Lines 1-7
Link Here
|
1 |
/* |
1 |
/* |
2 |
* Copyright (c) 1999-2001, 2003, PADL Software Pty Ltd. |
2 |
* Copyright (c) 1999-2001, 2003, PADL Software Pty Ltd. |
3 |
* Copyright (c) 2004, Andrew Bartlett. |
3 |
* Copyright (c) 2004, Andrew Bartlett. |
4 |
* Copyright (c) 2003 - 2007, Kungliga Tekniska Högskolan. |
4 |
* Copyright (c) 2003 - 2008, Kungliga Tekniska Högskolan. |
5 |
* All rights reserved. |
5 |
* All rights reserved. |
6 |
* |
6 |
* |
7 |
* Redistribution and use in source and binary forms, with or without |
7 |
* Redistribution and use in source and binary forms, with or without |
Lines 34-40
Link Here
|
34 |
|
34 |
|
35 |
#include "hdb_locl.h" |
35 |
#include "hdb_locl.h" |
36 |
|
36 |
|
37 |
RCSID("$Id: hdb-ldap.c 22071 2007-11-14 20:04:50Z lha $"); |
37 |
RCSID("$Id: hdb-ldap.c 22588 2008-02-11 21:46:45Z lha $"); |
38 |
|
38 |
|
39 |
#ifdef OPENLDAP |
39 |
#ifdef OPENLDAP |
40 |
|
40 |
|
Lines 307-344
Link Here
|
307 |
LDAP_get_string_value(HDB * db, LDAPMessage * entry, |
307 |
LDAP_get_string_value(HDB * db, LDAPMessage * entry, |
308 |
const char *attribute, char **ptr) |
308 |
const char *attribute, char **ptr) |
309 |
{ |
309 |
{ |
310 |
char **vals; |
310 |
struct berval **vals; |
311 |
int ret; |
|
|
312 |
|
311 |
|
313 |
vals = ldap_get_values(HDB2LDAP(db), entry, (char *) attribute); |
312 |
vals = ldap_get_values_len(HDB2LDAP(db), entry, attribute); |
314 |
if (vals == NULL) { |
313 |
if (vals == NULL || vals[0] == NULL) { |
315 |
*ptr = NULL; |
314 |
*ptr = NULL; |
316 |
return HDB_ERR_NOENTRY; |
315 |
return HDB_ERR_NOENTRY; |
317 |
} |
316 |
} |
318 |
|
317 |
|
319 |
*ptr = strdup(vals[0]); |
318 |
*ptr = malloc(vals[0]->bv_len + 1); |
320 |
if (*ptr == NULL) |
319 |
if (*ptr == NULL) { |
321 |
ret = ENOMEM; |
320 |
ldap_value_free_len(vals); |
322 |
else |
321 |
return ENOMEM; |
323 |
ret = 0; |
322 |
} |
324 |
|
323 |
|
325 |
ldap_value_free(vals); |
324 |
memcpy(*ptr, vals[0]->bv_val, vals[0]->bv_len); |
|
|
325 |
(*ptr)[vals[0]->bv_len] = 0; |
326 |
|
326 |
|
327 |
return ret; |
327 |
ldap_value_free_len(vals); |
|
|
328 |
|
329 |
return 0; |
328 |
} |
330 |
} |
329 |
|
331 |
|
330 |
static krb5_error_code |
332 |
static krb5_error_code |
331 |
LDAP_get_integer_value(HDB * db, LDAPMessage * entry, |
333 |
LDAP_get_integer_value(HDB * db, LDAPMessage * entry, |
332 |
const char *attribute, int *ptr) |
334 |
const char *attribute, int *ptr) |
333 |
{ |
335 |
{ |
334 |
char **vals; |
336 |
krb5_error_code ret; |
335 |
|
337 |
char *val; |
336 |
vals = ldap_get_values(HDB2LDAP(db), entry, (char *) attribute); |
|
|
337 |
if (vals == NULL) |
338 |
return HDB_ERR_NOENTRY; |
339 |
|
338 |
|
340 |
*ptr = atoi(vals[0]); |
339 |
ret = LDAP_get_string_value(db, entry, attribute, &val); |
341 |
ldap_value_free(vals); |
340 |
if (ret) |
|
|
341 |
return ret; |
342 |
*ptr = atoi(val); |
343 |
free(val); |
342 |
return 0; |
344 |
return 0; |
343 |
} |
345 |
} |
344 |
|
346 |
|
Lines 369-374
Link Here
|
369 |
return 0; |
371 |
