kdb_ldap_conn.c revision 7c64d3750da7fda7e450b8f9b0b963905ded6379
d17cfefcbcb248a6b3476b2cad2332354a06f1a0Brian Bailey * Copyright 2008 Sun Microsystems, Inc. All rights reserved.
d17cfefcbcb248a6b3476b2cad2332354a06f1a0Brian Bailey * Use is subject to license terms.
d17cfefcbcb248a6b3476b2cad2332354a06f1a0Brian Bailey#pragma ident "%Z%%M% %I% %E% SMI"
d17cfefcbcb248a6b3476b2cad2332354a06f1a0Brian Bailey * Copyright (c) 2004-2005, Novell, Inc.
d17cfefcbcb248a6b3476b2cad2332354a06f1a0Brian Bailey * All rights reserved.
d17cfefcbcb248a6b3476b2cad2332354a06f1a0Brian Bailey * Redistribution and use in source and binary forms, with or without
d17cfefcbcb248a6b3476b2cad2332354a06f1a0Brian Bailey * modification, are permitted provided that the following conditions are met:
d17cfefcbcb248a6b3476b2cad2332354a06f1a0Brian Bailey * * Redistributions of source code must retain the above copyright notice,
d17cfefcbcb248a6b3476b2cad2332354a06f1a0Brian Bailey * this list of conditions and the following disclaimer.
d17cfefcbcb248a6b3476b2cad2332354a06f1a0Brian Bailey * * Redistributions in binary form must reproduce the above copyright
d17cfefcbcb248a6b3476b2cad2332354a06f1a0Brian Bailey * notice, this list of conditions and the following disclaimer in the
d17cfefcbcb248a6b3476b2cad2332354a06f1a0Brian Bailey * documentation and/or other materials provided with the distribution.
d17cfefcbcb248a6b3476b2cad2332354a06f1a0Brian Bailey * * The copyright holder's name is not used to endorse or promote products
d17cfefcbcb248a6b3476b2cad2332354a06f1a0Brian Bailey * derived from this software without specific prior written permission.
d17cfefcbcb248a6b3476b2cad2332354a06f1a0Brian Bailey * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
890c120a8dac4ce3f54f804a6776769f5ba3980cJaco Jooste * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
890c120a8dac4ce3f54f804a6776769f5ba3980cJaco Jooste * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
d17cfefcbcb248a6b3476b2cad2332354a06f1a0Brian Bailey * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
d17cfefcbcb248a6b3476b2cad2332354a06f1a0Brian Bailey * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
890c120a8dac4ce3f54f804a6776769f5ba3980cJaco Jooste * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
d17cfefcbcb248a6b3476b2cad2332354a06f1a0Brian Bailey * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
d17cfefcbcb248a6b3476b2cad2332354a06f1a0Brian Bailey * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
d17cfefcbcb248a6b3476b2cad2332354a06f1a0Brian Bailey * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
d17cfefcbcb248a6b3476b2cad2332354a06f1a0Brian Bailey * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
d17cfefcbcb248a6b3476b2cad2332354a06f1a0Brian Bailey * POSSIBILITY OF SUCH DAMAGE.
d17cfefcbcb248a6b3476b2cad2332354a06f1a0Brian Baileykrb5_validate_ldap_context(krb5_context context, krb5_ldap_context *ldap_context)
890c120a8dac4ce3f54f804a6776769f5ba3980cJaco Jooste /* Solaris Kerberos: Keep error messages consistent */
890c120a8dac4ce3f54f804a6776769f5ba3980cJaco Jooste krb5_set_error_message(context, st, gettext("LDAP bind dn value missing"));
890c120a8dac4ce3f54f804a6776769f5ba3980cJaco Jooste if (ldap_context->bind_pwd == NULL && ldap_context->service_password_file == NULL) {
d17cfefcbcb248a6b3476b2cad2332354a06f1a0Brian Bailey /* Solaris Kerberos: Keep error messages consistent */
890c120a8dac4ce3f54f804a6776769f5ba3980cJaco Jooste krb5_set_error_message(context, st, gettext("LDAP bind password value missing"));
d17cfefcbcb248a6b3476b2cad2332354a06f1a0Brian Bailey if ((st=krb5_ldap_readpassword(context, ldap_context, &password)) != 0) {
d17cfefcbcb248a6b3476b2cad2332354a06f1a0Brian Bailey prepend_err_str(context, gettext("Error reading password from stash: "), st, st);
d17cfefcbcb248a6b3476b2cad2332354a06f1a0Brian Bailey /* Check if the returned 'password' is actually the path of a certificate */
d17cfefcbcb248a6b3476b2cad2332354a06f1a0Brian Bailey /* 'password' format: <path>\0<password> */
d17cfefcbcb248a6b3476b2cad2332354a06f1a0Brian Bailey ldap_context->service_cert_path = strdup((char *)password + strlen("{FILE}"));
d17cfefcbcb248a6b3476b2cad2332354a06f1a0Brian Bailey krb5_set_error_message(context, st, gettext("Error: memory allocation failed"));
d17cfefcbcb248a6b3476b2cad2332354a06f1a0Brian Bailey if (password[strlen((char *)password) + 1] == '\0')
d17cfefcbcb248a6b3476b2cad2332354a06f1a0Brian Bailey ldap_context->service_cert_pass = strdup((char *)password +
d17cfefcbcb248a6b3476b2cad2332354a06f1a0Brian Bailey krb5_set_error_message(context, st, gettext("Error: memory allocation failed"));
d17cfefcbcb248a6b3476b2cad2332354a06f1a0Brian Bailey krb5_set_error_message(context, st, gettext("Error reading password from stash"));
890c120a8dac4ce3f54f804a6776769f5ba3980cJaco Jooste /* NULL password not allowed */
d17cfefcbcb248a6b3476b2cad2332354a06f1a0Brian Bailey if (ldap_context->bind_pwd != NULL && strlen(ldap_context->bind_pwd) == 0) {
d17cfefcbcb248a6b3476b2cad2332354a06f1a0Brian Bailey krb5_set_error_message(context, st, gettext("Service password length is zero"));
return st;
static krb5_error_code
&bv,
NULL,
NULL,
&servercreds);
NULL,
NULL,
NULL,
&servercreds);
return st;
static krb5_error_code
goto err_out;
goto err_out;
goto err_out;
goto err_out;
errstr);
goto err_out;
goto err_out;
return st;
goto err_out;
#ifdef LDAP_OPT_NETWORK_TIMEOUT
int conns=0;
cnt++;
++cnt;
return (st);
int cnt=0;
goto cleanup;
++cnt;
cnt = 0;
goto cleanup;
++cnt;
return (st);
int use_ssl;
return LDAP_SUCCESS;