|
Lines 1-7
Link Here
|
| 1 |
/* |
1 |
/* |
| 2 |
* Copyright (c) 1999-2001, 2003, PADL Software Pty Ltd. |
2 |
* Copyright (c) 1999-2001, 2003, PADL Software Pty Ltd. |
| 3 |
* Copyright (c) 2004, Andrew Bartlett. |
3 |
* Copyright (c) 2004, Andrew Bartlett. |
| 4 |
* Copyright (c) 2003 - 2007, Kungliga Tekniska Högskolan. |
4 |
* Copyright (c) 2003 - 2008, Kungliga Tekniska Högskolan. |
| 5 |
* All rights reserved. |
5 |
* All rights reserved. |
| 6 |
* |
6 |
* |
| 7 |
* Redistribution and use in source and binary forms, with or without |
7 |
* Redistribution and use in source and binary forms, with or without |
|
Lines 34-40
Link Here
|
| 34 |
|
34 |
|
| 35 |
#include "hdb_locl.h" |
35 |
#include "hdb_locl.h" |
| 36 |
|
36 |
|
| 37 |
RCSID("$Id: hdb-ldap.c 22071 2007-11-14 20:04:50Z lha $"); |
37 |
RCSID("$Id: hdb-ldap.c 22588 2008-02-11 21:46:45Z lha $"); |
| 38 |
|
38 |
|
| 39 |
#ifdef OPENLDAP |
39 |
#ifdef OPENLDAP |
| 40 |
|
40 |
|
|
Lines 307-344
Link Here
|
| 307 |
LDAP_get_string_value(HDB * db, LDAPMessage * entry, |
307 |
LDAP_get_string_value(HDB * db, LDAPMessage * entry, |
| 308 |
const char *attribute, char **ptr) |
308 |
const char *attribute, char **ptr) |
| 309 |
{ |
309 |
{ |
| 310 |
char **vals; |
310 |
struct berval **vals; |
| 311 |
int ret; |
|
|
| 312 |
|
311 |
|
| 313 |
vals = ldap_get_values(HDB2LDAP(db), entry, (char *) attribute); |
312 |
vals = ldap_get_values_len(HDB2LDAP(db), entry, attribute); |
| 314 |
if (vals == NULL) { |
313 |
if (vals == NULL || vals[0] == NULL) { |
| 315 |
*ptr = NULL; |
314 |
*ptr = NULL; |
| 316 |
return HDB_ERR_NOENTRY; |
315 |
return HDB_ERR_NOENTRY; |
| 317 |
} |
316 |
} |
| 318 |
|
317 |
|
| 319 |
*ptr = strdup(vals[0]); |
318 |
*ptr = malloc(vals[0]->bv_len + 1); |
| 320 |
if (*ptr == NULL) |
319 |
if (*ptr == NULL) { |
| 321 |
ret = ENOMEM; |
320 |
ldap_value_free_len(vals); |
| 322 |
else |
321 |
return ENOMEM; |
| 323 |
ret = 0; |
322 |
} |
| 324 |
|
323 |
|
| 325 |
ldap_value_free(vals); |
324 |
memcpy(*ptr, vals[0]->bv_val, vals[0]->bv_len); |
|
|
325 |
(*ptr)[vals[0]->bv_len] = 0; |
| 326 |
|
326 |
|
| 327 |
return ret; |
327 |
ldap_value_free_len(vals); |
|
|
328 |
|
| 329 |
return 0; |
| 328 |
} |
330 |
} |
| 329 |
|
331 |
|
| 330 |
static krb5_error_code |
332 |
static krb5_error_code |
| 331 |
LDAP_get_integer_value(HDB * db, LDAPMessage * entry, |
333 |
LDAP_get_integer_value(HDB * db, LDAPMessage * entry, |
| 332 |
const char *attribute, int *ptr) |
334 |
const char *attribute, int *ptr) |
| 333 |
{ |
335 |
{ |
| 334 |
char **vals; |
336 |
krb5_error_code ret; |
| 335 |
|
337 |
char *val; |
| 336 |
vals = ldap_get_values(HDB2LDAP(db), entry, (char *) attribute); |
|
|
| 337 |
if (vals == NULL) |
| 338 |
return HDB_ERR_NOENTRY; |
| 339 |
|
338 |
|
| 340 |
*ptr = atoi(vals[0]); |
339 |
ret = LDAP_get_string_value(db, entry, attribute, &val); |
| 341 |
ldap_value_free(vals); |
340 |
if (ret) |
|
|
341 |
return ret; |
| 342 |
*ptr = atoi(val); |
| 343 |
free(val); |
| 342 |
return 0; |
344 |
return 0; |
| 343 |
} |
345 |
} |
| 344 |
|
346 |
|
|
Lines 369-374
Link Here
|
| 369 |
return 0; |
