diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c | 6 | ||||
| -rw-r--r-- | src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c | 106 | ||||
| -rw-r--r-- | src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c | 2 | ||||
| -rw-r--r-- | src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h | 2 | ||||
| -rw-r--r-- | src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c | 4 | ||||
| -rw-r--r-- | src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c | 49 | ||||
| -rw-r--r-- | src/plugins/kdb/ldap/libkdb_ldap/ldap_krbcontainer.c | 99 | ||||
| -rw-r--r-- | src/plugins/kdb/ldap/libkdb_ldap/ldap_krbcontainer.h | 21 | ||||
| -rw-r--r-- | src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c | 2 | ||||
| -rw-r--r-- | src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c | 83 | ||||
| -rw-r--r-- | src/plugins/kdb/ldap/libkdb_ldap/libkdb_ldap.exports | 3 |
11 files changed, 87 insertions, 290 deletions
diff --git a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c index 73b0d2f64..6ec711f55 100644 --- a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c +++ b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c @@ -63,9 +63,9 @@ init_ldap_realm(int argc, char *argv[]) goto cleanup; } - if (ldap_context->krbcontainer == NULL) { - retval = krb5_ldap_read_krbcontainer_params (util_context, - &(ldap_context->krbcontainer)); + if (ldap_context->container_dn == NULL) { + retval = krb5_ldap_read_krbcontainer_dn(util_context, + &ldap_context->container_dn); if (retval != 0) { com_err(progname, retval, _("while reading kerberos container information")); diff --git a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c index a479c6e46..1050fcd73 100644 --- a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c +++ b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c @@ -467,70 +467,35 @@ kdb5_ldap_create(int argc, char *argv[]) } /* read the kerberos container */ - if ((retval=krb5_ldap_read_krbcontainer_params (util_context, - &(ldap_context->krbcontainer))) == KRB5_KDB_NOENTRY) { + retval = krb5_ldap_read_krbcontainer_dn(util_context, + &ldap_context->container_dn); + if (retval) { /* Prompt the user for entering the DN of Kerberos container */ char krb_location[MAX_KRB_CONTAINER_LEN]; - krb5_ldap_krbcontainer_params kparams; int krb_location_len = 0; - memset(&kparams, 0, sizeof(kparams)); - - /* Read the kerberos container location from configuration file */ - if (ldap_context->conf_section) { - if ((retval=profile_get_string(util_context->profile, - KDB_MODULE_SECTION, ldap_context->conf_section, - KRB5_CONF_LDAP_KERBEROS_CONTAINER_DN, NULL, - &kparams.DN)) != 0) { - goto cleanup; + + printf(_("Enter DN of Kerberos container: ")); + if (fgets(krb_location, MAX_KRB_CONTAINER_LEN, stdin) != NULL) { + /* Remove the newline character at the end */ + krb_location_len = strlen(krb_location); + if ((krb_location[krb_location_len - 1] == '\n') || + (krb_location[krb_location_len - 1] == '\r')) { + krb_location[krb_location_len - 1] = '\0'; + krb_location_len--; } - } - if (kparams.DN == NULL) { - if ((retval=profile_get_string(util_context->profile, - KDB_MODULE_DEF_SECTION, - KRB5_CONF_LDAP_KERBEROS_CONTAINER_DN, NULL, - NULL, &kparams.DN)) != 0) { + ldap_context->container_dn = strdup(krb_location); + if (ldap_context->container_dn == NULL) { + retval = ENOMEM; goto cleanup; } } + } - printf(_("\nKerberos container is missing. Creating now...