diff options
author | Simo Sorce <ssorce@redhat.com> | 2011-10-10 15:42:11 -0400 |
---|---|---|
committer | Simo Sorce <ssorce@redhat.com> | 2011-11-07 14:25:07 -0500 |
commit | 18537d55a7fd21c81af8b56fde69c895b2fa3597 (patch) | |
tree | ac460a482411e88b3b534f8869f78aa31a095738 /daemons/ipa-kdb/ipa_kdb_common.c | |
parent | 97018212279be4ff70816194b1e6392b61da36dc (diff) | |
download | freeipa-18537d55a7fd21c81af8b56fde69c895b2fa3597.tar.gz freeipa-18537d55a7fd21c81af8b56fde69c895b2fa3597.tar.xz freeipa-18537d55a7fd21c81af8b56fde69c895b2fa3597.zip |
Add support for generating PAC for AS requests for user principals
Diffstat (limited to 'daemons/ipa-kdb/ipa_kdb_common.c')
-rw-r--r-- | daemons/ipa-kdb/ipa_kdb_common.c | 85 |
1 files changed, 85 insertions, 0 deletions
diff --git a/daemons/ipa-kdb/ipa_kdb_common.c b/daemons/ipa-kdb/ipa_kdb_common.c index 6f67be501..d3e8e9c4c 100644 --- a/daemons/ipa-kdb/ipa_kdb_common.c +++ b/daemons/ipa-kdb/ipa_kdb_common.c @@ -264,6 +264,56 @@ done: return kerr; } +krb5_error_code ipadb_deref_search(struct ipadb_context *ipactx, + char *entry_dn, char **entry_attrs, + char *deref_attr_name, char **deref_attrs, + LDAPMessage **res) +{ + struct berval derefval = { 0, NULL }; + LDAPControl *ctrl[2] = { NULL, NULL }; + LDAPDerefSpec ds[2]; + krb5_error_code kerr; + int times; + int ret; + + ds[0].derefAttr = deref_attr_name; + ds[0].attributes = deref_attrs; + ds[1].derefAttr = NULL; + + ret = ldap_create_deref_control_value(ipactx->lcontext, ds, &derefval); + if (ret != LDAP_SUCCESS) { + return ENOMEM; + } + + ret = ldap_control_create(LDAP_CONTROL_X_DEREF, + 1, &derefval, 1, &ctrl[0]); + if (ret != LDAP_SUCCESS) { + kerr = ENOMEM; + goto done; + } + + /* retry once if connection errors (tot. max. 2 tries) */ + times = 2; + ret = LDAP_SUCCESS; + while (!ipadb_need_retry(ipactx, ret) && times > 0) { + times--; + ret = ldap_search_ext_s(ipactx->lcontext, entry_dn, + LDAP_SCOPE_BASE, "(objectclass=*)", + entry_attrs, 0, + ctrl, NULL, + &std_timeout, LDAP_NO_LIMIT, + res); + } + + kerr = ipadb_simple_ldap_to_kerr(ret); + +done: + ldap_memfree(derefval.bv_val); + return kerr; +} + +/* result extraction */ + int ipadb_ldap_attr_to_int(LDAP *lcontext, LDAPMessage *le, char *attrname, int *result) { @@ -430,3 +480,38 @@ int ipadb_ldap_attr_has_value(LDAP *lcontext, LDAPMessage *le, return ret; } + +int ipadb_ldap_deref_results(LDAP *lcontext, LDAPMessage *le, + LDAPDerefRes **results) +{ + LDAPControl **ctrls = NULL; + LDAPControl *derefctrl = NULL; + int ret; + + ret = ldap_get_entry_controls(lcontext, le, &ctrls); + if (ret != LDAP_SUCCESS) { + return EINVAL; + } + + if (!ctrls) { + return ENOENT; + } + + derefctrl = ldap_control_find(LDAP_CONTROL_X_DEREF, ctrls, NULL); + if (!derefctrl) { + ret = ENOENT; + goto done; + } + + ret = ldap_parse_derefresponse_control(lcontext, derefctrl, results); + if (ret) { + ret = EINVAL; + goto done; + } + + ret = 0; + +done: + ldap_controls_free(ctrls); + return ret; +} |