/*
* Push a password change to Active Directory. Takes the module
* configuration, a Kerberos context, the principal whose password is being
* changed (we will have to change the realm), and the new password and its
* length. Returns a Kerberos error code.
*/
krb5_error_code
sync_ad_chpass(kadm5_hook_modinfo *config, krb5_context ctx,
krb5_principal principal, const char *password)
{
krb5_error_code code;
char *target = NULL;
krb5_ccache ccache;
krb5_principal ad_principal = NULL;
int result_code;
krb5_data result_code_string, result_string;
/* Ensure the configuration is sane. */
CHECK_CONFIG(ad_realm);
/* Get the credentials we'll use to make the change in AD. */
code = get_creds(config, ctx, &ccache);
if (code != 0)
return code;
/* Get the corresponding AD principal. */
code = get_ad_principal(config, ctx, principal, &ad_principal);
if (code != 0)
goto done;
/* This is just for logging purposes. */
code = krb5_unparse_name(ctx, ad_principal, &target);
if (code != 0)
goto done;
/* Do the actual password change and record any error. */
code = krb5_set_password_using_ccache(ctx, ccache, (char *) password,
ad_principal, &result_code,
&result_code_string, &result_string);
if (code != 0)
goto done;
if (result_code != 0) {
code = sync_error_generic(ctx, "password change failed for %s: (%d)"
" %.*s%s%.*s", target, result_code,
(int) result_code_string.length,
(char *) result_code_string.data,
result_string.length ? ": " : "",
(int) result_string.length,
(char *) result_string.data);
goto done;
}
free(result_string.data);
free(result_code_string.data);
sync_syslog_info(config, "krb5-sync: %s password changed", target);
done:
krb5_cc_destroy(ctx, ccache);
if (target != NULL)
krb5_free_unparsed_name(ctx, target);
if (ad_principal != NULL)
krb5_free_principal(ctx, ad_principal);
return code;
}
/*
* Create and attach a rotate surface to obj_surface
*/
VAStatus psb_CreateRotateSurface(
object_context_p obj_context,
object_surface_p obj_surface,
int msvdx_rotate
)
{
int width, height;
psb_surface_p rotate_surface = NULL;
bool rotate_surfaceAlloc = false;
VAStatus vaStatus = VA_STATUS_SUCCESS;
int need_realloc = 0;
unsigned int flags = 0;
psb_surface_share_info_p share_info = obj_surface->share_info;
psb_driver_data_p driver_data = obj_context->driver_data;
int rotate_stride = 0, rotate_tiling = 0;
object_config_p obj_config = CONFIG(obj_context->config_id);
unsigned char * surface_data;
CHECK_CONFIG(obj_config);
rotate_surface = obj_surface->out_loop_surface;
if (msvdx_rotate == 0
#ifdef OVERLAY_ENABLE_MIRROR
/*Bypass 180 degree rotate when overlay enabling mirror*/
|| msvdx_rotate == VA_ROTATION_180
#endif
)
return vaStatus;
if (rotate_surface) {
CHECK_SURFACE_REALLOC(rotate_surface, msvdx_rotate, need_realloc);
if (need_realloc == 0) {
goto exit;
} else { /* free the old rotate surface */
/*FIX ME: it is not safe to do that because surfaces may be in use for rendering.*/
psb_surface_destroy(obj_surface->out_loop_surface);
memset(rotate_surface, 0, sizeof(*rotate_surface));
}
} else {
rotate_surface = (psb_surface_p) calloc(1, sizeof(struct psb_surface_s));
CHECK_ALLOCATION(rotate_surface);
rotate_surfaceAlloc = true;
}
#ifdef PSBVIDEO_MSVDX_DEC_TILING
SET_SURFACE_INFO_tiling(rotate_surface, GET_SURFACE_INFO_tiling(obj_surface->psb_surface));
#endif
#ifdef PSBVIDEO_MRFL_VPP_ROTATE
SET_SURFACE_INFO_rotate(rotate_surface, msvdx_rotate);
#endif
drv_debug_msg(VIDEO_DEBUG_GENERAL, "Try to allocate surface for alternative rotate output\n");
flags = IS_ROTATED;
if (msvdx_rotate == 2 /* VA_ROTATION_180 */) {
