oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

s/objectclass/objectClass/

Browse Source 
check if attribute exists before we try to delete it
LDAP__bytes2hex encodes in strange byte order, is this really right ?


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@14389 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2004-12-12 21:37:35 +00:00
parent 8070d8d5c0
commit cd395c78ad
1 changed files with 51 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

80
lib/hdb/hdb-ldap.c
View File

@@ -110,29 +110,36 @@ static char *krb5principal_attrs[] = {
NULL NULL
}; };
static krb5_error_code const static char hexchar[] = "0123456789ABCDEF";
LDAP__hex2bytes(const char *hex_in, char *buffer, size_t len)
static int
pos(char c)
{ {
size_t i;
const char *p; const char *p;
for (p = hexchar; *p; p++)
if (*p == c)
return p - hexchar;
return -1;
}
static krb5_error_code
LDAP__hex2bytes(const char *hex_in, unsigned char *buffer, size_t len)
{
const char *p;
size_t i;
if (strlen(hex_in) != (2 * len)) if (strlen(hex_in) != (2 * len))
return EINVAL; return EINVAL;
p = hex_in; p = hex_in;
for (i = 0; i < len; i++) { for (i = 0; i < len; i++)
char p3[3]; buffer[i] = pos(p[i * 2]) | pos(p[(i * 2) + 1]) << 4;
strncpy(p3, &hex_in[i*2], 2);
p3[2] = '\0';
buffer[i] = strtoul(p3, NULL, 16);
}
return 0; return 0;
} }
static krb5_error_code static krb5_error_code
LDAP__bytes2hex(const char *buffer, size_t buf_len, char **out) LDAP__bytes2hex(const char *buffer, size_t buf_len, char **out)
{ {
const static char hexchar[] = "0123456789ABCDEF";
size_t i; size_t i;
char *p; char *p;
@@ -404,10 +411,11 @@ LDAP_entry2mods(krb5_context context, HDB * db, hdb_entry * ent,
krb5_boolean is_heimdal_entry = FALSE; krb5_boolean is_heimdal_entry = FALSE;
krb5_boolean is_heimdal_principal = FALSE; krb5_boolean is_heimdal_principal = FALSE;
char **values;
*pmods = NULL; *pmods = NULL;
if (msg != NULL) { if (msg != NULL) {
char **values;
ret = LDAP_message2entry(context, db, msg, &orig); ret = LDAP_message2entry(context, db, msg, &orig);
if (ret) if (ret)
@@ -416,8 +424,7 @@ LDAP_entry2mods(krb5_context context, HDB * db, hdb_entry * ent,
is_new_entry = FALSE; is_new_entry = FALSE;
values = ldap_get_values(HDB2LDAP(db), msg, "objectClass"); values = ldap_get_values(HDB2LDAP(db), msg, "objectClass");
if (values) {
if ( values ) {
int num_objectclasses = ldap_count_values(values); int num_objectclasses = ldap_count_values(values);
for (i=0; i < num_objectclasses; i++) { for (i=0; i < num_objectclasses; i++) {
if (strcasecmp(values[i], "sambaSamAccount") == 0) { if (strcasecmp(values[i], "sambaSamAccount") == 0) {
@@ -640,13 +647,16 @@ LDAP_entry2mods(krb5_context context, HDB * db, hdb_entry * ent,
goto out; goto out;
} }
/* Test each key for replacement */ /* Remove keys if they exists, and then replace keys. */
if (!is_new_entry && orig.keys.len > 0) { if (!is_new_entry && orig.keys.len > 0) {
/* for the moment, clobber and replace keys. */ values = ldap_get_values(HDB2LDAP(db), msg, "krb5Key");
