goto cleanup;
}
- if (ldap_context->krbcontainer == NULL) {
- retval = krb5_ldap_read_krbcontainer_params (util_context,
- &(ldap_context->krbcontainer));
+ if (ldap_context->container_dn == NULL) {
+ retval = krb5_ldap_read_krbcontainer_dn(util_context,
+ &ldap_context->container_dn);
if (retval != 0) {
com_err(progname, retval,
_("while reading kerberos container information"));
}
/* read the kerberos container */
- if ((retval=krb5_ldap_read_krbcontainer_params (util_context,
- &(ldap_context->krbcontainer))) == KRB5_KDB_NOENTRY) {
+ retval = krb5_ldap_read_krbcontainer_dn(util_context,
+ &ldap_context->container_dn);
+ if (retval) {
/* Prompt the user for entering the DN of Kerberos container */
char krb_location[MAX_KRB_CONTAINER_LEN];
- krb5_ldap_krbcontainer_params kparams;
int krb_location_len = 0;
- memset(&kparams, 0, sizeof(kparams));
-
- /* Read the kerberos container location from configuration file */
- if (ldap_context->conf_section) {
- if ((retval=profile_get_string(util_context->profile,
- KDB_MODULE_SECTION, ldap_context->conf_section,
- KRB5_CONF_LDAP_KERBEROS_CONTAINER_DN, NULL,
- &kparams.DN)) != 0) {
- goto cleanup;
+
+ printf(_("Enter DN of Kerberos container: "));
+ if (fgets(krb_location, MAX_KRB_CONTAINER_LEN, stdin) != NULL) {
+ /* Remove the newline character at the end */
+ krb_location_len = strlen(krb_location);
+ if ((krb_location[krb_location_len - 1] == '\n') ||
+ (krb_location[krb_location_len - 1] == '\r')) {
+ krb_location[krb_location_len - 1] = '\0';
+ krb_location_len--;
}
- }
- if (kparams.DN == NULL) {
- if ((retval=profile_get_string(util_context->profile,
- KDB_MODULE_DEF_SECTION,
- KRB5_CONF_LDAP_KERBEROS_CONTAINER_DN, NULL,
- NULL, &kparams.DN)) != 0) {
+ ldap_context->container_dn = strdup(krb_location);
+ if (ldap_context->container_dn == NULL) {
+ retval = ENOMEM;
goto cleanup;
}
}
+ }
- printf(_("\nKerberos container is missing. Creating now...\n"));
- if (kparams.DN == NULL) {
- printf(_("Enter DN of Kerberos container: "));
- if (fgets(krb_location, MAX_KRB_CONTAINER_LEN, stdin) != NULL) {
- /* Remove the newline character at the end */
- krb_location_len = strlen(krb_location);
- if ((krb_location[krb_location_len - 1] == '\n') ||
- (krb_location[krb_location_len - 1] == '\r')) {
- krb_location[krb_location_len - 1] = '\0';
- krb_location_len--;
- }
- /* If the user has not given any input, take the default location */
- else if (krb_location[0] == '\0')
- kparams.DN = NULL;
- else
- kparams.DN = krb_location;
- } else
- kparams.DN = NULL;
- }
-
- /* create the kerberos container */
- retval = krb5_ldap_create_krbcontainer(util_context,
- ((kparams.DN != NULL) ? &kparams : NULL));
- if (retval)
- goto cleanup;
-
- retval = krb5_ldap_read_krbcontainer_params(util_context,
- &(ldap_context->krbcontainer));
- if (retval) {
- com_err(progname, retval,
- _("while reading kerberos container information"));
- goto cleanup;
- }
- } else if (retval) {
- com_err(progname, retval,
- _("while reading kerberos container information"));
+ /* create the kerberos container if it doesn't exist */
+ retval = krb5_ldap_create_krbcontainer(util_context,
+ ldap_context->container_dn);
+ if (retval)
goto cleanup;
- }
if ((retval = krb5_ldap_create_realm(util_context,