\n")); - if (kparams.DN == NULL) { - printf(_("Enter DN of Kerberos container: ")); - if (fgets(krb_location, MAX_KRB_CONTAINER_LEN, stdin) != NULL) { - /* Remove the newline character at the end */ - krb_location_len = strlen(krb_location); - if ((krb_location[krb_location_len - 1] == '\n') || - (krb_location[krb_location_len - 1] == '\r')) { - krb_location[krb_location_len - 1] = '\0'; - krb_location_len--; - } - /* If the user has not given any input, take the default location */ - else if (krb_location[0] == '\0') - kparams.DN = NULL; - else - kparams.DN = krb_location; - } else - kparams.DN = NULL; - } - - /* create the kerberos container */ - retval = krb5_ldap_create_krbcontainer(util_context, - ((kparams.DN != NULL) ? &kparams : NULL)); - if (retval) - goto cleanup; - - retval = krb5_ldap_read_krbcontainer_params(util_context, - &(ldap_context->krbcontainer)); - if (retval) { - com_err(progname, retval, - _("while reading kerberos container information")); - goto cleanup; - } - } else if (retval) { - com_err(progname, retval, - _("while reading kerberos container information")); + /* create the kerberos container if it doesn't exist */ + retval = krb5_ldap_create_krbcontainer(util_context, + ldap_context->container_dn); + if (retval) goto cleanup; - } if ((retval = krb5_ldap_create_realm(util_context, /* global_params.realm, */ rparams, mask))) { @@ -812,8 +777,9 @@ kdb5_ldap_modify(int argc, char *argv[]) goto cleanup; } - if ((retval = krb5_ldap_read_krbcontainer_params(util_context, - &(ldap_context->krbcontainer)))) { + retval = krb5_ldap_read_krbcontainer_dn(util_context, + &ldap_context->container_dn); + if (retval) { com_err(progname, retval, _("while reading Kerberos container information")); goto err_nomsg; @@ -965,8 +931,9 @@ kdb5_ldap_view(int argc, char *argv[]) } /* Read the kerberos container information */ - if ((retval = krb5_ldap_read_krbcontainer_params(util_context, - &(ldap_context->krbcontainer))) != 0) { + retval = krb5_ldap_read_krbcontainer_dn(util_context, + &ldap_context->container_dn); + if (retval) { com_err(progname, retval, _("while reading kerberos container information")); exit_status++; @@ -1165,8 +1132,9 @@ kdb5_ldap_list(int argc, char *argv[]) } /* Read the kerberos container information */ - if ((retval = krb5_ldap_read_krbcontainer_params(util_context, - &(ldap_context->krbcontainer))) != 0) { + retval = krb5_ldap_read_krbcontainer_dn(util_context, + &ldap_context->container_dn); + if (retval) { com_err(progname, retval, _("while reading kerberos container information")); exit_status++; @@ -1175,24 +1143,17 @@ kdb5_ldap_list(int argc, char *argv[]) retval = krb5_ldap_list_realm(util_context, &list); if (retval != 0) { - krb5_ldap_free_krbcontainer_params(ldap_context->krbcontainer); - ldap_context->krbcontainer = NULL; com_err(progname, retval, _("while listing realms")); exit_status++; return; } /* This is to handle the case of realm not present */ - if (list == NULL) { - krb5_ldap_free_krbcontainer_params(ldap_context->krbcontainer); - ldap_context->krbcontainer = NULL; + if (list == NULL) return; - } for (plist = list; *plist != NULL; plist++) { printf("%s\n", *plist); } - krb5_ldap_free_krbcontainer_params(ldap_context->krbcontainer); - ldap_context->krbcontainer = NULL; krb5_free_list_entries(list); free(list); @@ -1589,9 +1550,10 @@ kdb5_ldap_destroy(int argc, char *argv[]) return; } - /* Read the kerberos container from the LDAP Server */ - if ((retval = krb5_ldap_read_krbcontainer_params(util_context, - &(ldap_context->krbcontainer))) != 0) { + /* Read the kerberos container DN */ + retval = krb5_ldap_read_krbcontainer_dn(util_context, + &ldap_context->container_dn); + if (retval) { com_err(progname, retval, _("while reading kerberos container information")); exit_status++; diff --git