ret = LDAP_addmod(&mods, LDAP_MOD_DELETE, "krb5Key", NULL); if (values) {
if (ret) ldap_value_free(values);
goto out;
ret = LDAP_addmod(&mods, LDAP_MOD_DELETE, "krb5Key", NULL);
if (ret)
goto out;
}
} }
for (i = 0; i < ent->keys.len; i++) { for (i = 0; i < ent->keys.len; i++) {
@@ -673,10 +683,15 @@ LDAP_entry2mods(krb5_context context, HDB * db, hdb_entry * ent,
if (ret) if (ret)
goto out; goto out;
/* have to kill the LM passwod in this case */ /* have to kill the LM passwod if it exists */
ret = LDAP_addmod(&mods, LDAP_MOD_DELETE, "sambaLMPassword", NULL); values = ldap_get_values(HDB2LDAP(db), msg, "sambaLMPassword");
if (ret) if (values) {
goto out; ldap_value_free(values);
ret = LDAP_addmod(&mods, LDAP_MOD_DELETE,
"sambaLMPassword", NULL);
if (ret)
goto out;
}
} else if (is_heimdal_entry) { } else if (is_heimdal_entry) {
unsigned char *buf; unsigned char *buf;
@@ -697,9 +712,16 @@ LDAP_entry2mods(krb5_context context, HDB * db, hdb_entry * ent,
if (ent->etypes) { if (ent->etypes) {
/* clobber and replace encryption types. */ /* clobber and replace encryption types. */
if (!is_new_entry) if (!is_new_entry) {
ret = LDAP_addmod(&mods, LDAP_MOD_DELETE, "krb5EncryptionType", values = ldap_get_values(HDB2LDAP(db), msg, "krb5EncryptionType");
NULL); if (values) {
ldap_value_free(values);
ret = LDAP_addmod(&mods, LDAP_MOD_DELETE, "krb5EncryptionType",
NULL);
if (ret)
goto out;
}
}
for (i = 0; i < ent->etypes->len; i++) { for (i = 0; i < ent->etypes->len; i++) {
if (is_samba_account && if (is_samba_account &&
ent->keys.val[i].key.keytype == ETYPE_ARCFOUR_HMAC_MD5) ent->keys.val[i].key.keytype == ETYPE_ARCFOUR_HMAC_MD5)
@@ -753,7 +775,7 @@ LDAP_dn2principal(krb5_context context, HDB * db, const char *dn,
goto out; goto out;
rc = ldap_search_s(HDB2LDAP(db), dn, LDAP_SCOPE_SUBTREE, rc = ldap_search_s(HDB2LDAP(db), dn, LDAP_SCOPE_SUBTREE,
"(objectclass=krb5Principal)", krb5principal_attrs, "(objectClass=krb5Principal)", krb5principal_attrs,
0, &res); 0, &res);
if (check_ldap(context, db, rc)) { if (check_ldap(context, db, rc)) {
krb5_set_error_string(context, "ldap_search_s: %s", krb5_set_error_string(context, "ldap_search_s: %s",
@@ -800,7 +822,7 @@ LDAP__lookup_princ(krb5_context context,
return ret; return ret;
rc = asprintf(&filter, rc = asprintf(&filter,
"(&(objectclass=krb5Principal)(krb5PrincipalName=%s))", "(&(objectClass=krb5Principal)(krb5PrincipalName=%s))",
princname); princname);
if (rc < 0) { if (rc < 0) {
krb5_set_error_string(context, "asprintf: out of memory"); krb5_set_error_string(context, "asprintf: out of memory");
@@ -828,7 +850,7 @@ LDAP__lookup_princ(krb5_context context,
*msg = NULL; *msg = NULL;
rc = asprintf(&filter, rc = asprintf(&filter,
"(&(|(objectclass=sambaSamAccount)(objectclass=%s))(uid=%s))", "(&(|(objectClass=sambaSamAccount)(objectClass=%s))(uid=%s))",
structural_object, userid); structural_object, userid);
if (rc < 0) { if (rc < 0) {
krb5_set_error_string(context, "asprintf: out of memory"); krb5_set_error_string(context, "asprintf: out of memory");