indent like the rest of the code
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@13901 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
@@ -64,7 +64,8 @@ struct hdbldapdb {
|
|||||||
|
|
||||||
#define HDB2LDAP(db) (((struct hdbldapdb *)(db)->hdb_db)->h_lp)
|
#define HDB2LDAP(db) (((struct hdbldapdb *)(db)->hdb_db)->h_lp)
|
||||||
#define HDB2MSGID(db) (((struct hdbldapdb *)(db)->hdb_db)->h_msgid)
|
#define HDB2MSGID(db) (((struct hdbldapdb *)(db)->hdb_db)->h_msgid)
|
||||||
#define HDBSETMSGID(db,msgid) do { ((struct hdbldapdb *)(db)->hdb_db)->h_msgid = msgid; } while(0)
|
#define HDBSETMSGID(db,msgid) \
|
||||||
|
do { ((struct hdbldapdb *)(db)->hdb_db)->h_msgid = msgid; } while(0)
|
||||||
#define HDB2BASE(dn) (((struct hdbldapdb *)(db)->hdb_db)->h_base)
|
#define HDB2BASE(dn) (((struct hdbldapdb *)(db)->hdb_db)->h_base)
|
||||||
#if 0
|
#if 0
|
||||||
#define HDB2CREATE(db) (((struct hdbldapdb *)(db)->hdb_db)->h_createbase)
|
#define HDB2CREATE(db) (((struct hdbldapdb *)(db)->hdb_db)->h_createbase)
|
||||||
@@ -188,9 +189,8 @@ LDAP__setmod(LDAPMod *** modlist, int modop, const char *attribute,
|
|||||||
|
|
||||||
if (*modlist == NULL) {
|
if (*modlist == NULL) {
|
||||||
*modlist = (LDAPMod **)ber_memcalloc(1, sizeof(LDAPMod *));
|
*modlist = (LDAPMod **)ber_memcalloc(1, sizeof(LDAPMod *));
|
||||||
if (*modlist == NULL) {
|
if (*modlist == NULL)
|
||||||
return ENOMEM;
|
return ENOMEM;
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
for (cMods = 0; (*modlist)[cMods] != NULL; cMods++) {
|
for (cMods = 0; (*modlist)[cMods] != NULL; cMods++) {
|
||||||
@@ -207,13 +207,12 @@ LDAP__setmod(LDAPMod *** modlist, int modop, const char *attribute,
|
|||||||
|
|
||||||
*modlist = (LDAPMod **)ber_memrealloc(*modlist,
|
*modlist = (LDAPMod **)ber_memrealloc(*modlist,
|
||||||
(cMods + 2) * sizeof(LDAPMod *));
|
(cMods + 2) * sizeof(LDAPMod *));
|
||||||
if (*modlist == NULL) {
|
if (*modlist == NULL)
|
||||||
return ENOMEM;
|
return ENOMEM;
|
||||||
}
|
|
||||||
(*modlist)[cMods] = (LDAPMod *)ber_memalloc(sizeof(LDAPMod));
|
(*modlist)[cMods] = (LDAPMod *)ber_memalloc(sizeof(LDAPMod));
|
||||||
if ((*modlist)[cMods] == NULL) {
|
if ((*modlist)[cMods] == NULL)
|
||||||
return ENOMEM;
|
return ENOMEM;
|
||||||
}
|
|
||||||
|
|
||||||
mod = (*modlist)[cMods];
|
mod = (*modlist)[cMods];
|
||||||
mod->mod_op = modop;
|
mod->mod_op = modop;
|
||||||
@@ -283,7 +282,7 @@ LDAP_addmod(LDAPMod *** modlist, int modop, const char *attribute,
|
|||||||
krb5_error_code ret;
|
krb5_error_code ret;
|
||||||
|
|
||||||
ret = LDAP__setmod(modlist, modop, attribute, &cMods);
|
ret = LDAP__setmod(modlist, modop, attribute, &cMods);
|
||||||
if (ret != 0)
|
if (ret)
|
||||||
return ret;
|
return ret;
|
||||||
|
|
||||||
if (value != NULL) {
|
if (value != NULL) {
|
||||||
@@ -334,14 +333,15 @@ LDAP_get_string_value(HDB * db, LDAPMessage * entry,
|
|||||||
|
|
||||||
vals = ldap_get_values(HDB2LDAP(db), entry, (char *) attribute);
|
vals = ldap_get_values(HDB2LDAP(db), entry, (char *) attribute);
|
||||||
if (vals == NULL) {
|
if (vals == NULL) {
|
||||||
|
*ptr = NULL;
|
||||||
return HDB_ERR_NOENTRY;
|
return HDB_ERR_NOENTRY;
|
||||||
}
|
}
|
||||||
|
|
||||||
*ptr = strdup(vals[0]);
|
*ptr = strdup(vals[0]);
|
||||||
if (*ptr == NULL) {
|
if (*ptr == NULL)
|
||||||
ret = ENOMEM;
|
ret = ENOMEM;
|
||||||
} else {
|
else
|
||||||
ret = 0;
|
ret = 0;
|
||||||
}
|
|
||||||
|
|
||||||
ldap_value_free(vals);
|
ldap_value_free(vals);
|
||||||
|
|
||||||
@@ -355,9 +355,9 @@ LDAP_get_integer_value(HDB * db, LDAPMessage * entry,
|
|||||||
char **vals;
|
char **vals;
|
||||||
|
|
||||||
vals = ldap_get_values(HDB2LDAP(db), entry, (char *) attribute);
|
vals = ldap_get_values(HDB2LDAP(db), entry, (char *) attribute);
