krb5_error_code krb5_ldap_parse_db_params(krb5_context context, char **db_args) { char *opt = NULL, *val = NULL; krb5_error_code ret = 0; krb5_ldap_context *ctx = context->dal_handle->db_context; if (db_args == NULL) return 0; for (; *db_args != NULL; db_args++) { ret = get_db_opt(*db_args, &opt, &val); if (ret) goto cleanup; /* Check for options which don't require values. */ if (!strcmp(opt, "temporary")) { /* "temporary" is passed by kdb5_util load without -update, * which we don't support. */ ret = EINVAL; k5_setmsg(context, ret, _("KDB module requires -update argument")); goto cleanup; } if (val == NULL) { ret = EINVAL; k5_setmsg(context, ret, _("'%s' value missing"), opt); goto cleanup; } /* Check for options which do require arguments. */ if (!strcmp(opt, "binddn")) { free(ctx->bind_dn); ctx->bind_dn = strdup(val); if (ctx->bind_dn == NULL) { ret = ENOMEM; goto cleanup; } } else if (!strcmp(opt, "nconns")) { ctx->max_server_conns = atoi(val) ? atoi(val) : DEFAULT_CONNS_PER_SERVER; } else if (!strcmp(opt, "bindpwd")) { free(ctx->bind_pwd); ctx->bind_pwd = strdup(val); if (ctx->bind_pwd == NULL) { ret = ENOMEM; goto cleanup; } } else if (!strcmp(opt, "sasl_mech")) { free(ctx->sasl_mech); ctx->sasl_mech = strdup(val); if (ctx->sasl_mech == NULL) { ret = ENOMEM; goto cleanup; } } else if (!strcmp(opt, "sasl_authcid")) { free(ctx->sasl_authcid); ctx->sasl_authcid = strdup(val); if (ctx->sasl_authcid == NULL) { ret = ENOMEM; goto cleanup; } } else if (!strcmp(opt, "sasl_authzid")) { free(ctx->sasl_authzid); ctx->sasl_authzid = strdup(val); if (ctx->sasl_authzid == NULL) { ret = ENOMEM; goto cleanup; } } else if (!strcmp(opt, "sasl_realm")) { free(ctx->sasl_realm); ctx->sasl_realm = strdup(val); if (ctx->sasl_realm == NULL) { ret = ENOMEM; goto cleanup; } } else if (!strcmp(opt, "host")) { ret = add_server_entry(context, val); if (ret) goto cleanup; } else if (!strcmp(opt, "debug")) { ctx->ldap_debug = atoi(val); } else { ret = EINVAL; k5_setmsg(context, ret, _("unknown option '%s'"), opt); goto cleanup; } free(opt); free(val); opt = val = NULL; } cleanup: free(opt); free(val); return ret; }
/* Using db_args and the profile, initialize the configurable parameters of the * DB context inside context. */ static krb5_error_code configure_context(krb5_context context, char *conf_section, char **db_args) { krb5_error_code status; krb5_db2_context *dbc; char **t_ptr, *opt = NULL, *val = NULL, *pval = NULL; profile_t profile = KRB5_DB_GET_PROFILE(context); int bval; status = ctx_get(context, &dbc); if (status != 0) return status; /* Allow unlockiter to be overridden by command line db_args. */ status = profile_get_boolean(profile, KDB_MODULE_SECTION, conf_section, KRB5_CONF_UNLOCKITER, FALSE, &bval); if (status != 0) goto cleanup; dbc->unlockiter = bval; for (t_ptr = db_args; t_ptr && *t_ptr; t_ptr++) { free(opt); free(val); status = get_db_opt(*t_ptr, &opt, &val); if (opt && !strcmp(opt, "dbname")) { dbc->db_name = strdup(val); if (dbc->db_name == NULL) { status = ENOMEM; goto cleanup; } } else if (!opt && !strcmp(val, "temporary")) { dbc->tempdb = 1; } else if (!opt && !strcmp(val, "merge_nra")) { ; } else if (opt && !strcmp(opt, "hash")) { dbc->hashfirst = TRUE; } else if (!opt && !strcmp(val, "unlockiter")) { dbc->unlockiter = TRUE; } else if (!opt && !strcmp(val, "lockiter")) { dbc->unlockiter = FALSE; } else { status = EINVAL; k5_setmsg(context, status, _("Unsupported argument \"%s\" for db2"), opt ? opt : val); goto cleanup; } } if (dbc->db_name == NULL) { /* Check for database_name in the db_module section. */ status = profile_get_string(profile, KDB_MODULE_SECTION, conf_section, KDB_DB2_DATABASE_NAME, NULL, &pval); if (status == 0 && pval == NULL) { /* For compatibility, check for database_name in the realm. */ status = profile_get_string(profile, KDB_REALM_SECTION, KRB5_DB_GET_REALM(context), KDB_DB2_DATABASE_NAME, DEFAULT_KDB_FILE, &pval); } if (status != 0) goto cleanup; dbc->db_name = strdup(pval); } status = profile_get_boolean(profile, KDB_MODULE_SECTION, conf_section, KRB5_CONF_DISABLE_LAST_SUCCESS, FALSE, &bval); if (status != 0) goto cleanup; dbc->disable_last_success = bval; status = profile_get_boolean(profile, KDB_MODULE_SECTION, conf_section, KRB5_CONF_DISABLE_LOCKOUT, FALSE, &bval); if (status != 0) goto cleanup; dbc->disable_lockout = bval; cleanup: free(opt); free(val); profile_release_string(pval); return status; }