width = obj_surface->width;
height = obj_surface->height;
#ifdef PSBVIDEO_MRFL_VPP_ROTATE
if (obj_config->entrypoint == VAEntrypointVideoProc &&
share_info && share_info->out_loop_khandle) {
vaStatus = psb_surface_create_from_kbuf(driver_data, width, height,
obj_surface->psb_surface->size, VA_FOURCC_NV12,
share_info->out_loop_khandle,
obj_surface->psb_surface->stride,
obj_surface->psb_surface->stride,
obj_surface->psb_surface->stride,
0, 0, 0, rotate_surface);
} else
#endif
vaStatus = psb_surface_create(driver_data, width, height, VA_FOURCC_NV12,
flags, rotate_surface);
} else {
width = obj_surface->height_origin;
height = (obj_surface->width + 0x1f) & ~0x1f;
#ifdef PSBVIDEO_MRFL_VPP_ROTATE
if (obj_config->entrypoint == VAEntrypointVideoProc &&
share_info && share_info->out_loop_khandle != 0) {
drv_debug_msg(VIDEO_DEBUG_GENERAL,"Create the surface from kbuf out_loop_khandle=%x!\n", share_info->out_loop_khandle);
rotate_tiling = GET_SURFACE_INFO_tiling(rotate_surface);
rotate_stride = get_surface_stride(width, rotate_tiling);
vaStatus = psb_surface_create_from_kbuf(driver_data, width, height,
(rotate_stride * height * 3) / 2, VA_FOURCC_NV12,
share_info->out_loop_khandle,
rotate_stride, rotate_stride, rotate_stride,
0, rotate_stride * height, rotate_stride * height,
rotate_surface);
} else
#endif
{
drv_debug_msg(VIDEO_DEBUG_GENERAL,"Create rotated buffer. width=%d, height=%d\n", width, height);
if (CONTEXT_SCALING(obj_context)) {
width = obj_context->scaling_buffer_height;
height = (obj_context->scaling_buffer_width+ 0x1f) & ~0x1f;
}
vaStatus = psb_surface_create(driver_data, width, height, VA_FOURCC_NV12,
flags, rotate_surface);
}
}
if (VA_STATUS_SUCCESS != vaStatus) {
free(rotate_surface);
obj_surface->out_loop_surface = NULL;
vaStatus = VA_STATUS_ERROR_ALLOCATION_FAILED;
DEBUG_FAILURE;
return vaStatus;
}
//clear rotation surface
if (CONTEXT_SCALING(obj_context)) {
if (psb_buffer_map(&rotate_surface->buf, &surface_data)) {
drv_debug_msg(VIDEO_DEBUG_ERROR, "Failed to map rotation buffer before clear it");
}
else {
memset(surface_data, 0, rotate_surface->chroma_offset);
memset(surface_data + rotate_surface->chroma_offset, 0x80,
rotate_surface->size - rotate_surface->chroma_offset);
psb_buffer_unmap(&rotate_surface->buf);
}
}
obj_surface->width_r = width;
obj_surface->height_r = height;
#ifdef PSBVIDEO_MSVDX_DEC_TILING
drv_debug_msg(VIDEO_DEBUG_GENERAL, "attempt to update tile context\n");
if (GET_SURFACE_INFO_tiling(rotate_surface) && obj_config->entrypoint != VAEntrypointVideoProc) {
drv_debug_msg(VIDEO_DEBUG_GENERAL, "update tile context\n");
object_context_p obj_context = CONTEXT(obj_surface->context_id);
if (NULL == obj_context) {
vaStatus = VA_STATUS_ERROR_INVALID_CONTEXT;
DEBUG_FAILURE;
if (rotate_surface != NULL && rotate_surfaceAlloc) {
free(rotate_surface);
rotate_surface = NULL;
}
return vaStatus;
}
unsigned long msvdx_tile = psb__tile_stride_log2_256(obj_surface->width_r);
obj_context->msvdx_tile &= 0xf; /* clear rotate tile */
obj_context->msvdx_tile |= (msvdx_tile << 4);
obj_context->ctp_type &= (~PSB_CTX_TILING_MASK); /* clear tile context */
obj_context->ctp_type |= ((obj_context->msvdx_tile & 0xff) << 16);
psb_update_context(driver_data, obj_context->ctp_type);
}
#endif
exit:
obj_surface->out_loop_surface = rotate_surface;
SET_SURFACE_INFO_rotate(rotate_surface, msvdx_rotate);
/* derive the protected flag from the primay surface */
SET_SURFACE_INFO_protect(rotate_surface,
GET_SURFACE_INFO_protect(obj_surface->psb_surface));
/*notify hwc that rotated buffer is ready to use.