|
||||||
if (vals == NULL) {
|
if (vals == NULL)
|
||||||
return HDB_ERR_NOENTRY;
|
return HDB_ERR_NOENTRY;
|
||||||
}
|
|
||||||
*ptr = atoi(vals[0]);
|
*ptr = atoi(vals[0]);
|
||||||
ldap_value_free(vals);
|
ldap_value_free(vals);
|
||||||
return 0;
|
return 0;
|
||||||
@@ -374,9 +374,8 @@ LDAP_get_generalized_time_value(HDB * db, LDAPMessage * entry,
|
|||||||
*kt = 0;
|
*kt = 0;
|
||||||
|
|
||||||
ret = LDAP_get_string_value(db, entry, attribute, &gentime);
|
ret = LDAP_get_string_value(db, entry, attribute, &gentime);
|
||||||
if (ret != 0) {
|
if (ret)
|
||||||
return ret;
|
return ret;
|
||||||
}
|
|
||||||
|
|
||||||
tmp = strptime(gentime, "%Y%m%d%H%M%SZ", &tm);
|
tmp = strptime(gentime, "%Y%m%d%H%M%SZ", &tm);
|
||||||
if (tmp == NULL) {
|
if (tmp == NULL) {
|
||||||
@@ -411,9 +410,9 @@ LDAP_entry2mods(krb5_context context, HDB * db, hdb_entry * ent,
|
|||||||
if (msg != NULL) {
|
if (msg != NULL) {
|
||||||
char **values;
|
char **values;
|
||||||
ret = LDAP_message2entry(context, db, msg, &orig);
|
ret = LDAP_message2entry(context, db, msg, &orig);
|
||||||
if (ret != 0) {
|
if (ret)
|
||||||
goto out;
|
goto out;
|
||||||
}
|
|
||||||
is_new_entry = FALSE;
|
is_new_entry = FALSE;
|
||||||
|
|
||||||
values = ldap_get_values(HDB2LDAP(db), msg, "objectClass");
|
values = ldap_get_values(HDB2LDAP(db), msg, "objectClass");
|
||||||
@@ -440,29 +439,25 @@ LDAP_entry2mods(krb5_context context, HDB * db, hdb_entry * ent,
|
|||||||
is_new_entry = TRUE;
|
is_new_entry = TRUE;
|
||||||
|
|
||||||
ret = LDAP_addmod(&mods, LDAP_MOD_ADD, "objectClass", "top");
|
ret = LDAP_addmod(&mods, LDAP_MOD_ADD, "objectClass", "top");
|
||||||
if (ret != 0) {
|
if (ret)
|
||||||
goto out;
|
goto out;
|
||||||
}
|
|
||||||
|
|
||||||
/* account is the structural object class */
|
/* account is the structural object class */
|
||||||
ret = LDAP_addmod(&mods, LDAP_MOD_ADD, "objectClass",
|
ret = LDAP_addmod(&mods, LDAP_MOD_ADD, "objectClass",
|
||||||
structural_object);
|
structural_object);
|
||||||
is_account = TRUE;
|
is_account = TRUE;
|
||||||
if (ret != 0) {
|
if (ret)
|
||||||
goto out;
|
goto out;
|
||||||
}
|
|
||||||
|
|
||||||
ret = LDAP_addmod(&mods, LDAP_MOD_ADD, "objectClass", "krb5Principal");
|
ret = LDAP_addmod(&mods, LDAP_MOD_ADD, "objectClass", "krb5Principal");
|
||||||
is_heimdal_principal = TRUE;
|
is_heimdal_principal = TRUE;
|
||||||
if (ret != 0) {
|
if (ret)
|
||||||
goto out;
|
goto out;
|
||||||
}
|
|
||||||
|
|
||||||
ret = LDAP_addmod(&mods, LDAP_MOD_ADD, "objectClass", "krb5KDCEntry");
|
ret = LDAP_addmod(&mods, LDAP_MOD_ADD, "objectClass", "krb5KDCEntry");
|
||||||
is_heimdal_entry = TRUE;
|
is_heimdal_entry = TRUE;
|
||||||
if (ret != 0) {
|
if (ret)
|
||||||
goto out;
|
goto out;
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if (is_new_entry ||
|
if (is_new_entry ||
|
||||||
@@ -472,11 +467,12 @@ LDAP_entry2mods(krb5_context context, HDB * db, hdb_entry * ent,
|
|||||||
if (is_heimdal_principal || is_heimdal_entry) {
|
if (is_heimdal_principal || is_heimdal_entry) {
|
||||||
|
|
||||||
ret = krb5_unparse_name(context, ent->principal, &tmp);
|
ret = krb5_unparse_name(context, ent->principal, &tmp);
|
||||||
if (ret != 0) {
|
if (ret)
|
||||||
goto out;
|
goto out;
|
||||||
}
|
|
||||||
ret = LDAP_addmod(&mods, LDAP_MOD_REPLACE, "krb5PrincipalName", tmp);
|
ret = LDAP_addmod(&mods, LDAP_MOD_REPLACE,
|
||||||
if (ret != 0) {
|
"krb5PrincipalName", tmp);
|
||||||
|
if (ret) {
|
||||||
free(tmp);
|
free(tmp);
|
||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
@@ -485,11 +481,10 @@ LDAP_entry2mods(krb5_context context, HDB * db, hdb_entry * ent,
|
|||||||
|
|
||||||
if (is_account || is_samba_account) {
|
if (is_account || is_samba_account) {
|
||||||
