oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

require search base to be configured, create local context structure

Browse Source 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@13897 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2004-06-01 15:29:36 +00:00
parent 9cae5b83b4
commit fabc739054
1 changed files with 73 additions and 54 deletions
Download Patch File Download Diff File Expand all files Collapse all files

113
lib/hdb/hdb-ldap.c
View File

@@ -48,12 +48,27 @@ static krb5_error_code
LDAP_message2entry(krb5_context context, HDB * db, LDAPMessage * msg, LDAP_message2entry(krb5_context context, HDB * db, LDAPMessage * msg,
hdb_entry * ent); hdb_entry * ent);
#define HDB2LDAP(db) ((LDAP *)(db)->hdb_db)
static const char *default_structural_object = "account"; static const char *default_structural_object = "account";
static char *structural_object; static char *structural_object;
static krb5_boolean samba_forwardable; static krb5_boolean samba_forwardable;
struct hdbldapdb {
LDAP *h_lp;
int h_msgid;
char *h_base;
#if 0
char *h_createbase;
#endif
};
#define HDB2LDAP(db) (((struct hdbldapdb *)(db)->hdb_db)->h_lp)
#define HDB2MSGID(db) (((struct hdbldapdb *)(db)->hdb_db)->h_msgid)
#define HDBSETMSGID(db,msgid) do { ((struct hdbldapdb *)(db)->hdb_db)->h_msgid = msgid; } while(0)
#define HDB2BASE(dn) (((struct hdbldapdb *)(db)->hdb_db)->h_base)
#if 0
#define HDB2CREATE(db) (((struct hdbldapdb *)(db)->hdb_db)->h_createbase)
#endif
/* /*
* *
*/ */
@@ -786,7 +801,7 @@ LDAP__lookup_princ(krb5_context context,
if (ret) if (ret)
goto out; goto out;
rc = ldap_search_s(HDB2LDAP(db), db->hdb_name, LDAP_SCOPE_SUBTREE, filter, rc = ldap_search_s(HDB2LDAP(db), HDB2BASE(db), LDAP_SCOPE_SUBTREE, filter,
krb5kdcentry_attrs, 0, msg); krb5kdcentry_attrs, 0, msg);
if (rc != LDAP_SUCCESS) { if (rc != LDAP_SUCCESS) {
krb5_set_error_string(context, "ldap_search_s: %s", krb5_set_error_string(context, "ldap_search_s: %s",
@@ -802,7 +817,7 @@ LDAP__lookup_princ(krb5_context context,
*msg = NULL; *msg = NULL;
rc = asprintf(&filter, rc = asprintf(&filter,
"(&(objectclass=account)(uid=%s))", "(&(objectclass=sambaSamAccount)(uid=%s))",
userid); userid);
if (rc < 0) { if (rc < 0) {
krb5_set_error_string(context, "asprintf: out of memory"); krb5_set_error_string(context, "asprintf: out of memory");
@@ -814,7 +829,7 @@ LDAP__lookup_princ(krb5_context context,
if (ret) if (ret)
goto out; goto out;
rc = ldap_search_s(HDB2LDAP(db), db->hdb_name, LDAP_SCOPE_SUBTREE, rc = ldap_search_s(HDB2LDAP(db), HDB2BASE(db), LDAP_SCOPE_SUBTREE,
filter, krb5kdcentry_attrs, 0, msg); filter, krb5kdcentry_attrs, 0, msg);
if (rc != LDAP_SUCCESS) { if (rc != LDAP_SUCCESS) {
krb5_set_error_string(context, "ldap_search_s: %s", krb5_set_error_string(context, "ldap_search_s: %s",
@@ -1265,10 +1280,13 @@ LDAP_message2entry(krb5_context context, HDB * db, LDAPMessage * msg,
return ret; return ret;
} }
static krb5_error_code LDAP_close(krb5_context context, HDB * db) static krb5_error_code
LDAP_close(krb5_context context, HDB * db)
{ {
if (HDB2LDAP(db)) {
