diff options
author | Jan Cholasta <jcholast@redhat.com> | 2011-08-23 10:53:22 +0200 |
---|---|---|
committer | Rob Crittenden <rcritten@redhat.com> | 2011-08-22 19:04:29 -0400 |
commit | a797f907ee43bb73fb649f200a27183c44a885a0 (patch) | |
tree | dbd32d55f3aa798eda5f2fa67e8a3edb70c1c549 | |
parent | aa2bd245bf6f6f5c17826512759d4f5fbe9d75d7 (diff) | |
download | freeipa-a797f907ee43bb73fb649f200a27183c44a885a0.tar.gz freeipa-a797f907ee43bb73fb649f200a27183c44a885a0.tar.xz freeipa-a797f907ee43bb73fb649f200a27183c44a885a0.zip |
Search for users in all the naming contexts present on the directory server.
ticket 1655, 1656
-rw-r--r-- | daemons/ipa-kpasswd/ipa_kpasswd.c | 39 |
1 files changed, 25 insertions, 14 deletions
diff --git a/daemons/ipa-kpasswd/ipa_kpasswd.c b/daemons/ipa-kpasswd/ipa_kpasswd.c index acec3db12..f973e425d 100644 --- a/daemons/ipa-kpasswd/ipa_kpasswd.c +++ b/daemons/ipa-kpasswd/ipa_kpasswd.c @@ -322,7 +322,6 @@ int ldap_pwd_change(char *client_name, char *realm_name, krb5_data pwd, char **e char hostname[1024]; char *uri; struct berval **ncvals; - char *ldap_base = NULL; char *filter; char *attrs[] = {"krbprincipalname", NULL}; char *root_attrs[] = {"namingContexts", NULL}; @@ -340,6 +339,7 @@ int ldap_pwd_change(char *client_name, char *realm_name, krb5_data pwd, char **e int ret, rc; int fd; int kpwd_err = KRB5_KPASSWD_HARDERROR; + int i; tmp_file = strdup(TMP_TEMPLATE); if (!tmp_file) { @@ -410,7 +410,6 @@ int ldap_pwd_change(char *client_name, char *realm_name, krb5_data pwd, char **e } /* find base dn */ - /* TODO: address the case where we have multiple naming contexts */ tv.tv_sec = 10; tv.tv_usec = 0; @@ -433,10 +432,8 @@ int ldap_pwd_change(char *client_name, char *realm_name, krb5_data pwd, char **e goto done; } - ldap_base = strdup(ncvals[0]->bv_val); - - ldap_value_free_len(ncvals); ldap_msgfree(res); + res = NULL; /* find user dn */ ret = asprintf(&filter, "krbPrincipalName=%s", client_name); @@ -448,8 +445,26 @@ int ldap_pwd_change(char *client_name, char *realm_name, krb5_data pwd, char **e tv.tv_sec = 10; tv.tv_usec = 0; - ret = ldap_search_ext_s(ld, ldap_base, LDAP_SCOPE_SUBTREE, - filter, attrs, 1, NULL, NULL, &tv, 0, &res); + for (i = 0; !userdn && ncvals[i]; i++) { + ret = ldap_search_ext_s(ld, ncvals[i]->bv_val, + LDAP_SCOPE_SUBTREE, filter, attrs, 1, + NULL, NULL, &tv, 0, &res); + + if (ret != LDAP_SUCCESS) { + break; + } + + /* for now just use the first result we get */ + entry = ldap_first_entry(ld, res); + if (entry) { + userdn = ldap_get_dn(ld, entry); + } + + ldap_msgfree(res); + res = NULL; + } + + ldap_value_free_len(ncvals); if (ret != LDAP_SUCCESS) { syslog(LOG_ERR, "Search for %s failed with error %d", @@ -460,14 +475,9 @@ int ldap_pwd_change(char *client_name, char *realm_name, krb5_data pwd, char **e } goto done; } - free(filter); - - /* for now just use the first result we get */ - entry = ldap_first_entry(ld, res); - userdn = ldap_get_dn(ld, entry); - ldap_msgfree(res); - res = NULL; + free(filter); + filter = NULL; if (!userdn) { syslog(LOG_ERR, "No userdn, can't change password!"); @@ -651,6 +661,7 @@ done: if (control) ber_bvfree(control); free(exterr1); free(exterr2); + free(filter); free(userdn); if (ld) ldap_unbind_ext(ld, NULL, NULL); if (tmp_file) { |