ret = krb5_unparse_name_short(context, ent->principal, &tmp);
|
ret = krb5_unparse_name_short(context, ent->principal, &tmp);
|
||||||
if (ret != 0) {
|
if (ret)
|
||||||
goto out;
|
goto out;
|
||||||
}
|
|
||||||
ret = LDAP_addmod(&mods, LDAP_MOD_REPLACE, "uid", tmp);
|
ret = LDAP_addmod(&mods, LDAP_MOD_REPLACE, "uid", tmp);
|
||||||
if (ret != 0) {
|
if (ret) {
|
||||||
free(tmp);
|
free(tmp);
|
||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
@@ -508,9 +503,8 @@ LDAP_entry2mods(krb5_context context, HDB * db, hdb_entry * ent,
|
|||||||
LDAP_addmod(&mods, LDAP_MOD_REPLACE, "krb5KeyVersionNumber",
|
LDAP_addmod(&mods, LDAP_MOD_REPLACE, "krb5KeyVersionNumber",
|
||||||
tmp);
|
tmp);
|
||||||
free(tmp);
|
free(tmp);
|
||||||
if (ret != 0) {
|
if (ret)
|
||||||
goto out;
|
goto out;
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if (is_heimdal_entry && ent->valid_start) {
|
if (is_heimdal_entry && ent->valid_start) {
|
||||||
@@ -519,9 +513,8 @@ LDAP_entry2mods(krb5_context context, HDB * db, hdb_entry * ent,
|
|||||||
ret = LDAP_addmod_generalized_time(&mods, LDAP_MOD_REPLACE,
|
ret = LDAP_addmod_generalized_time(&mods, LDAP_MOD_REPLACE,
|
||||||
"krb5ValidStart",
|
"krb5ValidStart",
|
||||||
ent->valid_start);
|
ent->valid_start);
|
||||||
if (ret != 0) {
|
if (ret)
|
||||||
goto out;
|
goto out;
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -531,9 +524,8 @@ LDAP_entry2mods(krb5_context context, HDB * db, hdb_entry * ent,
|
|||||||
ret = LDAP_addmod_generalized_time(&mods, LDAP_MOD_REPLACE,
|
ret = LDAP_addmod_generalized_time(&mods, LDAP_MOD_REPLACE,
|
||||||
"krb5ValidEnd",
|
"krb5ValidEnd",
|
||||||
ent->valid_end);
|
ent->valid_end);
|
||||||
if (ret != 0) {
|
if (ret)
|
||||||
goto out;
|
goto out;
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -543,9 +535,8 @@ LDAP_entry2mods(krb5_context context, HDB * db, hdb_entry * ent,
|
|||||||
ret = LDAP_addmod_generalized_time(&mods, LDAP_MOD_REPLACE,
|
ret = LDAP_addmod_generalized_time(&mods, LDAP_MOD_REPLACE,
|
||||||
"krb5PasswordEnd",
|
"krb5PasswordEnd",
|
||||||
ent->pw_end);
|
ent->pw_end);
|
||||||
if (ret != 0) {
|
if (ret)
|
||||||
goto out;
|
goto out;
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if (is_samba_account) {
|
if (is_samba_account) {
|
||||||
@@ -558,9 +549,8 @@ LDAP_entry2mods(krb5_context context, HDB * db, hdb_entry * ent,
|
|||||||
ret = LDAP_addmod(&mods, LDAP_MOD_REPLACE,
|
ret = LDAP_addmod(&mods, LDAP_MOD_REPLACE,
|
||||||
"sambaPwdMustChange", tmp);
|
"sambaPwdMustChange", tmp);
|
||||||
free(tmp);
|
free(tmp);
|
||||||
if (ret != 0) {
|
if (ret)
|
||||||
goto out;
|
goto out;
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -577,9 +567,8 @@ LDAP_entry2mods(krb5_context context, HDB * db, hdb_entry * ent,
|
|||||||
}
|
}
|
||||||
ret = LDAP_addmod(&mods, LDAP_MOD_REPLACE, "sambaPwdLastSet", tmp);
|
ret = LDAP_addmod(&mods, LDAP_MOD_REPLACE, "sambaPwdLastSet", tmp);
|
||||||
free(tmp);
|
free(tmp);
|
||||||
if (ret != 0) {
|
if (ret)
|
||||||
goto out;
|
goto out;
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
@@ -595,9 +584,8 @@ LDAP_entry2mods(krb5_context context, HDB * db, hdb_entry * ent,
|
|||||||
}
|
}
|
||||||
ret = LDAP_addmod(&mods, LDAP_MOD_REPLACE, "krb5MaxLife", tmp);
|
ret = LDAP_addmod(&mods, LDAP_MOD_REPLACE, "krb5MaxLife", tmp);
|
||||||
free(tmp);
|
free(tmp);
|
||||||
if (ret != 0) {
|
if (ret)
|
||||||
goto out;
|
goto out;
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -613,9 +601,8 @@ LDAP_entry2mods(krb5_context context, HDB * db, hdb_entry * ent,
|
|||||||
ret =
|
ret =
|
||||||
LDAP_addmod(&mods, LDAP_MOD_REPLACE, "krb5MaxRenew", tmp);
|
LDAP_addmod(&mods, LDAP_MOD_REPLACE, "krb5MaxRenew", tmp);
|
||||||
free(tmp);
|
free(tmp);
|
||||||
if (ret != 0) {
|