a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c index b52d088ff..a29b3326e 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c +++ b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c @@ -113,7 +113,7 @@ krb5_ldap_read_startup_information(krb5_context context) int mask = 0; SETUP_CONTEXT(); - if ((retval=krb5_ldap_read_krbcontainer_params(context, &(ldap_context->krbcontainer)))) { + if ((retval=krb5_ldap_read_krbcontainer_dn(context, &(ldap_context->container_dn)))) { prepend_err_str(context, _("Unable to read Kerberos container"), retval, retval); goto cleanup; diff --git a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h index b40600780..30d3a4aef 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h +++ b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h @@ -212,7 +212,7 @@ typedef struct _krb5_ldap_context { krb5_ldap_certificates **certificates; krb5_ui_4 cert_count; /* certificate count */ k5_mutex_t hndl_lock; - krb5_ldap_krbcontainer_params *krbcontainer; + char *container_dn; krb5_ldap_realm_params *lrparams; krb5_boolean disable_last_success; krb5_boolean disable_lockout; diff --git a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c index 589672439..cd4b4ca35 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c +++ b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c @@ -334,8 +334,8 @@ krb5_ldap_free_ldap_context(krb5_ldap_context *ldap_context) if (ldap_context == NULL) return 0; - krb5_ldap_free_krbcontainer_params(ldap_context->krbcontainer); - ldap_context->krbcontainer = NULL; + free(ldap_context->container_dn); + ldap_context->container_dn = NULL; krb5_ldap_free_realm_params(ldap_context->lrparams); ldap_context->lrparams = NULL; diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c index 1dc4afcf7..86282ea2b 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c +++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c @@ -59,7 +59,6 @@ krb5_ldap_create(krb5_context context, char *conf_section, char **db_args) krb5_ldap_context *ldap_context=NULL; krb5_boolean realm_obj_created = FALSE; krb5_boolean krbcontainer_obj_created = FALSE; - krb5_ldap_krbcontainer_params kparams = {0}; int srv_cnt = 0; int mask = 0; @@ -218,43 +217,15 @@ krb5_ldap_create(krb5_context context, char *conf_section, char **db_args) } /* read the kerberos container */ - if ((status = krb5_ldap_read_krbcontainer_params(context, - &(ldap_context->krbcontainer))) == KRB5_KDB_NOENTRY) { - - /* Read the kerberos container location from configuration file */ - if (ldap_context->conf_section) { - if ((status = profile_get_string(context->profile, - KDB_MODULE_SECTION, ldap_context->conf_section, - KRB5_CONF_LDAP_KERBEROS_CONTAINER_DN, NULL, - &kparams.DN)) != 0) { - goto cleanup; - } - } - if (kparams.DN == NULL) { - if ((status = profile_get_string(context->profile, - KDB_MODULE_DEF_SECTION, - KRB5_CONF_LDAP_KERBEROS_CONTAINER_DN, NULL, - NULL, &kparams.DN)) != 0) { - goto cleanup; - } - } - - /* create the kerberos container */ - status = krb5_ldap_create_krbcontainer(context, - ((kparams.DN != NULL) ? &kparams : NULL)); - if (status) - goto cleanup; - - krbcontainer_obj_created = TRUE; - - status = krb5_ldap_read_krbcontainer_params(context, - &(ldap_context->krbcontainer)); - if (status) - goto cleanup; + status = krb5_ldap_read_krbcontainer_dn(context, + &ldap_context->container_dn); + if (status) + goto cleanup; - } else if (status) { + status = krb5_ldap_create_krbcontainer(context, + ldap_context->container_dn); + if (status) goto cleanup; - } rparams = (krb5_ldap_realm_params *) malloc(sizeof(krb5_ldap_realm_params)); if (rparams == NULL) { @@ -287,16 +258,12 @@ cleanup: if ((krbcontainer_obj_created) && (!realm_obj_created)) { int rc; rc = krb5_ldap_delete_krbcontainer(context, - ((kparams.DN != NULL) ? &kparams : NULL)); + ldap_context->container_dn); krb5_set_error_message(context, rc, _("could not complete roll-back, error " "deleting Kerberos Container")); } - /* should call krb5_ldap_free_krbcontainer_params() but can't */ - if (kparams.DN != NULL) - krb5_xfree(kparams.DN); - if (rparams) krb5_ldap_free_realm_params(rparams); diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_krbcontainer.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_krbcontainer.c index fabe633ab..e3b42f55a 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_krbcontainer.c +++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_krbcontainer.c @@ -32,67 +32,29 @@ #include "kdb_ldap.h" #include "ldap_err.h" -char *policyrefattribute[] = {"krbTicketPolicyReference",NULL}; -char *krbcontainerrefattr[] = {"krbContainerReference", NULL}; - /* - * Free the krb5_ldap_krbcontainer_params - */ - -void -krb5_ldap_free_krbcontainer_params(krb5_ldap_krbcontainer_params *cparams) -{ - if (cparams == NULL) - return; - - if (cparams->policyreference) - krb5_xfree(cparams->policyreference); - - if (cparams->parent) - krb5_xfree(cparams->parent); - - if (cparams->DN) - krb5_xfree(cparams->DN); - - krb5_xfree(cparams); - - return; -} - -/* - * Read the kerberos container. Kerberos container dn is read from the krb5.conf file. - * In case of eDirectory, if the dn is not present in the conf file, refer Security Container - * to fetch the dn information. - * - * Reading kerberos container includes reading the policyreference attribute and the policy - * object to read the attributes associated with it. + * Read the kerberos container location from krb5.conf. */ krb5_error_code -krb5_ldap_read_krbcontainer_params(krb5_context context, - krb5_ldap_krbcontainer_params **cparamp) - +krb5_ldap_read_krbcontainer_dn(krb5_context context, char **container_dn) { - krb5_error_code st=0, tempst=0; + krb5_error_code st=0; LDAP *ld=NULL; - LDAPMessage *result=NULL, *ent=NULL; - krb5_ldap_krbcontainer_params *cparams=NULL; + char *dn=NULL; kdb5_dal_handle *dal_handle=NULL; krb5_ldap_context *ldap_context=NULL; krb5_ldap_server_handle *ldap_server_handle=NULL; + *container_dn = NULL; SETUP_CONTEXT(); GET_HANDLE(); - cparams =(krb5_ldap_krbcontainer_params *) malloc(sizeof(krb5_ldap_krbcontainer_params)); - CHECK_NULL(cparams); - memset(cparams, 0, sizeof(krb5_ldap_krbcontainer_params)); - /* read kerberos containter location from [dbmodules] section of krb5.conf file */ if (ldap_context->conf_section) { if ((st=profile_get_string(context->profile, KDB_MODULE_SECTION, ldap_context->conf_section, KRB5_CONF_LDAP_KERBEROS_CONTAINER_DN, NULL, - &cparams->DN)) != 0) { + &dn)) != 0) { krb5_set_error_message(context, st, _("Error reading kerberos container " "location from krb5.conf")); @@ -101,10 +63,10 @@ krb5_ldap_read_krbcontainer_params(krb5_context context, } /* read kerberos containter location from [dbdefaults] section of krb5.conf file */ - if (cparams->DN == NULL) { + if (dn == NULL) { if ((st=profile_get_string(context->profile, KDB_MODULE_DEF_SECTION, KRB5_CONF_LDAP_KERBEROS_CONTAINER_DN, NULL, - NULL, &cparams->DN)) != 0) { + NULL, &dn)) != 0) { krb5_set_error_message(context, st, _("Error reading kerberos container " "location from krb5.conf")); @@ -112,57 +74,16 @@ krb5_ldap_read_krbcontainer_params(krb5_context context, } } - if (cparams->DN == NULL) { + if (dn == NULL) { st = KRB5_KDB_SERVER_INTERNAL_ERR; krb5_set_error_message(context, st, _("Kerberos container location not specified")); goto cleanup; } - /* NOTE: krbmaxtktlife, krbmaxrenewableage ... present on Kerberos Container is - * not read - */ - LDAP_SEARCH_1(cparams->DN, LDAP_SCOPE_BASE, "(objectclass=krbContainer)", policyrefattribute, IGNORE_STATUS); - if (st != LDAP_SUCCESS && st != LDAP_NO_SUCH_OBJECT) { - st = set_ldap_error(context, st, OP_SEARCH); - goto cleanup; - } - - if (st == LDAP_NO_SUCH_OBJECT) { - st = KRB5_KDB_NOENTRY; - goto cleanup; - } - - if ((ent = ldap_first_entry(ld, result))) { - if ((st=krb5_ldap_get_string(ld, ent, "krbticketpolicyreference", - &(cparams->policyreference), NULL)) != 0) - goto cleanup; - } - ldap_msgfree(result); - - if (cparams->policyreference != NULL) { - LDAP_SEARCH_1(cparams->policyreference, LDAP_SCOPE_BASE, NULL, policy_attributes, IGNORE_STATUS); - if (st != LDAP_SUCCESS && st!= LDAP_NO_SUCH_OBJECT) { - st = set_ldap_error(context, st, OP_SEARCH); - goto cleanup; - } - st = LDAP_SUCCESS; /* reset the return status in case it is LDAP_NO_SUCH_OBJECT */ - - ent=ldap_first_entry(ld, result); - if (ent != NULL) { - krb5_ldap_get_value(ld, ent, "krbmaxtktlife", &(cparams->max_life)); - krb5_ldap_get_value(ld, ent, "krbmaxrenewableage", &(cparams->max_renewable_life)); - krb5_ldap_get_value(ld, ent, "krbticketflags", &(cparams->tktflags)); - } - ldap_msgfree(result); - } - *cparamp=cparams; + *container_dn = dn; cleanup: - if (st != 0) { - krb5_ldap_free_krbcontainer_params(cparams); - *cparamp=NULL; - } krb5_ldap_put_handle_to_pool(ldap_context, ldap_server_handle); return st; } diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_krbcontainer.h b/src/plugins/kdb/ldap/libkdb_ldap/ldap_krbcontainer.h index f1feb22d3..549f8ce94 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_krbcontainer.h +++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_krbcontainer.h @@ -35,28 +35,13 @@ /* kerberos container structure */ -typedef struct _krb5_ldap_krbcontainer_params { - char *parent; - char *DN; - char *policyreference; - krb5_int32 max_life; - krb5_int32 max_renewable_life; - krb5_int32 tktflags; -} krb5_ldap_krbcontainer_params; - -void -krb5_ldap_free_krbcontainer_params(krb5_ldap_krbcontainer_params *); - krb5_error_code -krb5_ldap_read_krbcontainer_params(krb5_context, - krb5_ldap_krbcontainer_params **); +krb5_ldap_read_krbcontainer_dn(krb5_context, char **); krb5_error_code -krb5_ldap_create_krbcontainer(krb5_context, - const krb5_ldap_krbcontainer_params *); +krb5_ldap_create_krbcontainer(krb5_context, const char *); krb5_error_code -krb5_ldap_delete_krbcontainer(krb5_context, - const krb5_ldap_krbcontainer_params *); +krb5_ldap_delete_krbcontainer(krb5_context, const char *); #endif diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c index 00fbce184..1e671c7ed 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c +++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c @@ -517,7 +517,7 @@ krb5_ldap_put_principal(krb5_context context, krb5_db_entry *entry, krb5_clear_error_message(context); SETUP_CONTEXT(); - if (ldap_context->lrparams == NULL || ldap_context->krbcontainer == NULL) + if (ldap_context->lrparams == NULL || ldap_context->container_dn == NULL) return EINVAL; /* get ldap handle */ diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c index 7e0d45689..35daf5f63 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c +++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c @@ -130,9 +130,9 @@ krb5_ldap_list_realm(krb5_context context, char ***realms) SETUP_CONTEXT (); /* get the kerberos container DN information */ - if (ldap_context->krbcontainer == NULL) { - if ((st = krb5_ldap_read_krbcontainer_params(context, - &(ldap_context->krbcontainer))) != 0) + if (ldap_context->container_dn == NULL) { + if ((st = krb5_ldap_read_krbcontainer_dn(context, + &(ldap_context->container_dn))) != 0) goto cleanup; } @@ -141,7 +141,7 @@ krb5_ldap_list_realm(krb5_context context, char ***realms) { char *cn[] = {"cn", NULL}; - LDAP_SEARCH(ldap_context->krbcontainer->DN, + LDAP_SEARCH(ldap_context->container_dn, LDAP_SCOPE_ONELEVEL, "(objectclass=krbRealmContainer)", cn); @@ -359,7 +359,7 @@ krb5_ldap_modify_realm(krb5_context context, krb5_ldap_realm_params *rparams, SETUP_CONTEXT (); /* Check validity of arguments */ - if (ldap_context->krbcontainer == NULL || + if (ldap_context->container_dn == NULL || rparams->tl_data == NULL || rparams->tl_data->tl_data_contents == NULL || ((mask & LDAP_REALM_SUBTREE) && rparams->subtree == NULL) || @@ -474,17 +474,14 @@ cleanup: /* - * Create the Kerberos container in the Directory + * Create the Kerberos container in the Directory if it does not exist */ krb5_error_code -krb5_ldap_create_krbcontainer(krb5_context context, - const - krb5_ldap_krbcontainer_params *krbcontparams) +krb5_ldap_create_krbcontainer(krb5_context context, const char *dn) { LDAP *ld=NULL; - char *strval[2]={NULL}, *kerberoscontdn=NULL, **rdns=NULL; - int pmask=0; + char *strval[2]={NULL}, **rdns=NULL; LDAPMod **mods = NULL; krb5_error_code st=0; kdb5_dal_handle *dal_handle=NULL; @@ -496,9 +493,7 @@ krb5_ldap_create_krbcontainer(krb5_context context, /* get ldap handle */ GET_HANDLE (); - if (krbcontparams != NULL && krbcontparams->DN != NULL) { - kerberoscontdn = krbcontparams->DN; - } else { + if (dn == NULL) { st = EINVAL; krb5_set_error_message(context, st, _("Kerberos Container information is missing")); @@ -510,7 +505,7 @@ krb5_ldap_create_krbcontainer(krb5_context context, if ((st=krb5_add_str_mem_ldap_mod(&mods, "objectclass", LDAP_MOD_ADD, strval)) != 0) goto cleanup; - rdns = ldap_explode_dn(kerberoscontdn, 1); + rdns = ldap_explode_dn(dn, 1); if (rdns == NULL) { st = EINVAL; krb5_set_error_message(context, st, @@ -523,21 +518,11 @@ krb5_ldap_create_krbcontainer(krb5_context context, if ((st=krb5_add_str_mem_ldap_mod(&mods, "cn", LDAP_MOD_ADD, strval)) != 0) goto cleanup; - /* check if the policy reference value exists and is of krbticketpolicyreference object class */ - if (krbcontparams && krbcontparams->policyreference) { - st = checkattributevalue(ld, krbcontparams->policyreference, "objectclass", policyclass, - &pmask); - CHECK_CLASS_VALIDITY(st, pmask, _("ticket policy object value: ")); - - strval[0] = krbcontparams->policyreference; - strval[1] = NULL; - if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbticketpolicyreference", LDAP_MOD_ADD, - strval)) != 0) - goto cleanup; - } - /* create the kerberos container */ - if ((st = ldap_add_ext_s(ld, kerberoscontdn, mods, NULL, NULL)) != LDAP_SUCCESS) { + st = ldap_add_ext_s(ld, dn, mods, NULL, NULL); + if (st == LDAP_ALREADY_EXISTS) + st = LDAP_SUCCESS; + if (st != LDAP_SUCCESS) { int ost = st; st = translate_ldap_error (st, OP_ADD); krb5_set_error_message(context, st, @@ -561,12 +546,9 @@ cleanup: */ krb5_error_code -krb5_ldap_delete_krbcontainer(krb5_context context, - const - krb5_ldap_krbcontainer_params *krbcontparams) +krb5_ldap_delete_krbcontainer(krb5_context context, const char *dn) { LDAP *ld=NULL; - char *kerberoscontdn=NULL; krb5_error_code st=0; kdb5_dal_handle *dal_handle=NULL; krb5_ldap_context *ldap_context=NULL; @@ -577,9 +559,7 @@ krb5_ldap_delete_krbcontainer(krb5_context context, /* get ldap