kdb_ldap_conn.c revision 7c64d3750da7fda7e450b8f9b0b963905ded6379
/*
* Copyright 2008 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
#pragma ident "%Z%%M% %I% %E% SMI"
/*
*
* Copyright (c) 2004-2005, Novell, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* * Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* * The copyright holder's name is not used to endorse or promote products
* derived from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*/
#include "autoconf.h"
#if HAVE_UNISTD_H
#include <unistd.h>
#endif
#include "ldap_main.h"
#include "ldap_service_stash.h"
#include <kdb5.h>
#include <libintl.h>
static krb5_error_code
{
/* Solaris Kerberos: Keep error messages consistent */
goto err_out;
}
/* Solaris Kerberos: Keep error messages consistent */
goto err_out;
}
goto err_out;
}
/* Check if the returned 'password' is actually the path of a certificate */
/* 'password' format: <path>\0<password> */
goto err_out;
}
else {
goto err_out;
}
}
} else {
goto err_out;
}
}
}
/* NULL password not allowed */
goto err_out;
}
return st;
}
/*
* Internal Functions called by init functions.
*/
static krb5_error_code
{
/* Certificate based bind (SASL EXTERNAL mechanism) */
NULL, /* Authenticating dn */
LDAP_SASL_EXTERNAL, /* Method used for authentication */
&bv,
NULL,
NULL,
&servercreds);
while (st == LDAP_SASL_BIND_IN_PROGRESS) {
NULL,
NULL,
NULL,
&servercreds);
}
} else {
/* password based simple bind */
}
return st;
}
static krb5_error_code
{
if (ldap_server_handle == NULL) {
goto err_out;
}
else {
/*
* Solaris Kerbreros: need ldap_handle to be NULL so calls to
* ldap_initialize won't leak handles
*/
}
/*
* Solaris Kerberos: ldapi is not supported on Solaris at this time.
* return an error.
*/
if (ldap_context->kcontext)
gettext("ldapi is not supported"));
goto err_out;
} else {
/*
* Solaris Kerbreros: need to use SSL to protect LDAP simple and
* External binds.
*/
if (ldap_context->kcontext)
gettext("ldap_cert_path not set, can not create SSL connection"));
goto err_out;
}
/* setup for SSL */
if (ldap_context->kcontext)
goto err_out;
}
/* ldap init, use SSL */
if (ldap_context->kcontext) {
errstr);
}
goto err_out;
}
/*
* Solaris Kerbreros: for LDAP_SASL_EXTERNAL bind which requires the
* client offer its cert to the server.
*/
if (ldap_context->kcontext) {
KRB5_KDB_ACCESS_ERROR, "%s",
}
goto err_out;
}
}
}
} else {
if (ldap_context->kcontext)
/* Solaris Kerberos: Better error message */
gettext("Failed to bind to ldap server \"%s\": %s"),
}
return st;
}
/*
* initialization for data base routines.
*/
{
goto err_out;
#ifdef LDAP_OPT_NETWORK_TIMEOUT
#elif defined LDAP_X_OPT_CONNECT_TIMEOUT
#endif
int conns=0;
/*
* Check if the server has to perform certificate-based authentication
*/
/* Find out if the server supports SASL EXTERNAL mechanism */
cnt++;
continue; /* Check the next LDAP server */
}
}
break;
} /* for (conn= ... */
break; /* server init successful, so break */
}
++cnt;
}
if (sasl_mech_supported == FALSE) {
gettext("Certificate based authentication requested but "
"not supported by LDAP servers"));
}
return (st);
}
/*
* get a single handle. Do not lock the mutex
*/
{
int cnt=0;
if (st == LDAP_SUCCESS)
goto cleanup;
}
}
++cnt;
}
/* If we are here, try to connect to all the servers */
cnt = 0;
if (st == LDAP_SUCCESS)
goto cleanup;
++cnt;
}
return (st);
}
{
int use_ssl;
/*
* Solaris Kerberos: use SSL unless ldapi (unix domain sockets is specified)
*/
else
return LDAP_SUCCESS;
}
/*
* DAL API functions
*/
{
return 0;
}
{
/* right now, no cleanup required */
return 0;
}
{
if (ldap_context == NULL)
return 0;
return 0;
}
{
return 0;
return 0;
}