if (ret)
|
||||||
goto out;
|
goto out;
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -631,9 +618,8 @@ LDAP_entry2mods(krb5_context context, HDB * db, hdb_entry * ent,
|
|||||||
}
|
}
|
||||||
ret = LDAP_addmod(&mods, LDAP_MOD_REPLACE, "krb5KDCFlags", tmp);
|
ret = LDAP_addmod(&mods, LDAP_MOD_REPLACE, "krb5KDCFlags", tmp);
|
||||||
free(tmp);
|
free(tmp);
|
||||||
if (ret != 0) {
|
if (ret)
|
||||||
goto out;
|
goto out;
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Test each key for replacement */
|
/* Test each key for replacement */
|
||||||
@@ -641,23 +627,22 @@ LDAP_entry2mods(krb5_context context, HDB * db, hdb_entry * ent,
|
|||||||
if (!is_new_entry && orig.keys.len > 0) {
|
if (!is_new_entry && orig.keys.len > 0) {
|
||||||
/* for the moment, clobber and replace keys. */
|
/* for the moment, clobber and replace keys. */
|
||||||
ret = LDAP_addmod(&mods, LDAP_MOD_DELETE, "krb5Key", NULL);
|
ret = LDAP_addmod(&mods, LDAP_MOD_DELETE, "krb5Key", NULL);
|
||||||
if (ret != 0) {
|
if (ret)
|
||||||
goto out;
|
goto out;
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
for (i = 0; i < ent->keys.len; i++) {
|
for (i = 0; i < ent->keys.len; i++) {
|
||||||
|
|
||||||
if (is_samba_account && ent->keys.val[i].key.keytype == ETYPE_ARCFOUR_HMAC_MD5) {
|
if (is_samba_account
|
||||||
|
&& ent->keys.val[i].key.keytype == ETYPE_ARCFOUR_HMAC_MD5) {
|
||||||
char *ntHexPassword;
|
char *ntHexPassword;
|
||||||
char *nt;
|
char *nt;
|
||||||
|
|
||||||
/* the key might have been 'sealed', but samba passwords
|
/* the key might have been 'sealed', but samba passwords
|
||||||
are clear in the directory */
|
are clear in the directory */
|
||||||
ret = hdb_unseal_key(context, db, &ent->keys.val[i]);
|
ret = hdb_unseal_key(context, db, &ent->keys.val[i]);
|
||||||
if (ret != 0) {
|
if (ret)
|
||||||
goto out;
|
goto out;
|
||||||
}
|
|
||||||
|
|
||||||
nt = ent->keys.val[i].key.keyvalue.data;
|
nt = ent->keys.val[i].key.keyvalue.data;
|
||||||
/* store in ntPassword, not krb5key */
|
/* store in ntPassword, not krb5key */
|
||||||
@@ -667,14 +652,12 @@ LDAP_entry2mods(krb5_context context, HDB * db, hdb_entry * ent,
|
|||||||
ret = LDAP_addmod(&mods, LDAP_MOD_REPLACE, "sambaNTPassword",
|
ret = LDAP_addmod(&mods, LDAP_MOD_REPLACE, "sambaNTPassword",
|
||||||
ntHexPassword);
|
ntHexPassword);
|
||||||
free(ntHexPassword);
|
free(ntHexPassword);
|
||||||
|
if (ret)
|
||||||
if (ret != 0)
|
|
||||||
goto out;
|
goto out;
|
||||||
|
|
||||||
/* have to kill the LM passwod in this case */
|
/* have to kill the LM passwod in this case */
|
||||||
ret = LDAP_addmod(&mods, LDAP_MOD_DELETE, "sambaLMPassword", NULL);
|
ret = LDAP_addmod(&mods, LDAP_MOD_DELETE, "sambaLMPassword", NULL);
|
||||||
|
if (ret)
|
||||||
if (ret != 0)
|
|
||||||
goto out;
|
goto out;
|
||||||
|
|
||||||
} else if (is_heimdal_entry) {
|
} else if (is_heimdal_entry) {
|
||||||
@@ -682,32 +665,29 @@ LDAP_entry2mods(krb5_context context, HDB * db, hdb_entry * ent,
|
|||||||
size_t len, buf_size;
|
size_t len, buf_size;
|
||||||
|
|
||||||
ASN1_MALLOC_ENCODE(Key, buf, buf_size, &ent->keys.val[i], &len, ret);
|
ASN1_MALLOC_ENCODE(Key, buf, buf_size, &ent->keys.val[i], &len, ret);
|
||||||
if (ret != 0)
|
if (ret)
|
||||||
goto out;
|
goto out;
|
||||||
if(buf_size != len)
|
if(buf_size != len)
|
||||||
krb5_abortx(context, "internal error in ASN.1 encoder");
|
krb5_abortx(context, "internal error in ASN.1 encoder");
|
||||||
|
|
||||||
/* addmod_len _owns_ the key, doesn't need to copy it */
|
/* addmod_len _owns_ the key, doesn't need to copy it */
|
||||||
ret = LDAP_addmod_len(&mods, LDAP_MOD_ADD, "krb5Key", buf, len);
|
ret = LDAP_addmod_len(&mods, LDAP_MOD_ADD, "krb5Key", buf, len);
|
||||||
if (ret != 0) {
|
if (ret)
|
