static int
iterate (krb5_context context,
const char *database_name,
HDB *db,
int type,
struct prop_data *pd)
{
int ret;
switch(type) {
case HPROP_MIT_DUMP:
ret = hdb_mit_dump(context, database_name, v5_prop, pd);
if (ret)
krb5_warn(context, ret, "mit_prop_dump");
break;
case HPROP_HEIMDAL:
ret = hdb_foreach(context, db, HDB_F_DECRYPT, v5_prop, pd);
if(ret)
krb5_warn(context, ret, "hdb_foreach");
break;
default:
krb5_errx(context, 1, "unknown prop type: %d", type);
}
return ret;
}
kadm5_ret_t
kadm5_s_get_principals(void *server_handle,
const char *expression,
char ***princs,
int *count)
{
struct foreach_data d;
kadm5_server_context *context = server_handle;
kadm5_ret_t ret;
ret = context->db->hdb_open(context->context, context->db, O_RDWR, 0);
if(ret) {
krb5_warn(context->context, ret, "opening database");
return ret;
}
d.exp = expression;
{
krb5_realm r;
krb5_get_default_realm(context->context, &r);
asprintf(&d.exp2, "%s@%s", expression, r);
free(r);
}
d.princs = NULL;
d.count = 0;
ret = hdb_foreach(context->context, context->db, HDB_F_ADMIN_DATA, foreach, &d);
context->db->hdb_close(context->context, context->db);
if(ret == 0)
ret = add_princ(&d, NULL);
if(ret == 0){
*princs = d.princs;
*count = d.count - 1;
}else
kadm5_free_name_list(context, d.princs, &d.count);
free(d.exp2);
return _kadm5_error_code(ret);
}
int
dump(struct dump_options *opt, int argc, char **argv)
{
krb5_error_code ret;
FILE *f;
struct hdb_print_entry_arg parg;
HDB *db = NULL;
if (!local_flag) {
krb5_warnx(context, "dump is only available in local (-l) mode");
return 0;
}
db = _kadm5_s_get_db(kadm_handle);
if (argc == 0)
f = stdout;
else
f = fopen(argv[0], "w");
if (f == NULL) {
krb5_warn(context, errno, "open: %s", argv[0]);
goto out;
}
ret = db->hdb_open(context, db, O_RDONLY, 0600);
if (ret) {
krb5_warn(context, ret, "hdb_open");
goto out;
}
if (!opt->format_string || strcmp(opt->format_string, "Heimdal") == 0) {
parg.fmt = HDB_DUMP_HEIMDAL;
} else if (opt->format_string && strcmp(opt->format_string, "MIT") == 0) {
parg.fmt = HDB_DUMP_MIT;
fprintf(f, "kdb5_util load_dump version 5\n"); /* 5||6, either way */
} else {
krb5_errx(context, 1, "Supported dump formats: Heimdal and MIT");
}
parg.out = f;
hdb_foreach(context, db, opt->decrypt_flag ? HDB_F_DECRYPT : 0,
hdb_print_entry, &parg);
db->hdb_close(context, db);
out:
if(f && f != stdout)
fclose(f);
return 0;
}
static void
iterate (krb5_context context,
const char *database,
HDB *db,
int type,
struct prop_data *pd)
{
int ret;
switch(type) {
case HPROP_KRB4_DUMP:
ret = v4_prop_dump(pd, database);
break;
#ifdef KRB4
case HPROP_KRB4_DB:
ret = kerb_db_iterate ((k_iter_proc_t)kdb_prop, pd);
if(ret)
krb5_errx(context, 1, "kerb_db_iterate: %s",
krb_get_err_text(ret));
break;
#endif /* KRB4 */
case HPROP_KASERVER:
ret = ka_dump(pd, database);
if(ret)
krb5_err(context, 1, ret, "ka_dump");
break;
case HPROP_MIT_DUMP:
ret = mit_prop_dump(pd, database);