ldap_unbind_ext(HDB2LDAP(db), NULL, NULL); ldap_unbind_ext(HDB2LDAP(db), NULL, NULL);
db->hdb_db = NULL; ((struct hdbldapdb *)db->hdb_db)->h_lp = NULL;
}
return 0; return 0;
} }
@@ -1292,10 +1310,9 @@ LDAP_seq(krb5_context context, HDB * db, unsigned flags, hdb_entry * entry)
krb5_error_code ret; krb5_error_code ret;
LDAPMessage *e; LDAPMessage *e;
msgid = db->hdb_openp; /* BOGUS OVERLOADING */ msgid = HDB2MSGID(db);
if (msgid < 0) { if (msgid < 0)
return HDB_ERR_NOENTRY; return HDB_ERR_NOENTRY;
}
do { do {
rc = ldap_result(HDB2LDAP(db), msgid, LDAP_MSG_ONE, NULL, &e); rc = ldap_result(HDB2LDAP(db), msgid, LDAP_MSG_ONE, NULL, &e);
@@ -1316,7 +1333,7 @@ LDAP_seq(krb5_context context, HDB * db, unsigned flags, hdb_entry * entry)
ldap_abandon(HDB2LDAP(db), msgid); ldap_abandon(HDB2LDAP(db), msgid);
} }
ret = HDB_ERR_NOENTRY; ret = HDB_ERR_NOENTRY;
db->hdb_openp = -1; HDBSETMSGID(db, -1);
break; break;
case 0: case 0:
case -1: case -1:
@@ -1325,7 +1342,7 @@ LDAP_seq(krb5_context context, HDB * db, unsigned flags, hdb_entry * entry)
ldap_msgfree(e); ldap_msgfree(e);
ldap_abandon(HDB2LDAP(db), msgid); ldap_abandon(HDB2LDAP(db), msgid);
ret = HDB_ERR_NOENTRY; ret = HDB_ERR_NOENTRY;
db->hdb_openp = -1; HDBSETMSGID(db, -1);
break; break;
} }
} while (rc == LDAP_RES_SEARCH_REFERENCE); } while (rc == LDAP_RES_SEARCH_REFERENCE);
@@ -1356,14 +1373,13 @@ LDAP_firstkey(krb5_context context, HDB *db, unsigned flags,
if (ret) if (ret)
return ret; return ret;
msgid = ldap_search(HDB2LDAP(db), db->hdb_name, msgid = ldap_search(HDB2LDAP(db), HDB2BASE(db),
LDAP_SCOPE_SUBTREE, "(objectclass=krb5Principal)", LDAP_SCOPE_SUBTREE, "(objectclass=krb5Principal)",
krb5kdcentry_attrs, 0); krb5kdcentry_attrs, 0);
if (msgid < 0) { if (msgid < 0)
return HDB_ERR_NOENTRY; return HDB_ERR_NOENTRY;
}
db->hdb_openp = msgid; HDBSETMSGID(db, msgid);
return LDAP_seq(context, db, flags, entry); return LDAP_seq(context, db, flags, entry);
} }
@@ -1392,7 +1408,7 @@ static krb5_error_code LDAP__connect(krb5_context context, HDB * db)
*/ */
struct berval bv = { 0, "" }; struct berval bv = { 0, "" };
if (db->hdb_db != NULL) { if (HDB2LDAP(db)) {
/* connection has been opened. ping server. */ /* connection has been opened. ping server. */
struct sockaddr_un addr; struct sockaddr_un addr;
socklen_t len = sizeof(addr); socklen_t len = sizeof(addr);
@@ -1405,7 +1421,7 @@ static krb5_error_code LDAP__connect(krb5_context context, HDB * db)
} }
} }
if (db->hdb_db != NULL) { if (HDB2LDAP(db) != NULL) {
/* server is UP */ /* server is UP */
return 0; return 0;
} }
@@ -1422,8 +1438,7 @@ static krb5_error_code LDAP__connect(krb5_context context, HDB * db)
if (rc != LDAP_SUCCESS) { if (rc != LDAP_SUCCESS) {
krb5_set_error_string(context, "ldap_set_option: %s", krb5_set_error_string(context, "ldap_set_option: %s",
ldap_err2string(rc)); ldap_err2string(rc));
ldap_unbind_ext(HDB2LDAP(db), NULL, NULL); LDAP_close(context, db);
db->hdb_db = NULL;
return HDB_ERR_BADVERSION; return HDB_ERR_BADVERSION;
} }
@@ -1432,8 +1447,7 @@ static krb5_error_code LDAP__connect(krb5_context context, HDB * db)
if (rc != LDAP_SUCCESS) { if (rc != LDAP_SUCCESS) {