handle */ GET_HANDLE (); - if (krbcontparams != NULL && krbcontparams->DN != NULL) { - kerberoscontdn = krbcontparams->DN; - } else { + if (dn == NULL) { st = EINVAL; krb5_set_error_message(context, st, _("Kerberos Container information is missing")); @@ -587,7 +567,7 @@ krb5_ldap_delete_krbcontainer(krb5_context context, } /* delete the kerberos container */ - if ((st = ldap_delete_ext_s(ld, kerberoscontdn, NULL, NULL)) != LDAP_SUCCESS) { + if ((st = ldap_delete_ext_s(ld, dn, NULL, NULL)) != LDAP_SUCCESS) { int ost = st; st = translate_ldap_error (st, OP_ADD); krb5_set_error_message(context, st, @@ -626,8 +606,7 @@ krb5_ldap_create_realm(krb5_context context, krb5_ldap_realm_params *rparams, SETUP_CONTEXT (); /* Check input validity ... */ - if (ldap_context->krbcontainer == NULL || - ldap_context->krbcontainer->DN == NULL || + if (ldap_context->container_dn == NULL || rparams == NULL || rparams->realm_name == NULL || ((mask & LDAP_REALM_SUBTREE) && rparams->subtree == NULL) || @@ -638,19 +617,12 @@ krb5_ldap_create_realm(krb5_context context, krb5_ldap_realm_params *rparams, return st; } - if (ldap_context->krbcontainer == NULL) { - if ((st = krb5_ldap_read_krbcontainer_params(context, - &(ldap_context->krbcontainer))) != 0) - goto cleanup; - } - /* get ldap handle */ GET_HANDLE (); realm_name = rparams->realm_name; - if (asprintf(&dn, "cn=%s,%s", realm_name, - ldap_context->krbcontainer->DN) < 0) + if (asprintf(&dn, "cn=%s,%s", realm_name, ldap_context->container_dn) < 0) dn = NULL; CHECK_NULL(dn); @@ -758,7 +730,7 @@ krb5_error_code krb5_ldap_read_realm_params(krb5_context context, char *lrealm, krb5_ldap_realm_params **rlparamp, int *mask) { - char **values=NULL, *krbcontDN=NULL /*, *curr=NULL */; + char **values=NULL; krb5_error_code st=0, tempst=0; LDAP *ld=NULL; LDAPMessage *result=NULL,*ent=NULL; @@ -771,19 +743,11 @@ krb5_ldap_read_realm_params(krb5_context context, char *lrealm, SETUP_CONTEXT (); /* validate the input parameter */ - if (lrealm == NULL || - ldap_context->krbcontainer == NULL || - ldap_context->krbcontainer->DN == NULL) { + if (lrealm == NULL || ldap_context->container_dn == NULL) { st = EINVAL; goto cleanup; } - /* read kerberos container, if not read already */ - if (ldap_context->krbcontainer == NULL) { - if ((st = krb5_ldap_read_krbcontainer_params(context, - &(ldap_context->krbcontainer))) != 0) - goto cleanup; - } /* get ldap handle */ GET_HANDLE (); @@ -807,9 +771,8 @@ krb5_ldap_read_realm_params(krb5_context context, char *lrealm, /* set default values */ rlparams->search_scope = LDAP_SCOPE_SUBTREE; - krbcontDN = ldap_context->krbcontainer->DN; - - if (asprintf(&rlparams->realmdn, "cn=%s,%s", lrealm, krbcontDN) < 0) { + if (asprintf(&rlparams->realmdn, "cn=%s,%s", lrealm, + ldap_context->container_dn) < 0) { rlparams->realmdn = NULL; st = ENOMEM; goto cleanup; diff --git a/src/plugins/kdb/ldap/libkdb_ldap/libkdb_ldap.exports b/src/plugins/kdb/ldap/libkdb_ldap/libkdb_ldap.exports index 1467f5184..36bde5a4f 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/libkdb_ldap.exports +++ b/src/plugins/kdb/ldap/libkdb_ldap/libkdb_ldap.exports @@ -11,7 +11,7 @@ krb5_ldap_get_principal krb5_ldap_delete_principal krb5_ldap_free_principal krb5_ldap_iterate -krb5_ldap_read_krbcontainer_params +krb5_ldap_read_krbcontainer_dn krb5_ldap_list_realm krb5_ldap_read_realm_params krb5_ldap_free_realm_params @@ -34,7 +34,6 @@ krb5_ldap_iterate_password_policy krb5_dbe_free_contents krb5_ldap_free_server_params krb5_ldap_free_server_context_params -krb5_ldap_free_krbcontainer_params krb5_ldap_alloc krb5_ldap_free krb5_ldap_delete_realm_1 |