source4/kdc/mit-kdb/kdb_samba.c

   1 /*
   2    Unix SMB/CIFS implementation.
   3
   4    Samba KDB plugin for MIT Kerberos
   5
   6    Copyright (c) 2010      Simo Sorce <idra@samba.org>.
   7    Copyright (c) 2014      Andreas Schneider <asn@samba.org>
   8
   9    This program is free software; you can redistribute it and/or modify
  10    it under the terms of the GNU General Public License as published by
  11    the Free Software Foundation; either version 3 of the License, or
  12    (at your option) any later version.
  13
  14    This program is distributed in the hope that it will be useful,
  15    but WITHOUT ANY WARRANTY; without even the implied warranty of
  16    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  17    GNU General Public License for more details.
  18
  19    You should have received a copy of the GNU General Public License
  20    along with this program.  If not, see <http://www.gnu.org/licenses/>.
  21 */
  22
  23 #include "includes.h"
  24
  25 #include "system/kerberos.h"
  26
  27 #include <profile.h>
  28 #include <kdb.h>
  29
  30 #include "kdc/mit_samba.h"
  31 #include "kdb_samba.h"
  32
  33 static krb5_error_code kdb_samba_init_library(void)
  34 {
  35         return 0;
  36 }
  37
  38 static krb5_error_code kdb_samba_fini_library(void)
  39 {
  40         return 0;
  41 }
  42
  43 static krb5_error_code kdb_samba_init_module(krb5_context context,
  44                                              char *conf_section,
  45                                              char **db_args,
  46                                              int mode)
  47 {
  48         /* TODO mit_samba_context_init */
  49         struct mit_samba_context *mit_ctx;
  50         krb5_error_code code;
  51         int rc;
  52
  53         rc = mit_samba_context_init(&mit_ctx);
  54         if (rc != 0) {
  55                 return ENOMEM;
  56         }
  57
  58
  59         code = krb5_db_set_context(context, mit_ctx);
  60
  61         return code;
  62 }
  63 static krb5_error_code kdb_samba_fini_module(krb5_context context)
  64 {
  65         struct mit_samba_context *mit_ctx;
  66
  67         mit_ctx = ks_get_context(context);
  68         if (mit_ctx == NULL) {
  69                 return 0;
  70         }
  71
  72         mit_samba_context_free(mit_ctx);
  73
  74         return 0;
  75 }
  76
  77 static krb5_error_code kdb_samba_db_create(krb5_context context,
  78                                            char *conf_section,
  79                                            char **db_args)
  80 {
  81         /* NOTE: used only by kadmin */
  82         return KRB5_KDB_DBTYPE_NOSUP;
  83 }
  84
  85 static krb5_error_code kdb_samba_db_destroy(krb5_context context,
  86                                             char *conf_section,
  87                                             char **db_args)
  88 {
  89         /* NOTE: used only by kadmin */
  90         return KRB5_KDB_DBTYPE_NOSUP;
  91 }
  92
  93 static krb5_error_code kdb_samba_db_get_age(krb5_context context,
  94                                             char *db_name,
  95                                             time_t *age)
  96 {
  97         /* TODO: returns last modification time of the db */
  98
  99         /* NOTE: used by and affects only lookaside cache,
 100          *       defer implementation until needed as samba doesn't keep this
 101          *       specific value readily available and it would require a full
 102          *       database search to get it. */
 103
 104         *age = time(NULL);
 105
 106         return 0;
 107 }
 108
 109 static krb5_error_code kdb_samba_db_lock(krb5_context context, int kmode)
 110 {
 111
 112         /* NOTE: important only for kadmin */
 113         /* NOTE: deferred as samba's DB cannot be easily locked and doesn't
 114          * really make sense to do so anyway as the db is shared and support
 115          * transactions */
 116         return 0;
 117 }
 118
 119 static krb5_error_code kdb_samba_db_unlock(krb5_context context)
 120 {
 121
 122         /* NOTE: important only for kadmin */
 123         /* NOTE: deferred as samba's DB cannot be easily locked and doesn't
 124          * really make sense to do so anyway as the db is shared and support
 125          * transactions */
 126         return 0;
 127 }
 128
 129 static void kdb_samba_db_free_principal_e_data(krb5_context context,
 130                                                krb5_octet *e_data)
 131 {
 132         struct samba_kdc_entry *skdc_entry;
 133
 134         skdc_entry = talloc_get_type_abort(e_data,
 135                                            struct samba_kdc_entry);
 136         talloc_set_destructor(skdc_entry, NULL);
 137         TALLOC_FREE(skdc_entry);
 138 }
 139
 140 kdb_vftabl kdb_function_table = {
 141         .maj_ver                   = KRB5_KDB_DAL_MAJOR_VERSION,
 142         .min_ver                   = 1,
 143
 144         .init_library              = kdb_samba_init_library,
 145         .fini_library              = kdb_samba_fini_library,
 146         .init_module               = kdb_samba_init_module,
 147         .fini_module               = kdb_samba_fini_module,
 148
 149         .create                    = kdb_samba_db_create,
 150         .destroy                   = kdb_samba_db_destroy,
 151         .get_age                   = kdb_samba_db_get_age,
 152         .lock                      = kdb_samba_db_lock,
 153         .unlock                    = kdb_samba_db_unlock,
 154
 155         .get_principal             = kdb_samba_db_get_principal,
 156         .put_principal             = kdb_samba_db_put_principal,
 157         .delete_principal          = kdb_samba_db_delete_principal,
 158
 159         .iterate                   = kdb_samba_db_iterate,
 160
 161         .fetch_master_key          = kdb_samba_fetch_master_key,
 162         .fetch_master_key_list     = kdb_samba_fetch_master_key_list,
 163
 164         .change_pwd                = kdb_samba_change_pwd,
 165
 166         .decrypt_key_data          = kdb_samba_dbekd_decrypt_key_data,
 167         .encrypt_key_data          = kdb_samba_dbekd_encrypt_key_data,
 168
 169         .sign_authdata             = kdb_samba_db_sign_auth_data,
 170         .check_policy_as           = kdb_samba_db_check_policy_as,
 171         .audit_as_req              = kdb_samba_db_audit_as_req,
 172         .check_allowed_to_delegate = kdb_samba_db_check_allowed_to_delegate,
 173
 174         .free_principal_e_data     = kdb_samba_db_free_principal_e_data,
 175 };