159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan * Copyright 2008 Sun Microsystems, Inc. All rights reserved.
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf * Use is subject to license terms.
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf * Copyright (c) 2004-2005, Novell, Inc.
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf * All rights reserved.
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf * Redistribution and use in source and binary forms, with or without
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf * modification, are permitted provided that the following conditions are met:
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf * * Redistributions of source code must retain the above copyright notice,
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf * this list of conditions and the following disclaimer.
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf * * Redistributions in binary form must reproduce the above copyright
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf * notice, this list of conditions and the following disclaimer in the
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf * documentation and/or other materials provided with the distribution.
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf * * The copyright holder's name is not used to endorse or promote products
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf * derived from this software without specific prior written permission.
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf * POSSIBILITY OF SUCH DAMAGE.
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf/* We want the interfaces marked "deprecated" in OpenLDAP. */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf/* Check for acceptable versions.
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf OpenLDAP version 2.2.6 is known to have some kind of problem that
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf is tickled by the use of multiple handles in this code. Version
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf 2.2.19 in Mac OS 10.4.7 seems to be buggy as well. Version 2.2.24
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf doesn't have this problem. Other in-between versions have not been
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf# error This code triggers bugs in old OpenLDAP implementations. Please update to 2.2.24 or later.
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf#endif /* BUILD_WITH_BROKEN_LDAP */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf/* Solaris Kerberos: need this define to get around sccs keyword expansion */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf#if !defined(LDAP_OPT_RESULT_CODE) && defined(LDAP_OPT_ERROR_NUMBER)
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf#define SETUP_CONTEXT() if (context == NULL || context->db_context == NULL \
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf || ((kdb5_dal_handle *)context->db_context)->db_context == NULL) { \
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf dal_handle = (kdb5_dal_handle *)context->db_context; \
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf ldap_context = (krb5_ldap_context *) dal_handle->db_context; \
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf if (ldap_context == NULL || ldap_context->server_info_list == NULL) \
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf st = krb5_ldap_request_handle_from_pool(ldap_context, &ldap_server_handle); \
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf if (st != 0) { \
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf prepend_err_str(context, "LDAP handle unavailable: ", KRB5_KDB_ACCESS_ERROR, st); \
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillfextern int set_ldap_error (krb5_context ctx, int st, int op);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillfextern void prepend_err_str (krb5_context ctx, const char *s, krb5_error_code err, krb5_error_code oerr);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf#define LDAP_SEARCH(base, scope, filter, attrs) LDAP_SEARCH_1(base, scope, filter, attrs, CHECK_STATUS)
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf#define LDAP_SEARCH_1(base, scope, filter, attrs, status_check) \
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf st = ldap_search_ext_s(ld, base, scope, filter, attrs, 0, NULL, NULL, &timelimit, LDAP_NO_LIMIT, &result); \
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf if (translate_ldap_error(st, OP_SEARCH) == KRB5_KDB_ACCESS_ERROR) { \
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf tempst = krb5_ldap_rebind(ldap_context, &ldap_server_handle); \
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf }while (translate_ldap_error(st, OP_SEARCH) == KRB5_KDB_ACCESS_ERROR && tempst == 0); \
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf if (tempst != 0) { \
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf prepend_err_str(context, "LDAP handle unavailable: ", KRB5_KDB_ACCESS_ERROR, st); \
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf st = set_ldap_error(context, LDAP_OBJECT_CLASS_VIOLATION, OP_SEARCH); \
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf#define UNSTORE16_INT(ptr, val) (val = load_16_be(ptr))
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf#define UNSTORE32_INT(ptr, val) (val = load_32_be(ptr))
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf#define CHECK_LDAP_HANDLE(lcontext) if (!(ldap_context \
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf#define HNDL_LOCK(lcontext) k5_mutex_lock(&lcontext->hndl_lock)
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf#define HNDL_UNLOCK(lcontext) k5_mutex_unlock(&lcontext->hndl_lock)
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf/* To be used later */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf/* ldap server info structure */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillftypedef enum _server_type {PRIMARY, SECONDARY} krb5_ldap_server_type;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillftypedef enum _server_status {OFF, ON, NOTSET} krb5_ldap_server_status;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillftypedef struct _krb5_ldap_server_info krb5_ldap_server_info;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf/* ldap server structure */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillftypedef enum {SERVICE_DN_TYPE_SERVER, SERVICE_DN_TYPE_CLIENT} krb5_ldap_servicetype;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf krb5_context kcontext; /* to set the error code and message */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillftypedef struct {
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf && ((krb5_ldap_context *) ((kdb5_dal_handle*)c->db_context)->db_context))
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf/* misc functions */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillfkrb5_ldap_rebind(krb5_ldap_context *, krb5_ldap_server_handle **);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillfkrb5_ldap_alloc( krb5_context kcontext, void *ptr, size_t size );
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillfkrb5_ldap_set_mkey(krb5_context, char *, krb5_keyblock *);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf/* DAL functions */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillfkrb5_ldap_free_supported_realms( krb5_context, char ** );
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillfconst char *
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillfkrb5_ldap_release_errcode_string (krb5_context, const char *);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf/* Solaris Kerberos: added a use_SSL parameter */