Some more cleanup

Author: npanpaliya

aws/security_plugins/db2-aws-iam/README.md

@@ -26,8 +26,6 @@ sh build_aws_sdk.sh $OPENSSL_VER
 3. Build the plugin
 
 ```shell
-export INSTALLED_OPENSSL=$(openssl version | awk '{print $2}' | sed -e 's/[a-z]-*.*//' | awk -F. '{ print $1$2$3 }')
-export INSTALLED_JSON_C=$(yum info installed json-c | grep Version | sed -e 's/Version\s*: //g' | awk -F. '{ print $1$2$3 }')
 make
 ```
 
@@ -67,8 +65,6 @@ exit
 docker exec -ti mydb2 bash -c "su - db2inst1"
 declare -x DB2_HOME="${HOME}/sqllib"
 cd /mnt/db2-aws-iam
-export INSTALLED_OPENSSL=$(openssl version | awk '{print $2}' | sed -e 's/[a-z]-*.*//' | awk -F. '{ print $1$2$3 }')
-export INSTALLED_JSON_C=$(yum info installed json-c | grep Version | sed -e 's/Version\s*: //g' | awk -F. '{ print $1$2$3 }')
 make
 ```
 

aws/security_plugins/db2-aws-iam/src/Makefile

@@ -14,6 +14,9 @@ GROUP_MODULE := $(PLUGINDIR)/group/$(PRINCIPAL_NAME)group.so
 AWS_SDK_LIBS := -L/usr/local/lib64 -laws-cpp-sdk-core -laws-cpp-sdk-cognito-idp -Wl,-rpath,/opt/ibm/db2/V11.5/lib64
 CPPLIBS := -lstdc++
 
+export INSTALLED_OPENSSL := $(shell openssl version | awk '{print $2}' | sed -e 's/[a-z]-*.*//' | awk -F. '{ print $1$2$3 }')
+export INSTALLED_JSON_C := $(shell yum info installed json-c | grep Version | sed -e 's/Version\s*: //g' | awk -F. '{ print $1$2$3 }')
+
 _dummy := $(shell mkdir -p $(OBJDIR))
 _dummy := $(shell mkdir -p $(OUTPUTDIR))
 _dummy := $(shell mkdir -p $(PLUGINDIR)/server)

aws/security_plugins/db2-aws-iam/src/configSecPlugin.sh

@@ -22,7 +22,7 @@ else
     db2 update dbm cfg using AUTHENTICATION GSSPLUGIN
     db2 update dbm cfg using srvcon_auth GSS_SERVER_ENCRYPT
     db2 update dbm cfg using group_plugin ${PRINCIPAL_NAME}group
-    db2 update dbm cfg using sysadm_group NULL
+    #db2 update dbm cfg using sysadm_group NULL
     db2set DB2AUTH=OSAUTHDB,ALLOW_LOCAL_FALLBACK,PLUGIN_AUTO_RELOAD
 fi
 

aws/security_plugins/db2-aws-iam/src/gss/AWSIAMauthclient.c

@@ -317,7 +317,6 @@ SQL_API_RC SQL_API_FN GenerateInitialCredUserPassword
   char *localErrorMsg = NULL;
   char oneNullByte[] = {'\0'};
 
-
   IAM_TRACE_ENTRY("GenerateInitialCredUserPassword");
 
   if (newpasswordLen > 0)
@@ -545,118 +544,6 @@ SQL_API_RC SQL_API_FN GenerateInitialCredAccessToken
   goto exit;
 }
 
-/*
- * GenerateInitialCredApiKey
- */
-SQL_API_RC SQL_API_FN GenerateInitialCredApiKey
-(
-  const char *apikey,
-  db2int32 apikeyLen,
-  const char *apikeyspace,
-  db2int32 apikeyspaceLen,
-  db2int32 apikeyspaceType,
-  const char *dbname,
-  db2int32 dbnameLen,
-  gss_cred_id_t *pGSSCredHandle,
-  void **ppInitInfo,
-  char **errorMsg,
-  db2int32 *errorMsgLen
-)
-{
-  int rc = DB2SEC_PLUGIN_OK;
-  CRED_T *pCred;
-  char *localErrorMsg = NULL;
-  char oneNullByte[] = {'\0'};
-  const char *userid;
-  db2int32 useridLen;
-  IAM_TRACE_ENTRY("GenerateInitialCredApiKey");
-
-  if (!pGSSCredHandle)
-  {
-  	localErrorMsg = "GenerateInitialCredApiKey: pGSSCredHandle == NULL";
-    rc = DB2SEC_PLUGIN_UNKNOWNERROR;
-    goto exit;
-  }
-
-  /* Check lengths */
-  if (apikeyLen > TOKEN_MAX_AUTH_TOKEN_LEN)
-  {
-    rc = DB2SEC_PLUGIN_BADPWD;
-    localErrorMsg = "GenerateInitialCredApiKey: access token too long";
-    goto exit;
-  }
-
-  pCred = (CRED_T *)malloc(sizeof(CRED_T));
-  if (pCred == NULL)
-  {
-    goto malloc_fail;
-  }