||||||
goto out;
|
goto out;
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (ent->etypes) {
|
if (ent->etypes) {
|
||||||
/* clobber and replace encryption types. */
|
/* clobber and replace encryption types. */
|
||||||
if (!is_new_entry) {
|
if (!is_new_entry)
|
||||||
ret = LDAP_addmod(&mods, LDAP_MOD_DELETE, "krb5EncryptionType",
|
ret = LDAP_addmod(&mods, LDAP_MOD_DELETE, "krb5EncryptionType",
|
||||||
NULL);
|
NULL);
|
||||||
}
|
|
||||||
for (i = 0; i < ent->etypes->len; i++) {
|
for (i = 0; i < ent->etypes->len; i++) {
|
||||||
if (is_samba_account &&
|
if (is_samba_account &&
|
||||||
ent->keys.val[i].key.keytype == ETYPE_ARCFOUR_HMAC_MD5)
|
ent->keys.val[i].key.keytype == ETYPE_ARCFOUR_HMAC_MD5)
|
||||||
{
|
{
|
||||||
;
|
;
|
||||||
} else if (is_heimdal_entry) {
|
} else if (is_heimdal_entry) {
|
||||||
|
|
||||||
rc = asprintf(&tmp, "%d", ent->etypes->val[i]);
|
rc = asprintf(&tmp, "%d", ent->etypes->val[i]);
|
||||||
if (rc < 0) {
|
if (rc < 0) {
|
||||||
krb5_set_error_string(context, "asprintf: out of memory");
|
krb5_set_error_string(context, "asprintf: out of memory");
|
||||||
@@ -717,9 +697,8 @@ LDAP_entry2mods(krb5_context context, HDB * db, hdb_entry * ent,
|
|||||||
ret = LDAP_addmod(&mods, LDAP_MOD_ADD, "krb5EncryptionType",
|
ret = LDAP_addmod(&mods, LDAP_MOD_ADD, "krb5EncryptionType",
|
||||||
tmp);
|
tmp);
|
||||||
free(tmp);
|
free(tmp);
|
||||||
if (ret != 0) {
|
if (ret)
|
||||||
goto out;
|
goto out;
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -729,16 +708,15 @@ LDAP_entry2mods(krb5_context context, HDB * db, hdb_entry * ent,
|
|||||||
|
|
||||||
out:
|
out:
|
||||||
|
|
||||||
if (ret == 0) {
|
if (ret == 0)
|
||||||
*pmods = mods;
|
*pmods = mods;
|
||||||
} else if (mods != NULL) {
|
else if (mods != NULL) {
|
||||||
ldap_mods_free(mods, 1);
|
ldap_mods_free(mods, 1);
|
||||||
*pmods = NULL;
|
*pmods = NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (msg != NULL) {
|
if (msg)
|
||||||
hdb_free_entry(context, &orig);
|
hdb_free_entry(context, &orig);
|
||||||
}
|
|
||||||
|
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
@@ -782,9 +760,9 @@ LDAP_dn2principal(krb5_context context, HDB * db, const char *dn,
|
|||||||
ldap_value_free(values);
|
ldap_value_free(values);
|
||||||
|
|
||||||
out:
|
out:
|
||||||
if (res != NULL) {
|
if (res)
|
||||||
ldap_msgfree(res);
|
ldap_msgfree(res);
|
||||||
}
|
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -857,7 +835,7 @@ LDAP__lookup_princ(krb5_context context,
|
|||||||
ret = 0;
|
ret = 0;
|
||||||
|
|
||||||
out:
|
out:
|
||||||
if (filter != NULL)
|
if (filter)
|
||||||
free(filter);
|
free(filter);
|
||||||
|
|
||||||
return ret;
|
return ret;
|
||||||
@@ -920,29 +898,25 @@ LDAP_message2entry(krb5_context context, HDB * db, LDAPMessage * msg,
|
|||||||
memset(ent, 0, sizeof(*ent));
|
memset(ent, 0, sizeof(*ent));
|
||||||
ent->flags = int2HDBFlags(0);
|
ent->flags = int2HDBFlags(0);
|
||||||
|
|
||||||
ret = LDAP_get_string_value(db, msg, "krb5PrincipalName",
|
ret = LDAP_get_string_value(db, msg, "krb5PrincipalName", &unparsed_name);
|
||||||
&unparsed_name);
|
|
||||||
if (ret == 0) {
|
if (ret == 0) {
|
||||||
ret = krb5_parse_name(context, unparsed_name, &ent->principal);
|
ret = krb5_parse_name(context, unparsed_name, &ent->principal);
|
||||||
if (ret != 0) {
|
if (ret)
|
||||||
goto out;
|
goto out;
|
||||||
}
|
|
||||||
} else {
|
} else {
|
||||||
ret = LDAP_get_string_value(db, msg, "uid",
|
ret = LDAP_get_string_value(db, msg, "uid",
|
||||||
&unparsed_name);
|
&unparsed_name);
|
||||||
if (ret == 0) {
|
if (ret == 0) {
|
||||||
ret = krb5_parse_name(context, unparsed_name, &ent->principal);
|
ret = krb5_parse_name(context, unparsed_name, &ent->principal);
|
||||||
if (ret != 0) {