/* global_params.realm, */ rparams, mask))) {
goto cleanup;
}
- if ((retval = krb5_ldap_read_krbcontainer_params(util_context,
- &(ldap_context->krbcontainer)))) {
+ retval = krb5_ldap_read_krbcontainer_dn(util_context,
+ &ldap_context->container_dn);
+ if (retval) {
com_err(progname, retval,
_("while reading Kerberos container information"));
goto err_nomsg;
}
/* Read the kerberos container information */
- if ((retval = krb5_ldap_read_krbcontainer_params(util_context,
- &(ldap_context->krbcontainer))) != 0) {
+ retval = krb5_ldap_read_krbcontainer_dn(util_context,
+ &ldap_context->container_dn);
+ if (retval) {
com_err(progname, retval,
_("while reading kerberos container information"));
exit_status++;
}
/* Read the kerberos container information */
- if ((retval = krb5_ldap_read_krbcontainer_params(util_context,
- &(ldap_context->krbcontainer))) != 0) {
+ retval = krb5_ldap_read_krbcontainer_dn(util_context,
+ &ldap_context->container_dn);
+ if (retval) {
com_err(progname, retval,
_("while reading kerberos container information"));
exit_status++;
retval = krb5_ldap_list_realm(util_context, &list);
if (retval != 0) {
- krb5_ldap_free_krbcontainer_params(ldap_context->krbcontainer);
- ldap_context->krbcontainer = NULL;
com_err(progname, retval, _("while listing realms"));
exit_status++;
return;
}
/* This is to handle the case of realm not present */
- if (list == NULL) {
- krb5_ldap_free_krbcontainer_params(ldap_context->krbcontainer);
- ldap_context->krbcontainer = NULL;
+ if (list == NULL)
return;
- }
for (plist = list; *plist != NULL; plist++) {
printf("%s\n", *plist);
}
- krb5_ldap_free_krbcontainer_params(ldap_context->krbcontainer);
- ldap_context->krbcontainer = NULL;
krb5_free_list_entries(list);
free(list);
return;
}
- /* Read the kerberos container from the LDAP Server */
- if ((retval = krb5_ldap_read_krbcontainer_params(util_context,
- &(ldap_context->krbcontainer))) != 0) {
+ /* Read the kerberos container DN */
+ retval = krb5_ldap_read_krbcontainer_dn(util_context,
+ &ldap_context->container_dn);
+ if (retval) {
com_err(progname, retval,
_("while reading kerberos container information"));
exit_status++;
int mask = 0;
SETUP_CONTEXT();
- if ((retval=krb5_ldap_read_krbcontainer_params(context, &(ldap_context->krbcontainer)))) {
+ if ((retval=krb5_ldap_read_krbcontainer_dn(context, &(ldap_context->container_dn)))) {
prepend_err_str(context, _("Unable to read Kerberos container"),
retval, retval);
goto cleanup;
krb5_ldap_certificates **certificates;
krb5_ui_4 cert_count; /* certificate count */
k5_mutex_t hndl_lock;
- krb5_ldap_krbcontainer_params *krbcontainer;
+ char *container_dn;
krb5_ldap_realm_params *lrparams;
krb5_boolean disable_last_success;
krb5_boolean disable_lockout;
if (ldap_context == NULL)
return 0;
- krb5_ldap_free_krbcontainer_params(ldap_context->krbcontainer);
- ldap_context->krbcontainer = NULL;
+ free(ldap_context->container_dn);
+ ldap_context->container_dn = NULL;
krb5_ldap_free_realm_params(ldap_context->lrparams);
ldap_context->lrparams = NULL;
krb5_ldap_context *ldap_context=NULL;
krb5_boolean realm_obj_created = FALSE;
krb5_boolean krbcontainer_obj_created = FALSE;
- krb5_ldap_krbcontainer_params kparams = {0};
int srv_cnt = 0;
int mask = 0;
}
/* read the kerberos container */