krb5_set_error_string(context, "ldap_sasl_bind_s: %s", krb5_set_error_string(context, "ldap_sasl_bind_s: %s",
ldap_err2string(rc)); ldap_err2string(rc));
ldap_unbind_ext(HDB2LDAP(db), NULL, NULL); LDAP_close(context, db);
db->hdb_db = NULL;
return HDB_ERR_BADVERSION; return HDB_ERR_BADVERSION;
} }
@@ -1525,14 +1539,7 @@ LDAP_store(krb5_context context, HDB * db, unsigned flags,
} }
if (e == NULL) { if (e == NULL) {
e = NULL; ret = asprintf(&dn, "krb5PrincipalName=%s,%s", name, HDB2BASE(db));
if (db->hdb_name != NULL) {
ret = asprintf(&dn, "krb5PrincipalName=%s,%s", name, db->hdb_name);
} else {
/* A bit bogus, but we don't have a search base */
ret = asprintf(&dn, "krb5PrincipalName=%s", name);
}
if (ret < 0) { if (ret < 0) {
krb5_set_error_string(context, "asprintf: out of memory"); krb5_set_error_string(context, "asprintf: out of memory");
ret = ENOMEM; ret = ENOMEM;
@@ -1642,14 +1649,19 @@ LDAP_remove(krb5_context context, HDB * db, hdb_entry * entry)
return ret; return ret;
} }
static krb5_error_code LDAP_destroy(krb5_context context, HDB * db) static krb5_error_code
LDAP_destroy(krb5_context context, HDB * db)
{ {
krb5_error_code ret; krb5_error_code ret;
LDAP_close(context, db);
ret = hdb_clear_master_key(context, db); ret = hdb_clear_master_key(context, db);
if (db->hdb_name != NULL) { if (HDB2BASE(db))
free(HDB2BASE(db));
if (db->hdb_name)
free(db->hdb_name); free(db->hdb_name);
} free(db->hdb_db);
free(db); free(db);
return ret; return ret;
@@ -1658,6 +1670,13 @@ static krb5_error_code LDAP_destroy(krb5_context context, HDB * db)
krb5_error_code krb5_error_code
hdb_ldap_create(krb5_context context, HDB ** db, const char *arg) hdb_ldap_create(krb5_context context, HDB ** db, const char *arg)
{ {
struct hdbldapdb *h;
if (arg == NULL && arg[0] == '\0') {
krb5_set_error_string(context, "ldap search base not configured");
return ENOMEM; /* XXX */
}
if (structural_object == NULL) { if (structural_object == NULL) {
const char *p; const char *p;
@@ -1683,26 +1702,26 @@ hdb_ldap_create(krb5_context context, HDB ** db, const char *arg)
} }
memset(*db, 0, sizeof(**db)); memset(*db, 0, sizeof(**db));
(*db)->hdb_db = NULL; h = malloc(sizeof(*h));
if (h == NULL) {
krb5_set_error_string(context, "malloc: out of memory");
free(*db);
*db = NULL;
return ENOMEM;
}
memset(h, 0, sizeof(*h));
if (arg == NULL || arg[0] == '\0') { asprintf(&(*db)->hdb_name, "ldap:%s", arg);
/*
* if no argument specified in the configuration file (*db)->hdb_db = h;
* then use NULL, which tells OpenLDAP to look in h->h_base = strdup(arg);
* the ldap.conf file. This doesn't work for if (h->h_base == NULL) {
* writing entries because we don't know where to
* put new principals.
*/
(*db)->hdb_name = NULL;
} else {
(*db)->hdb_name = strdup(arg);
if ((*db)->hdb_name == NULL) {
krb5_set_error_string(context, "strdup: out of memory"); krb5_set_error_string(context, "strdup: out of memory");
free(*db); free(*db);
*db = NULL; *db = NULL;
return ENOMEM; return ENOMEM;
} }
}
(*db)->hdb_master_key_set = 0; (*db)->hdb_master_key_set = 0;
(*db)->hdb_openp = 0; (*db)->hdb_openp = 0;