#pragma ident "%Z%%M% %I% %E% SMI"
/*
*
* Copyright (c) 2004-2005, Novell, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* * Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* * The copyright holder's name is not used to endorse or promote products
* derived from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*/
#include "ldap_main.h"
#include "kdb_ldap.h"
#include "ldap_err.h"
#include <libintl.h>
/*
* Free the krb5_ldap_krbcontainer_params
*/
void
{
return;
if (cparams->policyreference)
return;
}
/*
* Read the kerberos container. Kerberos container dn is read from the krb5.conf file.
* In case of eDirectory, if the dn is not present in the conf file, refer Security Container
* to fetch the dn information.
*
* Reading kerberos container includes reading the policyreference attribute and the policy
* object to read the attributes associated with it.
*/
{
GET_HANDLE();
/* read kerberos containter location from [dbmodules] section of krb5.conf file */
if (ldap_context->conf_section) {
"ldap_kerberos_container_dn", NULL,
"from krb5.conf"));
goto cleanup;
}
}
/* read kerberos containter location from [dbdefaults] section of krb5.conf file */
"ldap_kerberos_container_dn", NULL,
"from krb5.conf"));
goto cleanup;
}
}
#ifndef HAVE_EDIRECTORY
/*
* In case eDirectory, we can fall back to security container if the kerberos container location
* is missing in the conf file. In openldap we will have to return an error.
*/
goto cleanup;
}
#endif
/* NOTE: krbmaxtktlife, krbmaxrenewableage ... present on Kerberos Container is
* not read
*/
LDAP_SEARCH_1(cparams->DN, LDAP_SCOPE_BASE, "(objectclass=krbContainer)", policyrefattribute, IGNORE_STATUS);
goto cleanup;
}
if (st == LDAP_NO_SUCH_OBJECT) {
goto cleanup;
}
}
#ifdef HAVE_EDIRECTORY
/*
* If the kerberos location in the conf file is missing or invalid, fall back to the
* security container. If the kerberos location in the security container is also missing
* then fall back to the default value
*/
/*
* kerberos container can be anywhere. locate it by reading the security
* container to find the location.
*/
goto cleanup;
}
}
/* NOTE: krbmaxtktlife, krbmaxrenewableage ... attributes present on
* Kerberos Container is not read
*/
}
#endif
goto cleanup;
}
goto cleanup;
}
}
}
if (st != 0) {
}
return st;
}