- if ((status = krb5_ldap_read_krbcontainer_params(context,
- &(ldap_context->krbcontainer))) == KRB5_KDB_NOENTRY) {
-
- /* Read the kerberos container location from configuration file */
- if (ldap_context->conf_section) {
- if ((status = profile_get_string(context->profile,
- KDB_MODULE_SECTION, ldap_context->conf_section,
- KRB5_CONF_LDAP_KERBEROS_CONTAINER_DN, NULL,
- &kparams.DN)) != 0) {
- goto cleanup;
- }
- }
- if (kparams.DN == NULL) {
- if ((status = profile_get_string(context->profile,
- KDB_MODULE_DEF_SECTION,
- KRB5_CONF_LDAP_KERBEROS_CONTAINER_DN, NULL,
- NULL, &kparams.DN)) != 0) {
- goto cleanup;
- }
- }
-
- /* create the kerberos container */
- status = krb5_ldap_create_krbcontainer(context,
- ((kparams.DN != NULL) ? &kparams : NULL));
- if (status)
- goto cleanup;
-
- krbcontainer_obj_created = TRUE;
-
- status = krb5_ldap_read_krbcontainer_params(context,
- &(ldap_context->krbcontainer));
- if (status)
- goto cleanup;
+ status = krb5_ldap_read_krbcontainer_dn(context,
+ &ldap_context->container_dn);
+ if (status)
+ goto cleanup;
- } else if (status) {
+ status = krb5_ldap_create_krbcontainer(context,
+ ldap_context->container_dn);
+ if (status)
goto cleanup;
- }
rparams = (krb5_ldap_realm_params *) malloc(sizeof(krb5_ldap_realm_params));
if (rparams == NULL) {
if ((krbcontainer_obj_created) && (!realm_obj_created)) {
int rc;
rc = krb5_ldap_delete_krbcontainer(context,
- ((kparams.DN != NULL) ? &kparams : NULL));
+ ldap_context->container_dn);
krb5_set_error_message(context, rc,
_("could not complete roll-back, error "
"deleting Kerberos Container"));
}
- /* should call krb5_ldap_free_krbcontainer_params() but can't */
- if (kparams.DN != NULL)
- krb5_xfree(kparams.DN);
-
if (rparams)
krb5_ldap_free_realm_params(rparams);
#include "kdb_ldap.h"
#include "ldap_err.h"
-char *policyrefattribute[] = {"krbTicketPolicyReference",NULL};
-char *krbcontainerrefattr[] = {"krbContainerReference", NULL};
-
/*
- * Free the krb5_ldap_krbcontainer_params
- */
-
-void
-krb5_ldap_free_krbcontainer_params(krb5_ldap_krbcontainer_params *cparams)
-{
- if (cparams == NULL)
- return;
-
- if (cparams->policyreference)
- krb5_xfree(cparams->policyreference);
-
- if (cparams->parent)
- krb5_xfree(cparams->parent);
-
- if (cparams->DN)
- krb5_xfree(cparams->DN);
-
- krb5_xfree(cparams);
-
- return;
-}
-
-/*
- * Read the kerberos container. Kerberos container dn is read from the krb5.conf file.
- * In case of eDirectory, if the dn is not present in the conf file, refer Security Container
- * to fetch the dn information.
- *
- * Reading kerberos container includes reading the policyreference attribute and the policy
- * object to read the attributes associated with it.
+ * Read the kerberos container location from krb5.conf.
*/
krb5_error_code
-krb5_ldap_read_krbcontainer_params(krb5_context context,
- krb5_ldap_krbcontainer_params **cparamp)
-
+krb5_ldap_read_krbcontainer_dn(krb5_context context, char **container_dn)
{
- krb5_error_code st=0, tempst=0;
+ krb5_error_code st=0;
LDAP *ld=NULL;
- LDAPMessage *result=NULL, *ent=NULL;
- krb5_ldap_krbcontainer_params *cparams=NULL;
+ char *dn=NULL;
kdb5_dal_handle *dal_handle=NULL;
krb5_ldap_context *ldap_context=NULL;
krb5_ldap_server_handle *ldap_server_handle=NULL;