return 0; |
370 |
} |
372 |
} |
371 |
|
373 |
|
|
|
374 |
static int |
375 |
bervalstrcmp(struct berval *v, const char *str) |
376 |
{ |
377 |
size_t len = strlen(str); |
378 |
return (v->bv_len == len) && strncasecmp(str, (char *)v->bv_val, len) == 0; |
379 |
} |
380 |
|
381 |
|
372 |
static krb5_error_code |
382 |
static krb5_error_code |
373 |
LDAP_entry2mods(krb5_context context, HDB * db, hdb_entry_ex * ent, |
383 |
LDAP_entry2mods(krb5_context context, HDB * db, hdb_entry_ex * ent, |
374 |
LDAPMessage * msg, LDAPMod *** pmods) |
384 |
LDAPMessage * msg, LDAPMod *** pmods) |
Lines 386-392
Link Here
|
386 |
krb5_boolean is_heimdal_entry = FALSE; |
396 |
krb5_boolean is_heimdal_entry = FALSE; |
387 |
krb5_boolean is_heimdal_principal = FALSE; |
397 |
krb5_boolean is_heimdal_principal = FALSE; |
388 |
|
398 |
|
389 |
char **values; |
399 |
struct berval **vals; |
390 |
|
400 |
|
391 |
*pmods = NULL; |
401 |
*pmods = NULL; |
392 |
|
402 |
|
Lines 398-418
Link Here
|
398 |
|
408 |
|
399 |
is_new_entry = FALSE; |
409 |
is_new_entry = FALSE; |
400 |
|
410 |
|
401 |
values = ldap_get_values(HDB2LDAP(db), msg, "objectClass"); |
411 |
vals = ldap_get_values_len(HDB2LDAP(db), msg, "objectClass"); |
402 |
if (values) { |
412 |
if (vals) { |
403 |
int num_objectclasses = ldap_count_values(values); |
413 |
int num_objectclasses = ldap_count_values_len(vals); |
404 |
for (i=0; i < num_objectclasses; i++) { |
414 |
for (i=0; i < num_objectclasses; i++) { |
405 |
if (strcasecmp(values[i], "sambaSamAccount") == 0) { |
415 |
if (bervalstrcmp(vals[i], "sambaSamAccount")) |
406 |
is_samba_account = TRUE; |
416 |
is_samba_account = TRUE; |
407 |
} else if (strcasecmp(values[i], structural_object) == 0) { |
417 |
else if (bervalstrcmp(vals[i], structural_object)) |
408 |
is_account = TRUE; |
418 |
is_account = TRUE; |
409 |
} else if (strcasecmp(values[i], "krb5Principal") == 0) { |
419 |
else if (bervalstrcmp(vals[i], "krb5Principal")) |
410 |
is_heimdal_principal = TRUE; |
420 |
is_heimdal_principal = TRUE; |
411 |
} else if (strcasecmp(values[i], "krb5KDCEntry") == 0) { |
421 |
else if (bervalstrcmp(vals[i], "krb5KDCEntry")) |
412 |
is_heimdal_entry = TRUE; |
422 |
is_heimdal_entry = TRUE; |
413 |
} |
|
|
414 |
} |
423 |
} |
415 |
ldap_value_free(values); |
424 |
ldap_value_free_len(vals); |
416 |
} |
425 |
} |
417 |
|
426 |
|
418 |
/* |
427 |
/* |
Lines 602-610
Link Here
|
602 |
|
611 |
|
603 |
/* Remove keys if they exists, and then replace keys. */ |
612 |
/* Remove keys if they exists, and then replace keys. */ |
604 |
if (!is_new_entry && orig.entry.keys.len > 0) { |
613 |
if (!is_new_entry && orig.entry.keys.len > 0) { |
605 |
values = ldap_get_values(HDB2LDAP(db), msg, "krb5Key"); |
614 |
vals = ldap_get_values_len(HDB2LDAP(db), msg, "krb5Key"); |
606 |
if (values) { |
615 |
if (vals) { |
607 |
ldap_value_free(values); |
616 |
ldap_value_free_len(vals); |
608 |
|
617 |
|
609 |
ret = LDAP_addmod(&mods, LDAP_MOD_DELETE, "krb5Key", NULL); |
618 |
