diff --git a/aws/security_plugins/db2-aws-iam/README.md b/aws/security_plugins/db2-aws-iam/README.md index 381ad02..796a4f8 100644 --- a/aws/security_plugins/db2-aws-iam/README.md +++ b/aws/security_plugins/db2-aws-iam/README.md @@ -26,8 +26,6 @@ sh build_aws_sdk.sh $OPENSSL_VER 3. Build the plugin ```shell -export INSTALLED_OPENSSL=$(openssl version | awk '{print $2}' | sed -e 's/[a-z]-*.*//' | awk -F. '{ print $1$2$3 }') -export INSTALLED_JSON_C=$(yum info installed json-c | grep Version | sed -e 's/Version\s*: //g' | awk -F. '{ print $1$2$3 }') make ``` @@ -67,8 +65,6 @@ exit docker exec -ti mydb2 bash -c "su - db2inst1" declare -x DB2_HOME="${HOME}/sqllib" cd /mnt/db2-aws-iam -export INSTALLED_OPENSSL=$(openssl version | awk '{print $2}' | sed -e 's/[a-z]-*.*//' | awk -F. '{ print $1$2$3 }') -export INSTALLED_JSON_C=$(yum info installed json-c | grep Version | sed -e 's/Version\s*: //g' | awk -F. '{ print $1$2$3 }') make ``` diff --git a/aws/security_plugins/db2-aws-iam/src/Makefile b/aws/security_plugins/db2-aws-iam/src/Makefile index adf5d78..562e45b 100755 --- a/aws/security_plugins/db2-aws-iam/src/Makefile +++ b/aws/security_plugins/db2-aws-iam/src/Makefile @@ -14,6 +14,9 @@ GROUP_MODULE := $(PLUGINDIR)/group/$(PRINCIPAL_NAME)group.so AWS_SDK_LIBS := -L/usr/local/lib64 -laws-cpp-sdk-core -laws-cpp-sdk-cognito-idp -Wl,-rpath,/opt/ibm/db2/V11.5/lib64 CPPLIBS := -lstdc++ +export INSTALLED_OPENSSL := $(shell openssl version | awk '{print $2}' | sed -e 's/[a-z]-*.*//' | awk -F. '{ print $1$2$3 }') +export INSTALLED_JSON_C := $(shell yum info installed json-c | grep Version | sed -e 's/Version\s*: //g' | awk -F. '{ print $1$2$3 }') + _dummy := $(shell mkdir -p $(OBJDIR)) _dummy := $(shell mkdir -p $(OUTPUTDIR)) _dummy := $(shell mkdir -p $(PLUGINDIR)/server) diff --git a/aws/security_plugins/db2-aws-iam/src/configSecPlugin.sh b/aws/security_plugins/db2-aws-iam/src/configSecPlugin.sh index 4f20cbe..f3c947f 100755 --- a/aws/security_plugins/db2-aws-iam/src/configSecPlugin.sh +++ b/aws/security_plugins/db2-aws-iam/src/configSecPlugin.sh @@ -22,7 +22,7 @@ else db2 update dbm cfg using AUTHENTICATION GSSPLUGIN db2 update dbm cfg using srvcon_auth GSS_SERVER_ENCRYPT db2 update dbm cfg using group_plugin ${PRINCIPAL_NAME}group - db2 update dbm cfg using sysadm_group NULL + #db2 update dbm cfg using sysadm_group NULL db2set DB2AUTH=OSAUTHDB,ALLOW_LOCAL_FALLBACK,PLUGIN_AUTO_RELOAD fi diff --git a/aws/security_plugins/db2-aws-iam/src/gss/AWSIAMauthclient.c b/aws/security_plugins/db2-aws-iam/src/gss/AWSIAMauthclient.c index d35f554..73ba53b 100644 --- a/aws/security_plugins/db2-aws-iam/src/gss/AWSIAMauthclient.c +++ b/aws/security_plugins/db2-aws-iam/src/gss/AWSIAMauthclient.c @@ -317,7 +317,6 @@ SQL_API_RC SQL_API_FN GenerateInitialCredUserPassword char *localErrorMsg = NULL; char oneNullByte[] = {'\0'}; - IAM_TRACE_ENTRY("GenerateInitialCredUserPassword"); if (newpasswordLen > 0) @@ -545,118 +544,6 @@ SQL_API_RC SQL_API_FN GenerateInitialCredAccessToken goto exit; } -/* - * GenerateInitialCredApiKey - */ -SQL_API_RC SQL_API_FN GenerateInitialCredApiKey -( - const char *apikey, - db2int32 apikeyLen, - const char *apikeyspace, - db2int32 apikeyspaceLen, - db2int32 apikeyspaceType, - const char *dbname, - db2int32 dbnameLen, - gss_cred_id_t *pGSSCredHandle, - void **ppInitInfo, - char **errorMsg, - db2int32 *errorMsgLen -) -{ - int rc = DB2SEC_PLUGIN_OK; - CRED_T *pCred; - char *localErrorMsg = NULL; - char oneNullByte[] = {'\0'}; - const char *userid; - db2int32 useridLen; - IAM_TRACE_ENTRY("GenerateInitialCredApiKey"); - - if (!pGSSCredHandle) - { - localErrorMsg = "GenerateInitialCredApiKey: pGSSCredHandle == NULL"; - rc = DB2SEC_PLUGIN_UNKNOWNERROR; - goto exit; - } - - /* Check lengths */ - if (apikeyLen > TOKEN_MAX_AUTH_TOKEN_LEN) - { - rc = DB2SEC_PLUGIN_BADPWD; - localErrorMsg = "GenerateInitialCredApiKey: access token too long"; - goto exit; - } - - pCred = (CRED_T *)malloc(sizeof(CRED_T)); - if (pCred == NULL) - { - goto malloc_fail; - } - memset(pCred, '\0', sizeof(CRED_T)); - - /* Deal with NULL userids and passwords by using a one-byte - * string containing only a NULL. We flow this to the server - * and let it decide. - */ - - pCred->authtype = DB2SEC_AUTH_APIKEY; - - //pCred->useridLen = 0; - //pCred->userid = NULL; - userid = oneNullByte; - useridLen = 1; - pCred->useridLen = useridLen; - pCred->userid = (char *)malloc(useridLen); - if (pCred->userid == NULL) - { - goto malloc_fail; - } - memcpy(pCred->userid, userid, useridLen); - - pCred->authtokenLen = apikeyLen; - pCred->authtoken = (char *)malloc(apikeyLen); - if (pCred->authtoken == NULL) - { - goto malloc_fail; - } - memcpy(pCred->authtoken, apikey, apikeyLen); - - *pGSSCredHandle = (gss_cred_id_t)pCred; - -exit: - - /* No init info */ - if (ppInitInfo != NULL) - { - *ppInitInfo = NULL; - } - - if (localErrorMsg != NULL) - { - *errorMsg = localErrorMsg; - *errorMsgLen = strlen(localErrorMsg); - } - else - { - *errorMsg = NULL; - *errorMsgLen = 0; - } - IAM_TRACE_EXIT("GenerateInitialCredApiKey",rc); - - return(rc); - -malloc_fail: - if (pCred != NULL) - { - if (pCred->authtoken != NULL) free(pCred->authtoken); - if (pCred->userid != NULL) free(pCred->userid); - free(pCred); - } - - localErrorMsg = "GenerateInitialCredApiKey: malloc failed"; - rc = DB2SEC_PLUGIN_NOMEM; - - goto exit; -} /****************************************************************************** * @@ -689,7 +576,7 @@ SQL_API_RC SQL_API_FN ProcessServerPrincipalName int rc = DB2SEC_PLUGIN_OK; NAME_T *pName; IAM_TRACE_ENTRY("ProcessServerPrincipalName"); - + /* No error messages */ *errorMsg = NULL; *errorMsgLen = 0; @@ -861,7 +748,7 @@ OM_uint32 SQL_API_FN gss_init_sec_context char *errMsg = NULL; int length; IAM_TRACE_ENTRY("gss_init_sec_context"); - + /* Check for unsupported options */ if (context_handle == NULL) { @@ -1140,7 +1027,6 @@ SQL_API_RC SQL_API_FN db2secClientAuthPluginInit pFPs->db2secGetDefaultLoginContext = GetDefaultLoginContext; pFPs->db2secGenerateInitialCred = GenerateInitialCredUserPassword; pFPs->db2secGenerateInitialCredAccessToken = GenerateInitialCredAccessToken; - pFPs->db2secGenerateInitialCredApiKey = GenerateInitialCredApiKey; pFPs->db2secProcessServerPrincipalName = ProcessServerPrincipalName; pFPs->db2secFreeToken = FreeToken; pFPs->db2secFreeInitInfo = FreeInitInfo; diff --git a/aws/security_plugins/db2-aws-iam/src/test/Makefile b/aws/security_plugins/db2-aws-iam/src/test/Makefile index 1d9025c..7cc0a64 100755 --- a/aws/security_plugins/db2-aws-iam/src/test/Makefile +++ b/aws/security_plugins/db2-aws-iam/src/test/Makefile @@ -7,6 +7,8 @@ GROUP_MODULE := $(PRINCIPAL_NAME)group.so AWS_SDK_LIBS := -L/usr/local/lib64 -laws-cpp-sdk-core -laws-cpp-sdk-cognito-idp -Wl,-rpath,/usr/local/lib64 CPPLIBS := -lstdc++ +export INSTALLED_OPENSSL := $(shell openssl version | awk '{print $2}' | sed -e 's/[a-z]-*.*//' | awk -F. '{ print $1$2$3 }') +export INSTALLED_JSON_C := $(shell yum info installed json-c | grep Version | sed -e 's/Version\s*: //g' | awk -F. '{ print $1$2$3 }') CXXFLAGS := -D_GLIBCXX_USE_CXX11_ABI=0 diff --git a/aws/security_plugins/db2-aws-iam/src/test/teardown_cognito.sh b/aws/security_plugins/db2-aws-iam/src/test/teardown_cognito.sh index 3b403ad..914895f 100755 --- a/aws/security_plugins/db2-aws-iam/src/test/teardown_cognito.sh +++ b/aws/security_plugins/db2-aws-iam/src/test/teardown_cognito.sh @@ -7,7 +7,7 @@ if [[ -f ./env.sh ]]; then aws cognito-idp delete-user-pool --user-pool-id "$USERPOOLID" fi if [[ -f $AWS_USERPOOL_CFG_ENV ]]; then - rm -f $AWS_USERPOOL_CFG_ENV + rm -f $DB2_HOME$AWS_USERPOOL_CFG_ENV fi rm -f ./env.sh fi