+ *container_dn = NULL;
SETUP_CONTEXT();
GET_HANDLE();
- cparams =(krb5_ldap_krbcontainer_params *) malloc(sizeof(krb5_ldap_krbcontainer_params));
- CHECK_NULL(cparams);
- memset(cparams, 0, sizeof(krb5_ldap_krbcontainer_params));
-
/* read kerberos containter location from [dbmodules] section of krb5.conf file */
if (ldap_context->conf_section) {
if ((st=profile_get_string(context->profile, KDB_MODULE_SECTION, ldap_context->conf_section,
KRB5_CONF_LDAP_KERBEROS_CONTAINER_DN, NULL,
- &cparams->DN)) != 0) {
+ &dn)) != 0) {
krb5_set_error_message(context, st,
_("Error reading kerberos container "
"location from krb5.conf"));
}
/* read kerberos containter location from [dbdefaults] section of krb5.conf file */
- if (cparams->DN == NULL) {
+ if (dn == NULL) {
if ((st=profile_get_string(context->profile, KDB_MODULE_DEF_SECTION,
KRB5_CONF_LDAP_KERBEROS_CONTAINER_DN, NULL,
- NULL, &cparams->DN)) != 0) {
+ NULL, &dn)) != 0) {
krb5_set_error_message(context, st,
_("Error reading kerberos container "
"location from krb5.conf"));
}
}
- if (cparams->DN == NULL) {
+ if (dn == NULL) {
st = KRB5_KDB_SERVER_INTERNAL_ERR;
krb5_set_error_message(context, st,
_("Kerberos container location not specified"));
goto cleanup;
}
- /* NOTE: krbmaxtktlife, krbmaxrenewableage ... present on Kerberos Container is
- * not read
- */
- LDAP_SEARCH_1(cparams->DN, LDAP_SCOPE_BASE, "(objectclass=krbContainer)", policyrefattribute, IGNORE_STATUS);
- if (st != LDAP_SUCCESS && st != LDAP_NO_SUCH_OBJECT) {
- st = set_ldap_error(context, st, OP_SEARCH);
- goto cleanup;
- }
-
- if (st == LDAP_NO_SUCH_OBJECT) {
- st = KRB5_KDB_NOENTRY;
- goto cleanup;
- }
-
- if ((ent = ldap_first_entry(ld, result))) {
- if ((st=krb5_ldap_get_string(ld, ent, "krbticketpolicyreference",
- &(cparams->policyreference), NULL)) != 0)
- goto cleanup;
- }
- ldap_msgfree(result);
-
- if (cparams->policyreference != NULL) {
- LDAP_SEARCH_1(cparams->policyreference, LDAP_SCOPE_BASE, NULL, policy_attributes, IGNORE_STATUS);
- if (st != LDAP_SUCCESS && st!= LDAP_NO_SUCH_OBJECT) {
- st = set_ldap_error(context, st, OP_SEARCH);
- goto cleanup;
- }
- st = LDAP_SUCCESS; /* reset the return status in case it is LDAP_NO_SUCH_OBJECT */
-
- ent=ldap_first_entry(ld, result);
- if (ent != NULL) {
- krb5_ldap_get_value(ld, ent, "krbmaxtktlife", &(cparams->max_life));
- krb5_ldap_get_value(ld, ent, "krbmaxrenewableage", &(cparams->max_renewable_life));
- krb5_ldap_get_value(ld, ent, "krbticketflags", &(cparams->tktflags));
- }
- ldap_msgfree(result);
- }
- *cparamp=cparams;
+ *container_dn = dn;
cleanup:
- if (st != 0) {
- krb5_ldap_free_krbcontainer_params(cparams);
- *cparamp=NULL;
- }
krb5_ldap_put_handle_to_pool(ldap_context, ldap_server_handle);
return st;
}
/* kerberos container structure */
-typedef struct _krb5_ldap_krbcontainer_params {
- char *parent;
- char *DN;
- char *policyreference;
- krb5_int32 max_life;
- krb5_int32 max_renewable_life;
- krb5_int32 tktflags;
-} krb5_ldap_krbcontainer_params;
-
-void
-krb5_ldap_free_krbcontainer_params(krb5_ldap_krbcontainer_params *);
-
krb5_error_code
-krb5_ldap_read_krbcontainer_params(krb5_context,
- krb5_ldap_krbcontainer_params **);
+krb5_ldap_read_krbcontainer_dn(krb5_context, char **);
krb5_error_code