371 |
return 0; |
| 370 |
} |
372 |
} |
| 371 |
|
373 |
|
|
|
374 |
static int |
| 375 |
bervalstrcmp(struct berval *v, const char *str) |
| 376 |
{ |
| 377 |
size_t len = strlen(str); |
| 378 |
return (v->bv_len == len) && strncasecmp(str, (char *)v->bv_val, len) == 0; |
| 379 |
} |
| 380 |
|
| 381 |
|
| 372 |
static krb5_error_code |
382 |
static krb5_error_code |
| 373 |
LDAP_entry2mods(krb5_context context, HDB * db, hdb_entry_ex * ent, |
383 |
LDAP_entry2mods(krb5_context context, HDB * db, hdb_entry_ex * ent, |
| 374 |
LDAPMessage * msg, LDAPMod *** pmods) |
384 |
LDAPMessage * msg, LDAPMod *** pmods) |
|
Lines 386-392
Link Here
|
| 386 |
krb5_boolean is_heimdal_entry = FALSE; |
396 |
krb5_boolean is_heimdal_entry = FALSE; |
| 387 |
krb5_boolean is_heimdal_principal = FALSE; |
397 |
krb5_boolean is_heimdal_principal = FALSE; |
| 388 |
|
398 |
|
| 389 |
char **values; |
399 |
struct berval **vals; |
| 390 |
|
400 |
|
| 391 |
*pmods = NULL; |
401 |
*pmods = NULL; |
| 392 |
|
402 |
|
|
Lines 398-418
Link Here
|
| 398 |
|
408 |
|
| 399 |
is_new_entry = FALSE; |
409 |
is_new_entry = FALSE; |
| 400 |
|
410 |
|
| 401 |
values = ldap_get_values(HDB2LDAP(db), msg, "objectClass"); |
411 |
vals = ldap_get_values_len(HDB2LDAP(db), msg, "objectClass"); |
| 402 |
if (values) { |
412 |
if (vals) { |
| 403 |
int num_objectclasses = ldap_count_values(values); |
413 |
int num_objectclasses = ldap_count_values_len(vals); |
| 404 |
for (i=0; i < num_objectclasses; i++) { |
414 |
for (i=0; i < num_objectclasses; i++) { |
| 405 |
if (strcasecmp(values[i], "sambaSamAccount") == 0) { |
415 |
if (bervalstrcmp(vals[i], "sambaSamAccount")) |
| 406 |
is_samba_account = TRUE; |
416 |
is_samba_account = TRUE; |
| 407 |
} else if (strcasecmp(values[i], structural_object) == 0) { |
417 |
else if (bervalstrcmp(vals[i], structural_object)) |
| 408 |
is_account = TRUE; |
418 |
is_account = TRUE; |
| 409 |
} else if (strcasecmp(values[i], "krb5Principal") == 0) { |
419 |
else if (bervalstrcmp(vals[i], "krb5Principal")) |
| 410 |
is_heimdal_principal = TRUE; |
420 |
is_heimdal_principal = TRUE; |
| 411 |
} else if (strcasecmp(values[i], "krb5KDCEntry") == 0) { |
421 |
else if (bervalstrcmp(vals[i], "krb5KDCEntry")) |
| 412 |
is_heimdal_entry = TRUE; |
422 |
is_heimdal_entry = TRUE; |
| 413 |
} |
|
|
| 414 |
} |
423 |
} |
| 415 |
ldap_value_free(values); |
424 |
ldap_value_free_len(vals); |
| 416 |
} |
425 |
} |
| 417 |
|
426 |
|
| 418 |
/* |
427 |
/* |
|
Lines 602-610
Link Here
|
| 602 |
|
611 |
|
| 603 |
/* Remove keys if they exists, and then replace keys. */ |
612 |
/* Remove keys if they exists, and then replace keys. */ |
| 604 |
if (!is_new_entry && orig.entry.keys.len > 0) { |
613 |
if (!is_new_entry && orig.entry.keys.len > 0) { |
| 605 |
values = ldap_get_values(HDB2LDAP(db), msg, "krb5Key"); |
614 |
vals = ldap_get_values_len(HDB2LDAP(db), msg, "krb5Key"); |
| 606 |
if (values) { |
615 |
if (vals) { |
| 607 |
ldap_value_free(values); |
616 |
ldap_value_free_len(vals); |
| 608 |
|
617 |
|
| 609 |
ret = LDAP_addmod(&mods, LDAP_MOD_DELETE, "krb5Key", NULL); |
618 |