ret = LDAP_addmod(&mods, LDAP_MOD_DELETE, "krb5Key", NULL); |
610 |
if (ret) |
619 |
if (ret) |
Lines 641-649
Link Here
|
641 |
goto out; |
650 |
goto out; |
642 |
|
651 |
|
643 |
/* have to kill the LM passwod if it exists */ |
652 |
/* have to kill the LM passwod if it exists */ |
644 |
values = ldap_get_values(HDB2LDAP(db), msg, "sambaLMPassword"); |
653 |
vals = ldap_get_values_len(HDB2LDAP(db), msg, "sambaLMPassword"); |
645 |
if (values) { |
654 |
if (vals) { |
646 |
ldap_value_free(values); |
655 |
ldap_value_free_len(vals); |
647 |
ret = LDAP_addmod(&mods, LDAP_MOD_DELETE, |
656 |
ret = LDAP_addmod(&mods, LDAP_MOD_DELETE, |
648 |
"sambaLMPassword", NULL); |
657 |
"sambaLMPassword", NULL); |
649 |
if (ret) |
658 |
if (ret) |
Lines 676-684
Link Here
|
676 |
*/ |
685 |
*/ |
677 |
|
686 |
|
678 |
if (!is_new_entry) { |
687 |
if (!is_new_entry) { |
679 |
values = ldap_get_values(HDB2LDAP(db), msg, "krb5EncryptionType"); |
688 |
vals = ldap_get_values_len(HDB2LDAP(db), msg, "krb5EncryptionType"); |
680 |
if (values) { |
689 |
if (vals) { |
681 |
ldap_value_free(values); |
690 |
ldap_value_free_len(vals); |
682 |
ret = LDAP_addmod(&mods, LDAP_MOD_DELETE, "krb5EncryptionType", |
691 |
ret = LDAP_addmod(&mods, LDAP_MOD_DELETE, "krb5EncryptionType", |
683 |
NULL); |
692 |
NULL); |
684 |
if (ret) |
693 |
if (ret) |
Lines 730-737
Link Here
|
730 |
krb5_error_code ret; |
739 |
krb5_error_code ret; |
731 |
int rc; |
740 |
int rc; |
732 |
const char *filter = "(objectClass=krb5Principal)"; |
741 |
const char *filter = "(objectClass=krb5Principal)"; |
733 |
char **values; |
|
|
734 |
LDAPMessage *res = NULL, *e; |
742 |
LDAPMessage *res = NULL, *e; |
|
|
743 |
char *p; |
735 |
|
744 |
|
736 |
ret = LDAP_no_size_limit(context, HDB2LDAP(db)); |
745 |
ret = LDAP_no_size_limit(context, HDB2LDAP(db)); |
737 |
if (ret) |
746 |
if (ret) |
Lines 753-766
Link Here
|
753 |
goto out; |
762 |
goto out; |
754 |
} |
763 |
} |
755 |
|
764 |
|
756 |
values = ldap_get_values(HDB2LDAP(db), e, "krb5PrincipalName"); |
765 |
ret = LDAP_get_string_value(db, e, "krb5PrincipalName", &p); |
757 |
if (values == NULL) { |
766 |
if (ret) { |
758 |
ret = HDB_ERR_NOENTRY; |
767 |
ret = HDB_ERR_NOENTRY; |
759 |
goto out; |
768 |
goto out; |
760 |
} |
769 |
} |
761 |
|
770 |
|
762 |
ret = krb5_parse_name(context, values[0], principal); |
771 |
ret = krb5_parse_name(context, p, principal); |
763 |
ldap_value_free(values); |
772 |
free(p); |
764 |
|
773 |
|
765 |
out: |
774 |
out: |
766 |
if (res) |
775 |
if (res) |
Lines 893-902
Link Here
|
893 |
{ |
902 |
{ |
894 |
char *unparsed_name = NULL, *dn = NULL, *ntPasswordIN = NULL; |
903 |
char *unparsed_name = NULL, *dn = NULL, *ntPasswordIN = NULL; |
895 |
char *samba_acct_flags = NULL; |
904 |
char *samba_acct_flags = NULL; |
896 |
unsigned long tmp; |
|
|
897 |
struct berval **keys; |
905 |
struct berval **keys; |
898 |
char **values; |
906 |
struct berval **vals; |
899 |
int tmp_time, i, ret, have_arcfour = 0; |
907 |
int tmp, tmp_time, i, ret, have_arcfour = 0; |