-krb5_ldap_create_krbcontainer(krb5_context,
- const krb5_ldap_krbcontainer_params *);
+krb5_ldap_create_krbcontainer(krb5_context, const char *);
krb5_error_code
-krb5_ldap_delete_krbcontainer(krb5_context,
- const krb5_ldap_krbcontainer_params *);
+krb5_ldap_delete_krbcontainer(krb5_context, const char *);
#endif
krb5_clear_error_message(context);
SETUP_CONTEXT();
- if (ldap_context->lrparams == NULL || ldap_context->krbcontainer == NULL)
+ if (ldap_context->lrparams == NULL || ldap_context->container_dn == NULL)
return EINVAL;
/* get ldap handle */
SETUP_CONTEXT ();
/* get the kerberos container DN information */
- if (ldap_context->krbcontainer == NULL) {
- if ((st = krb5_ldap_read_krbcontainer_params(context,
- &(ldap_context->krbcontainer))) != 0)
+ if (ldap_context->container_dn == NULL) {
+ if ((st = krb5_ldap_read_krbcontainer_dn(context,
+ &(ldap_context->container_dn))) != 0)
goto cleanup;
}
{
char *cn[] = {"cn", NULL};
- LDAP_SEARCH(ldap_context->krbcontainer->DN,
+ LDAP_SEARCH(ldap_context->container_dn,
LDAP_SCOPE_ONELEVEL,
"(objectclass=krbRealmContainer)",
cn);
SETUP_CONTEXT ();
/* Check validity of arguments */
- if (ldap_context->krbcontainer == NULL ||
+ if (ldap_context->container_dn == NULL ||
rparams->tl_data == NULL ||
rparams->tl_data->tl_data_contents == NULL ||
((mask & LDAP_REALM_SUBTREE) && rparams->subtree == NULL) ||
/*
- * Create the Kerberos container in the Directory
+ * Create the Kerberos container in the Directory if it does not exist
*/
krb5_error_code
-krb5_ldap_create_krbcontainer(krb5_context context,
- const
- krb5_ldap_krbcontainer_params *krbcontparams)
+krb5_ldap_create_krbcontainer(krb5_context context, const char *dn)
{
LDAP *ld=NULL;
- char *strval[2]={NULL}, *kerberoscontdn=NULL, **rdns=NULL;
- int pmask=0;
+ char *strval[2]={NULL}, **rdns=NULL;
LDAPMod **mods = NULL;
krb5_error_code st=0;
kdb5_dal_handle *dal_handle=NULL;
/* get ldap handle */
GET_HANDLE ();
- if (krbcontparams != NULL && krbcontparams->DN != NULL) {
- kerberoscontdn = krbcontparams->DN;
- } else {
+ if (dn == NULL) {
st = EINVAL;
krb5_set_error_message(context, st,
_("Kerberos Container information is missing"));
if ((st=krb5_add_str_mem_ldap_mod(&mods, "objectclass", LDAP_MOD_ADD, strval)) != 0)
goto cleanup;
- rdns = ldap_explode_dn(kerberoscontdn, 1);
+ rdns = ldap_explode_dn(dn, 1);
if (rdns == NULL) {
st = EINVAL;
krb5_set_error_message(context, st,
if ((st=krb5_add_str_mem_ldap_mod(&mods, "cn", LDAP_MOD_ADD, strval)) != 0)
goto cleanup;
- /* check if the policy reference value exists and is of krbticketpolicyreference object class */
- if (krbcontparams && krbcontparams->policyreference) {
- st = checkattributevalue(ld, krbcontparams->policyreference, "objectclass", policyclass,
- &pmask);
- CHECK_CLASS_VALIDITY(st, pmask, _("ticket policy object value: "));
-
- strval[0] = krbcontparams->policyreference;
- strval[1] = NULL;
- if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbticketpolicyreference", LDAP_MOD_ADD,
- strval)) != 0)
- goto cleanup;
- }
-
/* create the kerberos container */
- if ((st = ldap_add_ext_s(ld, kerberoscontdn, mods, NULL, NULL)) != LDAP_SUCCESS) {
+ st = ldap_add_ext_s(ld, dn, mods, NULL, NULL);
+ if (st == LDAP_ALREADY_EXISTS)
+ st = LDAP_SUCCESS;
+ if (st != LDAP_SUCCESS) {