|
if (ret)
|
||||||
goto out;
|
goto out;
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
ret = LDAP_get_integer_value(db, msg, "krb5KeyVersionNumber",
|
ret = LDAP_get_integer_value(db, msg, "krb5KeyVersionNumber",
|
||||||
&ent->kvno);
|
&ent->kvno);
|
||||||
if (ret != 0) {
|
if (ret)
|
||||||
ent->kvno = 0;
|
ent->kvno = 0;
|
||||||
}
|
|
||||||
|
|
||||||
keys = ldap_get_values_len(HDB2LDAP(db), msg, "krb5Key");
|
keys = ldap_get_values_len(HDB2LDAP(db), msg, "krb5Key");
|
||||||
if (keys != NULL) {
|
if (keys != NULL) {
|
||||||
@@ -1054,9 +1028,8 @@ LDAP_message2entry(krb5_context context, HDB * db, LDAPMessage * msg,
|
|||||||
|
|
||||||
ret = LDAP_get_generalized_time_value(db, msg, "createTimestamp",
|
ret = LDAP_get_generalized_time_value(db, msg, "createTimestamp",
|
||||||
&ent->created_by.time);
|
&ent->created_by.time);
|
||||||
if (ret != 0) {
|
if (ret)
|
||||||
ent->created_by.time = time(NULL);
|
ent->created_by.time = time(NULL);
|
||||||
}
|
|
||||||
|
|
||||||
ent->created_by.principal = NULL;
|
ent->created_by.principal = NULL;
|
||||||
|
|
||||||
@@ -1075,15 +1048,12 @@ LDAP_message2entry(krb5_context context, HDB * db, LDAPMessage * msg,
|
|||||||
ret = ENOMEM;
|
ret = ENOMEM;
|
||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
ret =
|
ret = LDAP_get_generalized_time_value(db, msg, "modifyTimestamp",
|
||||||
LDAP_get_generalized_time_value(db, msg, "modifyTimestamp",
|
&ent->modified_by->time);
|
||||||
&ent->modified_by->time);
|
|
||||||
if (ret == 0) {
|
if (ret == 0) {
|
||||||
ret = LDAP_get_string_value(db, msg, "modifiersName", &dn);
|
ret = LDAP_get_string_value(db, msg, "modifiersName", &dn);
|
||||||
if (LDAP_dn2principal
|
if (LDAP_dn2principal(context, db, dn, &ent->modified_by->principal))
|
||||||
(context, db, dn, &ent->modified_by->principal) != 0) {
|
|
||||||
ent->modified_by->principal = NULL;
|
ent->modified_by->principal = NULL;
|
||||||
}
|
|
||||||
free(dn);
|
free(dn);
|
||||||
} else {
|
} else {
|
||||||
free(ent->modified_by);
|
free(ent->modified_by);
|
||||||
@@ -1098,7 +1068,7 @@ LDAP_message2entry(krb5_context context, HDB * db, LDAPMessage * msg,
|
|||||||
}
|
}
|
||||||
ret = LDAP_get_generalized_time_value(db, msg, "krb5ValidStart",
|
ret = LDAP_get_generalized_time_value(db, msg, "krb5ValidStart",
|
||||||
ent->valid_start);
|
ent->valid_start);
|
||||||
if (ret != 0) {
|
if (ret) {
|
||||||
/* OPTIONAL */
|
/* OPTIONAL */
|
||||||
free(ent->valid_start);
|
free(ent->valid_start);
|
||||||
ent->valid_start = NULL;
|
ent->valid_start = NULL;
|
||||||
@@ -1112,7 +1082,7 @@ LDAP_message2entry(krb5_context context, HDB * db, LDAPMessage * msg,
|
|||||||
}
|
}
|
||||||
ret = LDAP_get_generalized_time_value(db, msg, "krb5ValidEnd",
|
ret = LDAP_get_generalized_time_value(db, msg, "krb5ValidEnd",
|
||||||
ent->valid_end);
|
ent->valid_end);
|
||||||
if (ret != 0) {
|
if (ret) {
|
||||||
/* OPTIONAL */
|
/* OPTIONAL */
|
||||||
free(ent->valid_end);
|
free(ent->valid_end);
|
||||||
ent->valid_end = NULL;
|
ent->valid_end = NULL;
|
||||||
@@ -1126,7 +1096,7 @@ LDAP_message2entry(krb5_context context, HDB * db, LDAPMessage * msg,
|
|||||||
}
|
}
|
||||||
ret = LDAP_get_generalized_time_value(db, msg, "krb5PasswordEnd",
|
ret = LDAP_get_generalized_time_value(db, msg, "krb5PasswordEnd",
|
||||||
ent->pw_end);
|
ent->pw_end);
|
||||||
if (ret != 0) {
|
if (ret) {
|
||||||
/* OPTIONAL */
|
/* OPTIONAL */
|
||||||
free(ent->pw_end);
|
free(ent->pw_end);
|
||||||
ent->pw_end = NULL;
|
ent->pw_end = NULL;
|
||||||
@@ -1154,13 +1124,12 @@ LDAP_message2entry(krb5_context context, HDB * db, LDAPMessage * msg,
|
|||||||
}
|
}
|
||||||
ret = LDAP_get_integer_value(db, msg, "sambaPwdLastSet",
|
ret = LDAP_get_integer_value(db, msg, "sambaPwdLastSet",