if (ret)
krb5_errx(context, 1, "mit_prop_dump: %s",
krb5_get_err_text(context, ret));
break;
case HPROP_HEIMDAL:
ret = hdb_foreach(context, db, HDB_F_DECRYPT, v5_prop, pd);
if(ret)
krb5_err(context, 1, ret, "hdb_foreach");
break;
}
}
int
dump(struct dump_options *opt, int argc, char **argv)
{
krb5_error_code ret;
FILE *f;
HDB *db = NULL;
if(!local_flag) {
krb5_warnx(context, "dump is only available in local (-l) mode");
return 0;
}
db = _kadm5_s_get_db(kadm_handle);
if(argc == 0)
f = stdout;
else
f = fopen(argv[0], "w");
if(f == NULL) {
krb5_warn(context, errno, "open: %s", argv[0]);
goto out;
}
ret = db->hdb_open(context, db, O_RDONLY, 0600);
if(ret) {
krb5_warn(context, ret, "hdb_open");
goto out;
}
hdb_foreach(context, db, opt->decrypt_flag ? HDB_F_DECRYPT : 0,
hdb_print_entry, f);
db->hdb_close(context, db);
out:
if(f && f != stdout)
fclose(f);
return 0;
}
static int
send_complete (krb5_context context, slave *s,
const char *database, u_int32_t current_version)
{
krb5_error_code ret;
krb5_storage *sp;
HDB *db;
krb5_data data;
char buf[8];
ret = hdb_create (context, &db, database);
if (ret)
krb5_err (context, 1, ret, "hdb_create: %s", database);
ret = db->hdb_open (context, db, O_RDONLY, 0);
if (ret)
krb5_err (context, 1, ret, "db->open");
sp = krb5_storage_from_mem (buf, 4);
if (sp == NULL)
krb5_errx (context, 1, "krb5_storage_from_mem");
krb5_store_int32 (sp, TELL_YOU_EVERYTHING);
krb5_storage_free (sp);
data.data = buf;
data.length = 4;
ret = krb5_write_priv_message(context, s->ac, &s->fd, &data);
if (ret) {
krb5_warn (context, ret, "krb5_write_priv_message");
slave_dead(s);
return ret;
}
ret = hdb_foreach (context, db, 0, prop_one, s);
if (ret) {
krb5_warn (context, ret, "hdb_foreach");
slave_dead(s);
return ret;
}
(*db->hdb_close)(context, db);
(*db->hdb_destroy)(context, db);
sp = krb5_storage_from_mem (buf, 8);
if (sp == NULL)
krb5_errx (context, 1, "krb5_storage_from_mem");
krb5_store_int32 (sp, NOW_YOU_HAVE);
krb5_store_int32 (sp, current_version);
krb5_storage_free (sp);
data.length = 8;
s->version = current_version;
ret = krb5_write_priv_message(context, s->ac, &s->fd, &data);
if (ret) {
slave_dead(s);
krb5_warn (context, ret, "krb5_write_priv_message");
return ret;
}
slave_seen(s);
return 0;
}
static int
write_dump (krb5_context context, krb5_storage *dump,
const char *database, uint32_t current_version)
{
krb5_error_code ret;
krb5_storage *sp;
HDB *db;
krb5_data data;
char buf[8];
/* we assume that the caller has obtained an exclusive lock */
ret = krb5_storage_truncate(dump, 0);
if (ret)
return ret;
if (krb5_storage_seek(dump, 0, SEEK_SET) != 0)
return errno;
/*
* First we store zero as the HDB version, this will indicate to a
* later reader that the dumpfile is invalid. We later write the
* correct version in the file after we have written all of the
* messages. A dump with a zero version will not be considered
* to be valid.