int ost = st;
st = translate_ldap_error (st, OP_ADD);
krb5_set_error_message(context, st,
*/
krb5_error_code
-krb5_ldap_delete_krbcontainer(krb5_context context,
- const
- krb5_ldap_krbcontainer_params *krbcontparams)
+krb5_ldap_delete_krbcontainer(krb5_context context, const char *dn)
{
LDAP *ld=NULL;
- char *kerberoscontdn=NULL;
krb5_error_code st=0;
kdb5_dal_handle *dal_handle=NULL;
krb5_ldap_context *ldap_context=NULL;
/* get ldap handle */
GET_HANDLE ();
- if (krbcontparams != NULL && krbcontparams->DN != NULL) {
- kerberoscontdn = krbcontparams->DN;
- } else {
+ if (dn == NULL) {
st = EINVAL;
krb5_set_error_message(context, st,
_("Kerberos Container information is missing"));
}
/* delete the kerberos container */
- if ((st = ldap_delete_ext_s(ld, kerberoscontdn, NULL, NULL)) != LDAP_SUCCESS) {
+ if ((st = ldap_delete_ext_s(ld, dn, NULL, NULL)) != LDAP_SUCCESS) {
int ost = st;
st = translate_ldap_error (st, OP_ADD);
krb5_set_error_message(context, st,
SETUP_CONTEXT ();
/* Check input validity ... */
- if (ldap_context->krbcontainer == NULL ||
- ldap_context->krbcontainer->DN == NULL ||
+ if (ldap_context->container_dn == NULL ||
rparams == NULL ||
rparams->realm_name == NULL ||
((mask & LDAP_REALM_SUBTREE) && rparams->subtree == NULL) ||
return st;
}
- if (ldap_context->krbcontainer == NULL) {
- if ((st = krb5_ldap_read_krbcontainer_params(context,
- &(ldap_context->krbcontainer))) != 0)
- goto cleanup;
- }
-
/* get ldap handle */
GET_HANDLE ();
realm_name = rparams->realm_name;
- if (asprintf(&dn, "cn=%s,%s", realm_name,
- ldap_context->krbcontainer->DN) < 0)
+ if (asprintf(&dn, "cn=%s,%s", realm_name, ldap_context->container_dn) < 0)
dn = NULL;
CHECK_NULL(dn);
krb5_ldap_read_realm_params(krb5_context context, char *lrealm,
krb5_ldap_realm_params **rlparamp, int *mask)
{
- char **values=NULL, *krbcontDN=NULL /*, *curr=NULL */;
+ char **values=NULL;
krb5_error_code st=0, tempst=0;
LDAP *ld=NULL;
LDAPMessage *result=NULL,*ent=NULL;
SETUP_CONTEXT ();
/* validate the input parameter */
- if (lrealm == NULL ||
- ldap_context->krbcontainer == NULL ||
- ldap_context->krbcontainer->DN == NULL) {
+ if (lrealm == NULL || ldap_context->container_dn == NULL) {
st = EINVAL;
goto cleanup;
}
- /* read kerberos container, if not read already */
- if (ldap_context->krbcontainer == NULL) {
- if ((st = krb5_ldap_read_krbcontainer_params(context,
- &(ldap_context->krbcontainer))) != 0)
- goto cleanup;
- }
/* get ldap handle */
GET_HANDLE ();
/* set default values */
rlparams->search_scope = LDAP_SCOPE_SUBTREE;
- krbcontDN = ldap_context->krbcontainer->DN;
-
- if (asprintf(&rlparams->realmdn, "cn=%s,%s", lrealm, krbcontDN) < 0) {
+ if (asprintf(&rlparams->realmdn, "cn=%s,%s", lrealm,
+ ldap_context->container_dn) < 0) {
rlparams->realmdn = NULL;
st = ENOMEM;
goto cleanup;
krb5_ldap_delete_principal
krb5_ldap_free_principal
krb5_ldap_iterate
-krb5_ldap_read_krbcontainer_params
+krb5_ldap_read_krbcontainer_dn
krb5_ldap_list_realm
krb5_ldap_read_realm_params
krb5_ldap_free_realm_params
krb5_dbe_free_contents
krb5_ldap_free_server_params
krb5_ldap_free_server_context_params
-krb5_ldap_free_krbcontainer_params
krb5_ldap_alloc
krb5_ldap_free
krb5_ldap_delete_realm_1
projects / thirdparty / krb5.git / commitdiff
