krb5_error_code
krb5_ldap_parse_db_params(krb5_context context, char **db_args)
{
char *opt = NULL, *val = NULL;
krb5_error_code ret = 0;
krb5_ldap_context *ctx = context->dal_handle->db_context;
if (db_args == NULL)
return 0;
for (; *db_args != NULL; db_args++) {
ret = get_db_opt(*db_args, &opt, &val);
if (ret)
goto cleanup;
/* Check for options which don't require values. */
if (!strcmp(opt, "temporary")) {
/* "temporary" is passed by kdb5_util load without -update,
* which we don't support. */
ret = EINVAL;
k5_setmsg(context, ret, _("KDB module requires -update argument"));
goto cleanup;
}
if (val == NULL) {
ret = EINVAL;
k5_setmsg(context, ret, _("'%s' value missing"), opt);
goto cleanup;
}
/* Check for options which do require arguments. */
if (!strcmp(opt, "binddn")) {
free(ctx->bind_dn);
ctx->bind_dn = strdup(val);
if (ctx->bind_dn == NULL) {
ret = ENOMEM;
goto cleanup;
}
} else if (!strcmp(opt, "nconns")) {
ctx->max_server_conns = atoi(val) ? atoi(val) :
DEFAULT_CONNS_PER_SERVER;
} else if (!strcmp(opt, "bindpwd")) {
free(ctx->bind_pwd);
ctx->bind_pwd = strdup(val);
if (ctx->bind_pwd == NULL) {
ret = ENOMEM;
goto cleanup;
}
} else if (!strcmp(opt, "sasl_mech")) {
free(ctx->sasl_mech);
ctx->sasl_mech = strdup(val);
if (ctx->sasl_mech == NULL) {
ret = ENOMEM;
goto cleanup;
}
} else if (!strcmp(opt, "sasl_authcid")) {
free(ctx->sasl_authcid);
ctx->sasl_authcid = strdup(val);
if (ctx->sasl_authcid == NULL) {
ret = ENOMEM;
goto cleanup;
}
} else if (!strcmp(opt, "sasl_authzid")) {
free(ctx->sasl_authzid);
ctx->sasl_authzid = strdup(val);
if (ctx->sasl_authzid == NULL) {
ret = ENOMEM;
goto cleanup;
}
} else if (!strcmp(opt, "sasl_realm")) {
free(ctx->sasl_realm);
ctx->sasl_realm = strdup(val);
if (ctx->sasl_realm == NULL) {
ret = ENOMEM;
goto cleanup;
}
} else if (!strcmp(opt, "host")) {
ret = add_server_entry(context, val);
if (ret)
goto cleanup;
} else if (!strcmp(opt, "debug")) {
ctx->ldap_debug = atoi(val);
} else {
ret = EINVAL;
k5_setmsg(context, ret, _("unknown option '%s'"), opt);
goto cleanup;
}
free(opt);
free(val);
opt = val = NULL;
}
cleanup:
free(opt);
free(val);
return ret;
}
/* Using db_args and the profile, initialize the configurable parameters of the
* DB context inside context. */
static krb5_error_code
configure_context(krb5_context context, char *conf_section, char **db_args)
{
krb5_error_code status;
krb5_db2_context *dbc;
char **t_ptr, *opt = NULL, *val = NULL, *pval = NULL;
profile_t profile = KRB5_DB_GET_PROFILE(context);
int bval;
status = ctx_get(context, &dbc);
if (status != 0)
return status;
/* Allow unlockiter to be overridden by command line db_args. */
status = profile_get_boolean(profile, KDB_MODULE_SECTION, conf_section,
KRB5_CONF_UNLOCKITER, FALSE, &bval);
if (status != 0)
goto cleanup;
dbc->unlockiter = bval;
for (t_ptr = db_args; t_ptr && *t_ptr; t_ptr++) {
free(opt);
free(val);
status = get_db_opt(*t_ptr, &opt, &val);
if (opt && !strcmp(opt, "dbname")) {
dbc->db_name = strdup(val);
if (dbc->db_name == NULL) {
status = ENOMEM;
goto cleanup;
}
}
else if (!opt && !strcmp(val, "temporary")) {
dbc->tempdb = 1;
} else if (!opt && !strcmp(val, "merge_nra")) {
;
} else if (opt && !strcmp(opt, "hash")) {
dbc->hashfirst = TRUE;
} else if (!opt && !strcmp(val, "unlockiter")) {
dbc->unlockiter = TRUE;
} else if (!opt && !strcmp(val, "lockiter")) {
dbc->unlockiter = FALSE;
} else {
status = EINVAL;
k5_setmsg(context, status,
_("Unsupported argument \"%s\" for db2"),
opt ? opt : val);
goto cleanup;
}
}
if (dbc->db_name == NULL) {
/* Check for database_name in the db_module section. */
status = profile_get_string(profile, KDB_MODULE_SECTION, conf_section,
KDB_DB2_DATABASE_NAME, NULL, &pval);
if (status == 0 && pval == NULL) {
/* For compatibility, check for database_name in the realm. */
status = profile_get_string(profile, KDB_REALM_SECTION,
KRB5_DB_GET_REALM(context),
KDB_DB2_DATABASE_NAME,
DEFAULT_KDB_FILE, &pval);
}
if (status != 0)
goto cleanup;
dbc->db_name = strdup(pval);
}
status = profile_get_boolean(profile, KDB_MODULE_SECTION, conf_section,
KRB5_CONF_DISABLE_LAST_SUCCESS, FALSE, &bval);
if (status != 0)
goto cleanup;
dbc->disable_last_success = bval;
status = profile_get_boolean(profile, KDB_MODULE_SECTION, conf_section,
KRB5_CONF_DISABLE_LOCKOUT, FALSE, &bval);
if (status != 0)
goto cleanup;
dbc->disable_lockout = bval;
cleanup:
free(opt);
free(val);
profile_release_string(pval);
return status;
}