ret = LDAP_addmod(&mods, LDAP_MOD_DELETE, "krb5Key", NULL); |
| 610 |
if (ret) |
619 |
if (ret) |
|
Lines 641-649
Link Here
|
| 641 |
goto out; |
650 |
goto out; |
| 642 |
|
651 |
|
| 643 |
/* have to kill the LM passwod if it exists */ |
652 |
/* have to kill the LM passwod if it exists */ |
| 644 |
values = ldap_get_values(HDB2LDAP(db), msg, "sambaLMPassword"); |
653 |
vals = ldap_get_values_len(HDB2LDAP(db), msg, "sambaLMPassword"); |
| 645 |
if (values) { |
654 |
if (vals) { |
| 646 |
ldap_value_free(values); |
655 |
ldap_value_free_len(vals); |
| 647 |
ret = LDAP_addmod(&mods, LDAP_MOD_DELETE, |
656 |
ret = LDAP_addmod(&mods, LDAP_MOD_DELETE, |
| 648 |
"sambaLMPassword", NULL); |
657 |
"sambaLMPassword", NULL); |
| 649 |
if (ret) |
658 |
if (ret) |
|
Lines 676-684
Link Here
|
| 676 |
*/ |
685 |
*/ |
| 677 |
|
686 |
|
| 678 |
if (!is_new_entry) { |
687 |
if (!is_new_entry) { |
| 679 |
values = ldap_get_values(HDB2LDAP(db), msg, "krb5EncryptionType"); |
688 |
vals = ldap_get_values_len(HDB2LDAP(db), msg, "krb5EncryptionType"); |
| 680 |
if (values) { |
689 |
if (vals) { |
| 681 |
ldap_value_free(values); |
690 |
ldap_value_free_len(vals); |
| 682 |
ret = LDAP_addmod(&mods, LDAP_MOD_DELETE, "krb5EncryptionType", |
691 |
ret = LDAP_addmod(&mods, LDAP_MOD_DELETE, "krb5EncryptionType", |
| 683 |
NULL); |
692 |
NULL); |
| 684 |
if (ret) |
693 |
if (ret) |
|
Lines 730-737
Link Here
|
| 730 |
krb5_error_code ret; |
739 |
krb5_error_code ret; |
| 731 |
int rc; |
740 |
int rc; |
| 732 |
const char *filter = "(objectClass=krb5Principal)"; |
741 |
const char *filter = "(objectClass=krb5Principal)"; |
| 733 |
char **values; |
|
|
| 734 |
LDAPMessage *res = NULL, *e; |
742 |
LDAPMessage *res = NULL, *e; |
|
|
743 |
char *p; |
| 735 |
|
744 |
|
| 736 |
ret = LDAP_no_size_limit(context, HDB2LDAP(db)); |
745 |
ret = LDAP_no_size_limit(context, HDB2LDAP(db)); |
| 737 |
if (ret) |
746 |
if (ret) |
|
Lines 753-766
Link Here
|
| 753 |
goto out; |
762 |
goto out; |
| 754 |
} |
763 |
} |
| 755 |
|
764 |
|
| 756 |
values = ldap_get_values(HDB2LDAP(db), e, "krb5PrincipalName"); |
765 |
ret = LDAP_get_string_value(db, e, "krb5PrincipalName", &p); |
| 757 |
if (values == NULL) { |
766 |
if (ret) { |
| 758 |
ret = HDB_ERR_NOENTRY; |
767 |
ret = HDB_ERR_NOENTRY; |
| 759 |
goto out; |
768 |
goto out; |
| 760 |
} |
769 |
} |
| 761 |
|
770 |
|
| 762 |
ret = krb5_parse_name(context, values[0], principal); |
771 |
ret = krb5_parse_name(context, p, principal); |
| 763 |
ldap_value_free(values); |
772 |
free(p); |
| 764 |
|
773 |
|
| 765 |
out: |
774 |
out: |
| 766 |
if (res) |
775 |
if (res) |
|
Lines 893-902
Link Here
|
| 893 |
{ |
902 |
{ |
| 894 |
char *unparsed_name = NULL, *dn = NULL, *ntPasswordIN = NULL; |
903 |
char *unparsed_name = NULL, *dn = NULL, *ntPasswordIN = NULL; |
| 895 |
char *samba_acct_flags = NULL; |
904 |
char *samba_acct_flags = NULL; |
| 896 |
unsigned long tmp; |
|
|
| 897 |
struct berval **keys; |
905 |
struct berval **keys; |
| 898 |
char **values; |
906 |
struct berval **vals; |
| 899 |
int tmp_time, i, ret, have_arcfour = 0; |
907 |
int tmp, tmp_time, i, ret, have_arcfour = 0; |