-  memset(pCred, '\0', sizeof(CRED_T));
-
-  /* Deal with NULL userids and passwords by using a one-byte
-   * string containing only a NULL.  We flow this to the server
-   * and let it decide.
-   */
-
-  pCred->authtype = DB2SEC_AUTH_APIKEY;
-
-  //pCred->useridLen = 0;
-  //pCred->userid = NULL;
-  userid = oneNullByte;
-  useridLen = 1;
-  pCred->useridLen = useridLen;
-  pCred->userid = (char *)malloc(useridLen);
-  if (pCred->userid == NULL)
-  {
-    goto malloc_fail;
-  }
-  memcpy(pCred->userid, userid, useridLen);
-
-  pCred->authtokenLen = apikeyLen;
-  pCred->authtoken = (char *)malloc(apikeyLen);
-  if (pCred->authtoken == NULL)
-  {
-    goto malloc_fail;
-  }
-  memcpy(pCred->authtoken, apikey, apikeyLen);
-
-  *pGSSCredHandle = (gss_cred_id_t)pCred;
-
-exit:
-
-  /* No init info */
-  if (ppInitInfo != NULL)
-  {
-    *ppInitInfo = NULL;
-  }
-
-  if (localErrorMsg != NULL)
-  {
-    *errorMsg = localErrorMsg;
-    *errorMsgLen = strlen(localErrorMsg);
-  }
-  else
-  {
-    *errorMsg = NULL;
-    *errorMsgLen = 0;
-  }
-  IAM_TRACE_EXIT("GenerateInitialCredApiKey",rc);
-
-  return(rc);
-
-malloc_fail:
-  if (pCred != NULL)
-  {
-    if (pCred->authtoken != NULL) free(pCred->authtoken);
-    if (pCred->userid != NULL) free(pCred->userid);
-    free(pCred);
-  }
-
-  localErrorMsg = "GenerateInitialCredApiKey: malloc failed";
-  rc = DB2SEC_PLUGIN_NOMEM;
-
-  goto exit;
-}
 
 /******************************************************************************
 *
@@ -689,7 +576,7 @@ SQL_API_RC SQL_API_FN ProcessServerPrincipalName
   int rc = DB2SEC_PLUGIN_OK;
   NAME_T *pName;
   IAM_TRACE_ENTRY("ProcessServerPrincipalName");
-
+  
   /* No error messages */
   *errorMsg = NULL;
   *errorMsgLen = 0;
@@ -861,7 +748,7 @@ OM_uint32 SQL_API_FN gss_init_sec_context
   char *errMsg = NULL;
   int length;
   IAM_TRACE_ENTRY("gss_init_sec_context");
-
+  
   /* Check for unsupported options */
   if (context_handle == NULL)
   {
@@ -1140,7 +1027,6 @@ SQL_API_RC SQL_API_FN db2secClientAuthPluginInit
   pFPs->db2secGetDefaultLoginContext = GetDefaultLoginContext;
   pFPs->db2secGenerateInitialCred = GenerateInitialCredUserPassword;
   pFPs->db2secGenerateInitialCredAccessToken = GenerateInitialCredAccessToken;
-  pFPs->db2secGenerateInitialCredApiKey = GenerateInitialCredApiKey;
   pFPs->db2secProcessServerPrincipalName = ProcessServerPrincipalName;
   pFPs->db2secFreeToken = FreeToken;
   pFPs->db2secFreeInitInfo = FreeInitInfo;

aws/security_plugins/db2-aws-iam/src/test/Makefile

@@ -7,6 +7,8 @@ GROUP_MODULE := $(PRINCIPAL_NAME)group.so
 
 AWS_SDK_LIBS := -L/usr/local/lib64 -laws-cpp-sdk-core -laws-cpp-sdk-cognito-idp -Wl,-rpath,/usr/local/lib64
 CPPLIBS := -lstdc++
+export INSTALLED_OPENSSL := $(shell openssl version | awk '{print $2}' | sed -e 's/[a-z]-*.*//' | awk -F. '{ print $1$2$3 }')
+export INSTALLED_JSON_C := $(shell yum info installed json-c | grep Version | sed -e 's/Version\s*: //g' | awk -F. '{ print $1$2$3 }')
 
 CXXFLAGS := -D_GLIBCXX_USE_CXX11_ABI=0
 

aws/security_plugins/db2-aws-iam/src/test/teardown_cognito.sh

@@ -7,7 +7,7 @@ if [[ -f ./env.sh ]]; then
     		aws cognito-idp delete-user-pool --user-pool-id "$USERPOOLID"
 	fi
 	if [[ -f $AWS_USERPOOL_CFG_ENV ]]; then
-    		rm -f $AWS_USERPOOL_CFG_ENV
+    		rm -f $DB2_HOME$AWS_USERPOOL_CFG_ENV
 	fi
     	rm -f ./env.sh
 fi