params_in, 412*6426Smp153739 krb5_ui_4 struct_version, 413*6426Smp153739 krb5_ui_4 api_version, 414*6426Smp153739 char **db_args, 415*6426Smp153739 void **server_handle) { 416*6426Smp153739 return (kadm5_init2(client_name, pass, service_name, params_in, 417*6426Smp153739 struct_version, api_version, db_args, server_handle, NULL)); 418*6426Smp153739 419*6426Smp153739 } 420*6426Smp153739 4210Sstevel@tonic-gate kadm5_ret_t kadm5_destroy(void *server_handle) 4220Sstevel@tonic-gate { 4230Sstevel@tonic-gate kadm5_server_handle_t handle = server_handle; 4240Sstevel@tonic-gate 4250Sstevel@tonic-gate CHECK_HANDLE(server_handle); 4260Sstevel@tonic-gate 4270Sstevel@tonic-gate destroy_dict(); 4280Sstevel@tonic-gate 4290Sstevel@tonic-gate adb_policy_close(handle); 4300Sstevel@tonic-gate krb5_db_fini(handle->context); 4310Sstevel@tonic-gate krb5_free_principal(handle->context, handle->current_caller); 4320Sstevel@tonic-gate kadm5_free_config_params(handle->context, &handle->params); 4330Sstevel@tonic-gate krb5_free_context(handle->context); 4340Sstevel@tonic-gate handle->magic_number = 0; 4350Sstevel@tonic-gate free(handle->lhandle); 4364960Swillf free_db_args(handle); 4370Sstevel@tonic-gate free(handle); 4384960Swillf 4390Sstevel@tonic-gate return KADM5_OK; 4400Sstevel@tonic-gate } 4410Sstevel@tonic-gate 4422881Smp153739 kadm5_ret_t kadm5_lock(void *server_handle) 4432881Smp153739 { 4442881Smp153739 kadm5_server_handle_t handle = server_handle; 4452881Smp153739 kadm5_ret_t ret; 4462881Smp153739 4472881Smp153739 CHECK_HANDLE(server_handle); 4484960Swillf ret = krb5_db_lock(handle->context, KRB5_DB_LOCKMODE_EXCLUSIVE); 4492881Smp153739 if (ret) 4502881Smp153739 return ret; 4512881Smp153739 4522881Smp153739 return KADM5_OK; 4532881Smp153739 } 4542881Smp153739 4552881Smp153739 kadm5_ret_t kadm5_unlock(void *server_handle) 4562881Smp153739 { 4572881Smp153739 kadm5_server_handle_t handle = server_handle; 4582881Smp153739 kadm5_ret_t ret; 4592881Smp153739 4602881Smp153739 CHECK_HANDLE(server_handle); 4612881Smp153739 ret = krb5_db_unlock(handle->context); 4622881Smp153739 if (ret) 4632881Smp153739 return ret; 4642881Smp153739 4652881Smp153739 return KADM5_OK; 4662881Smp153739 } 4672881Smp153739 4680Sstevel@tonic-gate kadm5_ret_t kadm5_flush(void *server_handle) 4690Sstevel@tonic-gate { 4700Sstevel@tonic-gate kadm5_server_handle_t handle = server_handle; 4710Sstevel@tonic-gate kadm5_ret_t ret; 4720Sstevel@tonic-gate 4730Sstevel@tonic-gate CHECK_HANDLE(server_handle); 4740Sstevel@tonic-gate 4750Sstevel@tonic-gate if ((ret = krb5_db_fini(handle->context)) || 4764960Swillf (ret = krb5_db_open(handle->context, handle->db_args, 4774960Swillf KRB5_KDB_OPEN_RW | KRB5_KDB_SRV_TYPE_ADMIN)) || 4780Sstevel@tonic-gate (ret = adb_policy_close(handle)) || 4790Sstevel@tonic-gate (ret = adb_policy_init(handle))) { 4800Sstevel@tonic-gate (void) kadm5_destroy(server_handle); 4810Sstevel@tonic-gate return ret; 4820Sstevel@tonic-gate } 4830Sstevel@tonic-gate return KADM5_OK; 4840Sstevel@tonic-gate } 4850Sstevel@tonic-gate 4860Sstevel@tonic-gate int _kadm5_check_handle(void *handle) 4870Sstevel@tonic-gate { 4880Sstevel@tonic-gate CHECK_HANDLE(handle); 4890Sstevel@tonic-gate return 0; 4900Sstevel@tonic-gate } 4910Sstevel@tonic-gate 4924960Swillf #include "gssapiP_krb5.h" 4934960Swillf krb5_error_code kadm5_init_krb5_context (krb5_context *ctx) 4944960Swillf { 4954960Swillf /* Solaris Kerberos: not needed */ 4964960Swillf #if 0 /************** Begin IFDEF'ed OUT *******************************/ 4974960Swillf static int first_time = 1; 4984960Swillf if (first_time) { 4994960Swillf krb5_error_code err; 5004960Swillf err = krb5_gss_use_kdc_context(); 5014960Swillf if (err) 5024960Swillf return err; 5034960Swillf first_time = 0; 5044960Swillf } 5054960Swillf #endif /**************** END IFDEF'ed OUT *******************************/ 5064960Swillf return krb5int_init_context_kdc(ctx); 5074960Swillf } 5084960Swillf 5090Sstevel@tonic-gate krb5_error_code 5100Sstevel@tonic-gate kadm5_init_iprop(void *handle) 5110Sstevel@tonic-gate { 5120Sstevel@tonic-gate kadm5_server_handle_t iprop_h; 5130Sstevel@tonic-gate krb5_error_code retval; 5140Sstevel@tonic-gate 5150Sstevel@tonic-gate iprop_h = handle; 5160Sstevel@tonic-gate if (iprop_h->params.iprop_enabled) { 5170Sstevel@tonic-gate ulog_set_role(iprop_h->context, IPROP_MASTER); 5180Sstevel@tonic-gate if ((retval = ulog_map(iprop_h->context, &iprop_h->params, 5190Sstevel@tonic-gate FKCOMMAND)) != 0) 5200Sstevel@tonic-gate return (retval); 5210Sstevel@tonic-gate } 5220Sstevel@tonic-gate return (0); 5230Sstevel@tonic-gate } 524