From fb2394d309f33bdccde3a4e17f6fd994d452b425 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sun, 6 Nov 2005 14:15:34 +0000 Subject: r11536: Add a hook for client-principal access control to hdb-ldb, re-using the code in auth/auth_sam.c for consistancy. This will also allow us to have one place for a backend directory hook. I will use a very similar hook to add the PAC. Andrew Bartlett (This used to be commit 4315836cd8c94eb8340c4050804face4d0066810) --- source4/heimdal/kdc/misc.c | 56 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 56 insertions(+) (limited to 'source4/heimdal/kdc/misc.c') diff --git a/source4/heimdal/kdc/misc.c b/source4/heimdal/kdc/misc.c index 5a251607b6..b14bb50ea5 100644 --- a/source4/heimdal/kdc/misc.c +++ b/source4/heimdal/kdc/misc.c @@ -82,3 +82,59 @@ _kdc_free_ent(krb5_context context, hdb_entry *ent) free (ent); } +krb5_error_code +_kdc_db_fetch_ex(krb5_context context, + krb5_kdc_configuration *config, + krb5_principal principal, enum hdb_ent_type ent_type, + hdb_entry_ex **h) +{ + hdb_entry_ex *ent; + krb5_error_code ret = HDB_ERR_NOENTRY; + int i; + + ent = malloc (sizeof (*ent)); + if (ent == NULL) + return ENOMEM; + memset(ent, '\0', sizeof(*ent)); + + ent->entry.principal = principal; + + for(i = 0; i < config->num_db; i++) { + ret = config->db[i]->hdb_open(context, config->db[i], O_RDONLY, 0); + if (ret) { + kdc_log(context, config, 0, "Failed to open database: %s", + krb5_get_err_text(context, ret)); + continue; + } + if (config->db[i]->hdb_fetch_ex) { + ret = config->db[i]->hdb_fetch_ex(context, + config->db[i], + HDB_F_DECRYPT, + principal, + ent_type, + ent); + } else { + ret = config->db[i]->hdb_fetch(context, + config->db[i], + HDB_F_DECRYPT, + principal, + ent_type, + &ent->entry); + } + config->db[i]->hdb_close(context, config->db[i]); + if(ret == 0) { + *h = ent; + return 0; + } + } + free(ent); + return ret; +} + +void +_kdc_free_ent_ex(krb5_context context, hdb_entry_ex *ent) +{ + hdb_free_entry_ex (context, ent); + free (ent); +} + -- cgit