*/
ret = krb5_store_uint32(dump, 0);
ret = hdb_create (context, &db, database);
if (ret)
krb5_err (context, IPROPD_RESTART, ret, "hdb_create: %s", database);
ret = db->hdb_open (context, db, O_RDONLY, 0);
if (ret)
krb5_err (context, IPROPD_RESTART, ret, "db->open");
sp = krb5_storage_from_mem (buf, 4);
if (sp == NULL)
krb5_errx (context, IPROPD_RESTART, "krb5_storage_from_mem");
krb5_store_uint32 (sp, TELL_YOU_EVERYTHING);
krb5_storage_free (sp);
data.data = buf;
data.length = 4;
ret = krb5_store_data(dump, data);
if (ret) {
krb5_warn (context, ret, "write_dump");
return ret;
}
ret = hdb_foreach (context, db, HDB_F_ADMIN_DATA, dump_one, dump);
if (ret) {
krb5_warn (context, ret, "write_dump: hdb_foreach");
return ret;
}
(*db->hdb_close)(context, db);
(*db->hdb_destroy)(context, db);
sp = krb5_storage_from_mem (buf, 8);
if (sp == NULL)
krb5_errx (context, IPROPD_RESTART, "krb5_storage_from_mem");
ret = krb5_store_uint32(sp, NOW_YOU_HAVE);
if (ret == 0)
krb5_store_uint32(sp, current_version);
krb5_storage_free (sp);
data.length = 8;
if (ret == 0)
ret = krb5_store_data(dump, data);
/*
* We must ensure that the entire valid dump is written to disk
* before we write the current version at the front thus making
* it a valid dump file. If we crash around here, this can be
* important upon reboot.
*/
if (ret == 0)
ret = krb5_storage_fsync(dump);
if (ret == 0 && krb5_storage_seek(dump, 0, SEEK_SET) == -1)
ret = errno;
/* Write current version at the front making the dump valid */
if (ret == 0)
ret = krb5_store_uint32(dump, current_version);
/*
* We don't need to fsync(2) after the real version is written as
* it is not a disaster if it doesn't make it to disk if we crash.
* After all, we'll just create a new dumpfile.
*/
if (ret == 0)
krb5_warnx(context, "wrote new dumpfile (version %u)",
current_version);
else
krb5_warn(context, ret, "failed to write new dumpfile (version %u)",
current_version);
return ret;
}
int
dump(struct dump_options *opt, int argc, char **argv)
{
krb5_error_code (*func)(krb5_context, HDB *, hdb_entry_ex *, void *);
krb5_error_code ret;
void *arg;
const char *format = "heimdal";
FILE *f = NULL;
if (opt->format_string)
format = opt->format_string;
if (strcasecmp(format, "heimdal") == 0) {
func = hdb_print_entry;
if (argc == 0) {
arg = stdout;
} else {
arg = f = fopen(argv[0], "w");
if (f == NULL) {
krb5_warn(context, errno, "failed to open %s", argv[0]);
return 0;
}
}
#ifdef __APPLE__
} else if (strcasecmp(format, "od") == 0) {
func = od_dump_entry;
if (argc == 0)
arg = rk_UNCONST(".");
else
arg = argv[0];
#endif
} else {
krb5_warnx(context, "unknown dump format: %s", format);
return 0;
}
if (opt->mit_dump_file_string) {
ret = hdb_mit_dump(context, opt->mit_dump_file_string,
func, arg);
if (ret)
krb5_warn(context, ret, "hdb_mit_dump");
} else {
HDB *db = NULL;
if (!local_flag) {
krb5_warnx(context, "od-dump is only available in local (-l) mode");
return 0;
}
db = _kadm5_s_get_db(kadm_handle);
ret = db->hdb_open(context, db, O_RDONLY, 0600);
if (ret) {
krb5_warn(context, ret, "hdb_open");
goto out;
}
ret = hdb_foreach(context, db, opt->decrypt_flag ? HDB_F_DECRYPT : 0,
func, arg);
if (ret)
krb5_warn(context, ret, "hdb_foreach");
db->hdb_close(context, db);
}
if (f)
fclose(f);
out:
return ret != 0;
}