Exemplo n.º 1
0
krb5_error_code
krb5_ldap_parse_db_params(krb5_context context, char **db_args)
{
    char *opt = NULL, *val = NULL;
    krb5_error_code ret = 0;
    krb5_ldap_context *ctx = context->dal_handle->db_context;

    if (db_args == NULL)
        return 0;
    for (; *db_args != NULL; db_args++) {
        ret = get_db_opt(*db_args, &opt, &val);
        if (ret)
            goto cleanup;

        /* Check for options which don't require values. */
        if (!strcmp(opt, "temporary")) {
            /* "temporary" is passed by kdb5_util load without -update,
             * which we don't support. */
            ret = EINVAL;
            k5_setmsg(context, ret, _("KDB module requires -update argument"));
            goto cleanup;
        }

        if (val == NULL) {
            ret = EINVAL;
            k5_setmsg(context, ret, _("'%s' value missing"), opt);
            goto cleanup;
        }

        /* Check for options which do require arguments. */
        if (!strcmp(opt, "binddn")) {
            free(ctx->bind_dn);
            ctx->bind_dn = strdup(val);
            if (ctx->bind_dn == NULL) {
                ret = ENOMEM;
                goto cleanup;
            }
        } else if (!strcmp(opt, "nconns")) {
            ctx->max_server_conns = atoi(val) ? atoi(val) :
                DEFAULT_CONNS_PER_SERVER;
        } else if (!strcmp(opt, "bindpwd")) {
            free(ctx->bind_pwd);
            ctx->bind_pwd = strdup(val);
            if (ctx->bind_pwd == NULL) {
                ret = ENOMEM;
                goto cleanup;
            }
        } else if (!strcmp(opt, "sasl_mech")) {
            free(ctx->sasl_mech);
            ctx->sasl_mech = strdup(val);
            if (ctx->sasl_mech == NULL) {
                ret = ENOMEM;
                goto cleanup;
            }
        } else if (!strcmp(opt, "sasl_authcid")) {
            free(ctx->sasl_authcid);
            ctx->sasl_authcid = strdup(val);
            if (ctx->sasl_authcid == NULL) {
                ret = ENOMEM;
                goto cleanup;
            }
        } else if (!strcmp(opt, "sasl_authzid")) {
            free(ctx->sasl_authzid);
            ctx->sasl_authzid = strdup(val);
            if (ctx->sasl_authzid == NULL) {
                ret = ENOMEM;
                goto cleanup;
            }
        } else if (!strcmp(opt, "sasl_realm")) {
            free(ctx->sasl_realm);
            ctx->sasl_realm = strdup(val);
            if (ctx->sasl_realm == NULL) {
                ret = ENOMEM;
                goto cleanup;
            }
        } else if (!strcmp(opt, "host")) {
            ret = add_server_entry(context, val);
            if (ret)
                goto cleanup;
        } else if (!strcmp(opt, "debug")) {
            ctx->ldap_debug = atoi(val);
        } else {
            ret = EINVAL;
            k5_setmsg(context, ret, _("unknown option '%s'"), opt);
            goto cleanup;
        }

        free(opt);
        free(val);
        opt = val = NULL;
    }

cleanup:
    free(opt);
    free(val);
    return ret;
}
Exemplo n.º 2
0
/* Using db_args and the profile, initialize the configurable parameters of the
 * DB context inside context. */
static krb5_error_code
configure_context(krb5_context context, char *conf_section, char **db_args)
{
    krb5_error_code status;
    krb5_db2_context *dbc;
    char **t_ptr, *opt = NULL, *val = NULL, *pval = NULL;
    profile_t profile = KRB5_DB_GET_PROFILE(context);
    int bval;

    status = ctx_get(context, &dbc);
    if (status != 0)
        return status;

    /* Allow unlockiter to be overridden by command line db_args. */
    status = profile_get_boolean(profile, KDB_MODULE_SECTION, conf_section,
                                 KRB5_CONF_UNLOCKITER, FALSE, &bval);
    if (status != 0)
        goto cleanup;
    dbc->unlockiter = bval;

    for (t_ptr = db_args; t_ptr && *t_ptr; t_ptr++) {
        free(opt);
        free(val);
        status = get_db_opt(*t_ptr, &opt, &val);
        if (opt && !strcmp(opt, "dbname")) {
            dbc->db_name = strdup(val);
            if (dbc->db_name == NULL) {
                status = ENOMEM;
                goto cleanup;
            }
        }
        else if (!opt && !strcmp(val, "temporary")) {
            dbc->tempdb = 1;
        } else if (!opt && !strcmp(val, "merge_nra")) {
            ;
        } else if (opt && !strcmp(opt, "hash")) {
            dbc->hashfirst = TRUE;
        } else if (!opt && !strcmp(val, "unlockiter")) {
            dbc->unlockiter = TRUE;
        } else if (!opt && !strcmp(val, "lockiter")) {
            dbc->unlockiter = FALSE;
        } else {
            status = EINVAL;
            k5_setmsg(context, status,
                      _("Unsupported argument \"%s\" for db2"),
                      opt ? opt : val);
            goto cleanup;
        }
    }

    if (dbc->db_name == NULL) {
        /* Check for database_name in the db_module section. */
        status = profile_get_string(profile, KDB_MODULE_SECTION, conf_section,
                                    KDB_DB2_DATABASE_NAME, NULL, &pval);
        if (status == 0 && pval == NULL) {
            /* For compatibility, check for database_name in the realm. */
            status = profile_get_string(profile, KDB_REALM_SECTION,
                                        KRB5_DB_GET_REALM(context),
                                        KDB_DB2_DATABASE_NAME,
                                        DEFAULT_KDB_FILE, &pval);
        }
        if (status != 0)
            goto cleanup;
        dbc->db_name = strdup(pval);
    }

    status = profile_get_boolean(profile, KDB_MODULE_SECTION, conf_section,
                                 KRB5_CONF_DISABLE_LAST_SUCCESS, FALSE, &bval);
    if (status != 0)
        goto cleanup;
    dbc->disable_last_success = bval;

    status = profile_get_boolean(profile, KDB_MODULE_SECTION, conf_section,
                                 KRB5_CONF_DISABLE_LOCKOUT, FALSE, &bval);
    if (status != 0)
        goto cleanup;
    dbc->disable_lockout = bval;

cleanup:
    free(opt);
    free(val);
    profile_release_string(pval);
    return status;
}