| 900 |
|
908 |
|
| 901 |
memset(ent, 0, sizeof(*ent)); |
909 |
memset(ent, 0, sizeof(*ent)); |
| 902 |
ent->entry.flags = int2HDBFlags(0); |
910 |
ent->entry.flags = int2HDBFlags(0); |
|
Lines 962-969
Link Here
|
| 962 |
#endif |
970 |
#endif |
| 963 |
} |
971 |
} |
| 964 |
|
972 |
|
| 965 |
values = ldap_get_values(HDB2LDAP(db), msg, "krb5EncryptionType"); |
973 |
vals = ldap_get_values_len(HDB2LDAP(db), msg, "krb5EncryptionType"); |
| 966 |
if (values != NULL) { |
974 |
if (vals != NULL) { |
| 967 |
int i; |
975 |
int i; |
| 968 |
|
976 |
|
| 969 |
ent->entry.etypes = malloc(sizeof(*(ent->entry.etypes))); |
977 |
ent->entry.etypes = malloc(sizeof(*(ent->entry.etypes))); |
|
Lines 972-988
Link Here
|
| 972 |
ret = ENOMEM; |
980 |
ret = ENOMEM; |
| 973 |
goto out; |
981 |
goto out; |
| 974 |
} |
982 |
} |
| 975 |
ent->entry.etypes->len = ldap_count_values(values); |
983 |
ent->entry.etypes->len = ldap_count_values_len(vals); |
| 976 |
ent->entry.etypes->val = calloc(ent->entry.etypes->len, sizeof(int)); |
984 |
ent->entry.etypes->val = calloc(ent->entry.etypes->len, sizeof(int)); |
| 977 |
if (ent->entry.etypes->val == NULL) { |
985 |
if (ent->entry.etypes->val == NULL) { |
| 978 |
krb5_set_error_string(context, "malloc: out of memory"); |
986 |
krb5_set_error_string(context, "malloc: out of memory"); |
|
|
987 |
ent->entry.etypes->len = 0; |
| 979 |
ret = ENOMEM; |
988 |
ret = ENOMEM; |
| 980 |
goto out; |
989 |
goto out; |
| 981 |
} |
990 |
} |
| 982 |
for (i = 0; i < ent->entry.etypes->len; i++) { |
991 |
for (i = 0; i < ent->entry.etypes->len; i++) { |
| 983 |
ent->entry.etypes->val[i] = atoi(values[i]); |
992 |
char *buf; |
|
|
993 |
|
| 994 |
buf = malloc(vals[i]->bv_len + 1); |
| 995 |
if (buf == NULL) { |
| 996 |
krb5_set_error_string(context, "malloc: out of memory"); |
| 997 |
ret = ENOMEM; |
| 998 |
goto out; |
| 999 |
} |
| 1000 |
memcpy(buf, vals[i]->bv_val, vals[i]->bv_len); |
| 1001 |
buf[vals[i]->bv_len] = '\0'; |
| 1002 |
ent->entry.etypes->val[i] = atoi(buf); |
| 1003 |
free(buf); |
| 984 |
} |
1004 |
} |
| 985 |
ldap_value_free(values); |
1005 |
ldap_value_free_len(vals); |
| 986 |
} |
1006 |
} |
| 987 |
|
1007 |
|
| 988 |
for (i = 0; i < ent->entry.keys.len; i++) { |
1008 |
for (i = 0; i < ent->entry.keys.len; i++) { |
|
Lines 1193-1210
Link Here
|
| 1193 |
*ent->entry.max_renew = max_renew; |
1213 |
*ent->entry.max_renew = max_renew; |
| 1194 |
} |
1214 |
} |
| 1195 |
|
1215 |
|
| 1196 |
values = ldap_get_values(HDB2LDAP(db), msg, "krb5KDCFlags"); |
1216 |
ret = LDAP_get_integer_value(db, msg, "krb5KDCFlags", &tmp); |
| 1197 |
if (values != NULL) { |
1217 |
if (ret) |
| 1198 |
errno = 0; |
|
|
| 1199 |
tmp = strtoul(values[0], (char **) NULL, 10); |
| 1200 |
if (tmp == ULONG_MAX && errno == ERANGE) { |
| 1201 |
krb5_set_error_string(context, "strtoul: could not convert flag"); |
| 1202 |
ret = ERANGE; |
| 1203 |
goto out; |
| 1204 |
} |
| 1205 |
} else { |
| 1206 |
tmp = 0; |
1218 |
tmp = 0; |
| 1207 |
} |
|
|
| 1208 |
|
1219 |
|
| 1209 |
ent->entry.flags = int2HDBFlags(tmp); |
1220 |
ent->entry.flags = int2HDBFlags(tmp); |
| 1210 |
|
1221 |
|