* TODO: Do these in psb_SyncSurface()
*/
if (share_info != NULL) {
share_info->width_r = rotate_surface->stride;
share_info->height_r = obj_surface->height_r;
share_info->out_loop_khandle =
(uint32_t)(wsbmKBufHandle(wsbmKBuf(rotate_surface->buf.drm_buf)));
share_info->metadata_rotate = VAROTATION2HAL(driver_data->va_rotate);
share_info->surface_rotate = VAROTATION2HAL(msvdx_rotate);
share_info->out_loop_luma_stride = rotate_surface->stride;
share_info->out_loop_chroma_u_stride = rotate_surface->stride;
share_info->out_loop_chroma_v_stride = rotate_surface->stride;
}
return vaStatus;
}
/*
* Given the plugin options, a Kerberos context, and a pointer to krb5_ccache
* storage, initialize a memory cache using the configured keytab to obtain
* initial credentials. Returns a Kerberos status code.
*/
static krb5_error_code
get_creds(kadm5_hook_modinfo *config, krb5_context ctx, krb5_ccache *cc)
{
krb5_error_code code;
krb5_keytab kt = NULL;
krb5_principal princ = NULL;
krb5_get_init_creds_opt *opts = NULL;
krb5_creds creds;
bool creds_valid = false;
const char *realm UNUSED;
/* Initialize the credential cache pointer to NULL. */
*cc = NULL;
/* Ensure the configuration is sane. */
CHECK_CONFIG(ad_keytab);
CHECK_CONFIG(ad_principal);
/* Resolve the keytab and principal used to get credentials. */
code = krb5_kt_resolve(ctx, config->ad_keytab, &kt);
if (code != 0)
goto fail;
code = krb5_parse_name(ctx, config->ad_principal, &princ);
if (code != 0)
goto fail;
/* Set our credential acquisition options. */
code = krb5_get_init_creds_opt_alloc(ctx, &opts);
if (code != 0)
goto fail;
realm = krb5_principal_get_realm(ctx, princ);
krb5_get_init_creds_opt_set_default_flags(ctx, "krb5-sync", realm, opts);
/* Obtain credentials. */
memset(&creds, 0, sizeof(creds));
code = krb5_get_init_creds_keytab(ctx, &creds, princ, kt, 0, NULL, opts);
if (code != 0)
goto fail;
krb5_get_init_creds_opt_free(ctx, opts);
opts = NULL;
krb5_kt_close(ctx, kt);
kt = NULL;
creds_valid = true;
/* Open and initialize the credential cache. */
code = krb5_cc_resolve(ctx, CACHE_NAME, cc);
if (code != 0)
goto fail;
code = krb5_cc_initialize(ctx, *cc, princ);
if (code == 0)
code = krb5_cc_store_cred(ctx, *cc, &creds);
if (code != 0) {
krb5_cc_close(ctx, *cc);
*cc = NULL;
goto fail;
}
/* Clean up and return success. */
krb5_free_cred_contents(ctx, &creds);
krb5_free_principal(ctx, princ);
return 0;
fail:
if (kt != NULL)
krb5_kt_close(ctx, kt);
if (princ != NULL)
krb5_free_principal(ctx, princ);
if (opts != NULL)
krb5_get_init_creds_opt_free(ctx, opts);
if (creds_valid)
krb5_free_cred_contents(ctx, &creds);
return code;
}