|
||||||
&tmp_time);
|
&tmp_time);
|
||||||
if (ret != 0) {
|
if (ret) {
|
||||||
/* OPTIONAL */
|
/* OPTIONAL */
|
||||||
free(ent->last_pw_change);
|
free(ent->last_pw_change);
|
||||||
ent->last_pw_change = NULL;
|
ent->last_pw_change = NULL;
|
||||||
} else {
|
} else
|
||||||
*ent->last_pw_change = tmp_time;
|
*ent->last_pw_change = tmp_time;
|
||||||
}
|
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
ent->max_life = malloc(sizeof(*ent->max_life));
|
ent->max_life = malloc(sizeof(*ent->max_life));
|
||||||
@@ -1170,7 +1139,7 @@ LDAP_message2entry(krb5_context context, HDB * db, LDAPMessage * msg,
|
|||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
ret = LDAP_get_integer_value(db, msg, "krb5MaxLife", ent->max_life);
|
ret = LDAP_get_integer_value(db, msg, "krb5MaxLife", ent->max_life);
|
||||||
if (ret != 0) {
|
if (ret) {
|
||||||
free(ent->max_life);
|
free(ent->max_life);
|
||||||
ent->max_life = NULL;
|
ent->max_life = NULL;
|
||||||
}
|
}
|
||||||
@@ -1182,7 +1151,7 @@ LDAP_message2entry(krb5_context context, HDB * db, LDAPMessage * msg,
|
|||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
ret = LDAP_get_integer_value(db, msg, "krb5MaxRenew", ent->max_renew);
|
ret = LDAP_get_integer_value(db, msg, "krb5MaxRenew", ent->max_renew);
|
||||||
if (ret != 0) {
|
if (ret) {
|
||||||
free(ent->max_renew);
|
free(ent->max_renew);
|
||||||
ent->max_renew = NULL;
|
ent->max_renew = NULL;
|
||||||
}
|
}
|
||||||
@@ -1284,13 +1253,11 @@ LDAP_message2entry(krb5_context context, HDB * db, LDAPMessage * msg,
|
|||||||
ret = 0;
|
ret = 0;
|
||||||
|
|
||||||
out:
|
out:
|
||||||
if (unparsed_name != NULL) {
|
if (unparsed_name)
|
||||||
free(unparsed_name);
|
free(unparsed_name);
|
||||||
}
|
|
||||||
|
|
||||||
if (ret != 0) {
|
if (ret)
|
||||||
hdb_free_entry(context, ent);
|
hdb_free_entry(context, ent);
|
||||||
}
|
|
||||||
|
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
@@ -1344,7 +1311,8 @@ LDAP_seq(krb5_context context, HDB * db, unsigned flags, hdb_entry * entry)
|
|||||||
NULL, NULL, 1);
|
NULL, NULL, 1);
|
||||||
if (parserc != LDAP_SUCCESS
|
if (parserc != LDAP_SUCCESS
|
||||||
&& parserc != LDAP_MORE_RESULTS_TO_RETURN) {
|
&& parserc != LDAP_MORE_RESULTS_TO_RETURN) {
|
||||||
krb5_set_error_string(context, "ldap_parse_result: %s", ldap_err2string(parserc));
|
krb5_set_error_string(context, "ldap_parse_result: %s",
|
||||||
|
ldap_err2string(parserc));
|
||||||
ldap_abandon(HDB2LDAP(db), msgid);
|
ldap_abandon(HDB2LDAP(db), msgid);
|
||||||
}
|
}
|
||||||
ret = HDB_ERR_NOENTRY;
|
ret = HDB_ERR_NOENTRY;
|
||||||
@@ -1439,10 +1407,8 @@ static krb5_error_code LDAP__connect(krb5_context context, HDB * db)
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (HDB2LDAP(db) != NULL) {
|
if (HDB2LDAP(db) != NULL) /* server is UP */
|
||||||
/* server is UP */
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
|
||||||
|
|
||||||
rc = ldap_initialize((LDAP **)&db->hdb_db, "ldapi:///");
|
rc = ldap_initialize((LDAP **)&db->hdb_db, "ldapi:///");
|
||||||
if (rc != LDAP_SUCCESS) {
|
if (rc != LDAP_SUCCESS) {
|
||||||
@@ -1535,26 +1501,23 @@ LDAP_store(krb5_context context, HDB * db, unsigned flags,
|
|||||||
char *dn = NULL, *name = NULL;
|
char *dn = NULL, *name = NULL;
|
||||||
|
|
||||||
ret = LDAP_principal2message(context, db, entry->principal, &msg);
|
ret = LDAP_principal2message(context, db, entry->principal, &msg);
|
||||||
if (ret == 0) {
|
if (ret == 0)
|
||||||
e = ldap_first_entry(HDB2LDAP(db), msg);
|
e = ldap_first_entry(HDB2LDAP(db), msg);
|
||||||
}
|
|
||||||
|
|
||||||
ret = krb5_unparse_name(context, entry->principal, &name);
|
ret = krb5_unparse_name(context, entry->principal, &name);
|
||||||
if (ret != 0) {
|
if (ret) {
|
||||||
free(name);