900 |
|
908 |
|
901 |
memset(ent, 0, sizeof(*ent)); |
909 |
memset(ent, 0, sizeof(*ent)); |
902 |
ent->entry.flags = int2HDBFlags(0); |
910 |
ent->entry.flags = int2HDBFlags(0); |
Lines 962-969
Link Here
|
962 |
#endif |
970 |
#endif |
963 |
} |
971 |
} |
964 |
|
972 |
|
965 |
values = ldap_get_values(HDB2LDAP(db), msg, "krb5EncryptionType"); |
973 |
vals = ldap_get_values_len(HDB2LDAP(db), msg, "krb5EncryptionType"); |
966 |
if (values != NULL) { |
974 |
if (vals != NULL) { |
967 |
int i; |
975 |
int i; |
968 |
|
976 |
|
969 |
ent->entry.etypes = malloc(sizeof(*(ent->entry.etypes))); |
977 |
ent->entry.etypes = malloc(sizeof(*(ent->entry.etypes))); |
Lines 972-988
Link Here
|
972 |
ret = ENOMEM; |
980 |
ret = ENOMEM; |
973 |
goto out; |
981 |
goto out; |
974 |
} |
982 |
} |
975 |
ent->entry.etypes->len = ldap_count_values(values); |
983 |
ent->entry.etypes->len = ldap_count_values_len(vals); |
976 |
ent->entry.etypes->val = calloc(ent->entry.etypes->len, sizeof(int)); |
984 |
ent->entry.etypes->val = calloc(ent->entry.etypes->len, sizeof(int)); |
977 |
if (ent->entry.etypes->val == NULL) { |
985 |
if (ent->entry.etypes->val == NULL) { |
978 |
krb5_set_error_string(context, "malloc: out of memory"); |
986 |
krb5_set_error_string(context, "malloc: out of memory"); |
|
|
987 |
ent->entry.etypes->len = 0; |
979 |
ret = ENOMEM; |
988 |
ret = ENOMEM; |
980 |
goto out; |
989 |
goto out; |
981 |
} |
990 |
} |
982 |
for (i = 0; i < ent->entry.etypes->len; i++) { |
991 |
for (i = 0; i < ent->entry.etypes->len; i++) { |
983 |
ent->entry.etypes->val[i] = atoi(values[i]); |
992 |
char *buf; |
|
|
993 |
|
994 |
buf = malloc(vals[i]->bv_len + 1); |
995 |
if (buf == NULL) { |
996 |
krb5_set_error_string(context, "malloc: out of memory"); |
997 |
ret = ENOMEM; |
998 |
goto out; |
999 |
} |
1000 |
memcpy(buf, vals[i]->bv_val, vals[i]->bv_len); |
1001 |
buf[vals[i]->bv_len] = '\0'; |
1002 |
ent->entry.etypes->val[i] = atoi(buf); |
1003 |
free(buf); |
984 |
} |
1004 |
} |
985 |
ldap_value_free(values); |
1005 |
ldap_value_free_len(vals); |
986 |
} |
1006 |
} |
987 |
|
1007 |
|
988 |
for (i = 0; i < ent->entry.keys.len; i++) { |
1008 |
for (i = 0; i < ent->entry.keys.len; i++) { |
Lines 1193-1210
Link Here
|
1193 |
*ent->entry.max_renew = max_renew; |
1213 |
*ent->entry.max_renew = max_renew; |
1194 |
} |
1214 |
} |
1195 |
|
1215 |
|
1196 |
values = ldap_get_values(HDB2LDAP(db), msg, "krb5KDCFlags"); |
1216 |
ret = LDAP_get_integer_value(db, msg, "krb5KDCFlags", &tmp); |
1197 |
if (values != NULL) { |
1217 |
if (ret) |
1198 |
errno = 0; |
|
|
1199 |
tmp = strtoul(values[0], (char **) NULL, 10); |
1200 |
if (tmp == ULONG_MAX && errno == ERANGE) { |
1201 |
krb5_set_error_string(context, "strtoul: could not convert flag"); |
1202 |
ret = ERANGE; |
1203 |
goto out; |
1204 |
} |
1205 |
} else { |
1206 |
tmp = 0; |
1218 |
tmp = 0; |
1207 |
} |
|
|
1208 |
|
1219 |
|
1209 |
ent->entry.flags = int2HDBFlags(tmp); |
1220 |
ent->entry.flags = int2HDBFlags(tmp); |
1210 |
|
1221 |
|