fix krb5_ldap_iterate to handle NULL match_expr and open_db_and_mkey to use KRB5_KDB_SRV_TYPE_ADMIN

When I ran kdb5_util dump I had two initial problems.  First, the LDAP
plugin was not finding the bind DN because open_db_and_mkey() was
passing KRB5_KDB_SRV_TYPE_OTHER to krb5_db_open().  When I change this
to KRB5_KDB_SRV_TYPE_ADMIN then the ldap_kadmind_dn parameter is used
from krb5.conf and a valid bind DN is found.  Second,
krb5_ldap_iterate() will core dump when it is called withy a NULL
match_expr arg.  This is how dump_db calls krb5_db_iterate().  I updated
krb5_ldap_iterate() to use a default_match_expr of "*" if match_expr ==
NULL.

ticket: new

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18736 dc483132-0cff-0310-8789-dd5450dbe970

1 files changed, 7 insertions, 0 deletions

diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c
index 0cbf8d82fc..3ace96cbad 100644
--- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c
+++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c
@@ -149,6 +149,7 @@ krb5_ldap_iterate(context, match_expr, func, func_arg)
     kdb5_dal_handle          *dal_handle=NULL;
     krb5_ldap_context        *ldap_context=NULL;
     krb5_ldap_server_handle  *ldap_server_handle=NULL;
+    char                     *default_match_expr = "*";
 
     /* Clear the global error string */
     krb5_clear_error_message(context);
@@ -166,6 +167,12 @@ krb5_ldap_iterate(context, match_expr, func, func_arg)
 	}
     }
 
+    /* 
+     * If no match_expr then iterate through all krb princs like the db2 plugin
+     */
+    if (match_expr == NULL)
+	match_expr = default_match_expr;
+
     filterlen = strlen(FILTER) + strlen(match_expr) + 2 + 1;  /* 2 for closing brackets */
     filter = malloc (filterlen);
     CHECK_NULL(filter);