|
free(name);
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
ret = hdb_seal_keys(context, db, entry);
|
ret = hdb_seal_keys(context, db, entry);
|
||||||
if (ret != 0) {
|
if (ret)
|
||||||
goto out;
|
goto out;
|
||||||
}
|
|
||||||
|
|
||||||
/* turn new entry into LDAPMod array */
|
/* turn new entry into LDAPMod array */
|
||||||
ret = LDAP_entry2mods(context, db, entry, e, &mods);
|
ret = LDAP_entry2mods(context, db, entry, e, &mods);
|
||||||
if (ret != 0) {
|
if (ret)
|
||||||
goto out;
|
goto out;
|
||||||
}
|
|
||||||
|
|
||||||
if (e == NULL) {
|
if (e == NULL) {
|
||||||
ret = asprintf(&dn, "krb5PrincipalName=%s,%s", name, HDB2BASE(db));
|
ret = asprintf(&dn, "krb5PrincipalName=%s,%s", name, HDB2BASE(db));
|
||||||
@@ -1595,21 +1558,14 @@ LDAP_store(krb5_context context, HDB * db, unsigned flags,
|
|||||||
|
|
||||||
out:
|
out:
|
||||||
/* free stuff */
|
/* free stuff */
|
||||||
if (dn != NULL) {
|
if (dn)
|
||||||
free(dn);
|
free(dn);
|
||||||
}
|
if (msg)
|
||||||
|
|
||||||
if (msg != NULL) {
|
|
||||||
ldap_msgfree(msg);
|
ldap_msgfree(msg);
|
||||||
}
|
if (mods)
|
||||||
|
|
||||||
if (mods != NULL) {
|
|
||||||
ldap_mods_free(mods, 1);
|
ldap_mods_free(mods, 1);
|
||||||
}
|
if (name)
|
||||||
|
|
||||||
if (name != NULL) {
|
|
||||||
free(name);
|
free(name);
|
||||||
}
|
|
||||||
|
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
@@ -1623,9 +1579,8 @@ LDAP_remove(krb5_context context, HDB * db, hdb_entry * entry)
|
|||||||
int rc, limit = LDAP_NO_LIMIT;
|
int rc, limit = LDAP_NO_LIMIT;
|
||||||
|
|
||||||
ret = LDAP_principal2message(context, db, entry->principal, &msg);
|
ret = LDAP_principal2message(context, db, entry->principal, &msg);
|
||||||
if (ret != 0) {
|
if (ret)
|
||||||
goto out;
|
goto out;
|
||||||
}
|
|
||||||
|
|
||||||
e = ldap_first_entry(HDB2LDAP(db), msg);
|
e = ldap_first_entry(HDB2LDAP(db), msg);
|
||||||
if (e == NULL) {
|
if (e == NULL) {
|
||||||
@@ -1641,27 +1596,25 @@ LDAP_remove(krb5_context context, HDB * db, hdb_entry * entry)
|
|||||||
|
|
||||||
rc = ldap_set_option(HDB2LDAP(db), LDAP_OPT_SIZELIMIT, (const void *)&limit);
|
rc = ldap_set_option(HDB2LDAP(db), LDAP_OPT_SIZELIMIT, (const void *)&limit);
|
||||||
if (rc != LDAP_SUCCESS) {
|
if (rc != LDAP_SUCCESS) {
|
||||||
krb5_set_error_string(context, "ldap_set_option: %s", ldap_err2string(rc));
|
krb5_set_error_string(context, "ldap_set_option: %s",
|
||||||
|
ldap_err2string(rc));
|
||||||
ret = HDB_ERR_BADVERSION;
|
ret = HDB_ERR_BADVERSION;
|
||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
|
|
||||||
rc = ldap_delete_s(HDB2LDAP(db), dn);
|
rc = ldap_delete_s(HDB2LDAP(db), dn);
|
||||||
if (rc == LDAP_SUCCESS) {
|
if (check_ldap(context, db, rc)) {
|
||||||
ret = 0;
|
krb5_set_error_string(context, "ldap_delete_s: %s",
|
||||||
} else {
|
ldap_err2string(rc));
|
||||||
krb5_set_error_string(context, "ldap_delete_s: %s", ldap_err2string(rc));
|
|
||||||
ret = HDB_ERR_CANT_LOCK_DB;
|
ret = HDB_ERR_CANT_LOCK_DB;
|
||||||
}
|
} else
|
||||||
|
ret = 0;
|
||||||
|
|
||||||
out:
|
out:
|
||||||
if (dn != NULL) {
|
if (dn != NULL)
|
||||||
free(dn);
|
free(dn);
|
||||||
}
|
if (msg != NULL)
|
||||||
|
|
||||||
if (msg != NULL) {
|
|
||||||
ldap_msgfree(msg);
|
ldap_msgfree(msg);
|
||||||
}
|
|
||||||
|
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
@@ -1739,7 +1692,6 @@ hdb_ldap_create(krb5_context context, HDB ** db, const char *arg)
|
|||||||
return ENOMEM;
|
return ENOMEM;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
(*db)->hdb_master_key_set = 0;
|
(*db)->hdb_master_key_set = 0;
|
||||||
(*db)->hdb_openp = 0;
|
(*db)->hdb_openp = 0;
|
||||||
(*db)->hdb_open = LDAP_open;
|
(*db)->hdb_open = LDAP_open;
|
||||||
|
|||||||
Reference in New Issue
Block a user