ldap/libkdb_ldap/ldap_principal.c

54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf/*
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf * lib/kdb/kdb_ldap/ldap_principal.c
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf *
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf * Copyright (c) 2004-2005, Novell, Inc.
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf * All rights reserved.
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf *
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf * Redistribution and use in source and binary forms, with or without
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf * modification, are permitted provided that the following conditions are met:
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf *
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf *   * Redistributions of source code must retain the above copyright notice,
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf *       this list of conditions and the following disclaimer.
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf *   * Redistributions in binary form must reproduce the above copyright
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf *       notice, this list of conditions and the following disclaimer in the
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf *       documentation and/or other materials provided with the distribution.
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf *   * The copyright holder's name is not used to endorse or promote products
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf *       derived from this software without specific prior written permission.
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf *
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf * POSSIBILITY OF SUCH DAMAGE.
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf/*
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf * Use is subject to license terms.
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf#include "ldap_main.h"
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf#include "kdb_ldap.h"
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf#include "ldap_principal.h"
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf#include "princ_xdr.h"
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf#include "ldap_err.h"
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf#include <libintl.h>
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillfstruct timeval timelimit = {300, 0};  /* 5 minutes */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillfchar     *principal_attributes[] = { "krbprincipalname",
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf                     "objectclass",
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf                     "krbprincipalkey",
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf                     "krbmaxrenewableage",
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf                     "krbmaxticketlife",
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf                     "krbticketflags",
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf                     "krbprincipalexpiration",
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf                     "krbticketpolicyreference",
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf                     "krbUpEnabled",
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf                     "krbpwdpolicyreference",
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf                     "krbpasswordexpiration",
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf                                     "krbLastFailedAuth",
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf                                     "krbLoginFailedCount",
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf                                     "krbLastSuccessfulAuth",
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf#ifdef HAVE_EDIRECTORY
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf                     "loginexpirationtime",
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf                     "logindisabled",
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf#endif
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf                     "loginexpirationtime",
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf                     "logindisabled",
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf                     "modifytimestamp",
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf                     "krbLastPwdChange",
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf                     "krbExtraData",
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf                     "krbObjectReferences",
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf                     NULL };
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf/* Must match KDB_*_ATTR macros in ldap_principal.h.  */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillfstatic char *attributes_set[] = { "krbmaxticketlife",
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf                  "krbmaxrenewableage",
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf                  "krbticketflags",
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf                  "krbprincipalexpiration",
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf                  "krbticketpolicyreference",
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf                  "krbUpEnabled",
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf                  "krbpwdpolicyreference",
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf                  "krbpasswordexpiration",
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf                  "krbprincipalkey",
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf                                  "krblastpwdchange",
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf                                  "krbextradata",
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf                                  "krbLastSuccessfulAuth",
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf                                  "krbLastFailedAuth",
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf                                  "krbLoginFailedCount",
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf                  NULL };
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillfvoid
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillfkrb5_dbe_free_contents(context, entry)
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    krb5_context     context;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    krb5_db_entry   *entry;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf{
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    krb5_tl_data    *tl_data_next=NULL;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    krb5_tl_data    *tl_data=NULL;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    int i, j;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    if (entry->e_data)
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    free(entry->e_data);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    if (entry->princ)
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    krb5_free_principal(context, entry->princ);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    for (tl_data = entry->tl_data; tl_data; tl_data = tl_data_next) {
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    tl_data_next = tl_data->tl_data_next;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    if (tl_data->tl_data_contents)
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf        free(tl_data->tl_data_contents);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    free(tl_data);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    }
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    if (entry->key_data) {
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    for (i = 0; i < entry->n_key_data; i++) {
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf        for (j = 0; j < entry->key_data[i].key_data_ver; j++) {
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf        if (entry->key_data[i].key_data_length[j]) {
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf            if (entry->key_data[i].key_data_contents[j]) {
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf            memset(entry->key_data[i].key_data_contents[j],
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf                   0,
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf                   (unsigned) entry->key_data[i].key_data_length[j]);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf            free (entry->key_data[i].key_data_contents[j]);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf            }
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf        }
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf        entry->key_data[i].key_data_contents[j] = NULL;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf        entry->key_data[i].key_data_length[j] = 0;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf        entry->key_data[i].key_data_type[j] = 0;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf        }
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    }
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    free(entry->key_data);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    }
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    memset(entry, 0, sizeof(*entry));
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    return;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf}
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillfkrb5_error_code
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillfkrb5_ldap_free_principal(kcontext , entries, nentries)
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    krb5_context  kcontext;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    krb5_db_entry *entries;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    int           nentries;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf{
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    register int i;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    for (i = 0; i < nentries; i++)
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    krb5_dbe_free_contents(kcontext, &entries[i]);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    return 0;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf}
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillfkrb5_error_code
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalankrb5_ldap_iterate(context, match_expr, func, func_arg, db_args)
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan    krb5_context           context;
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan    char                   *match_expr;
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan    krb5_error_code        (*func) (krb5_pointer, krb5_db_entry *);
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan    krb5_pointer           func_arg;
2dd2efa5a06a9befe46075cf41e16f57533c9f98willf    /* Solaris Kerberos: adding support for -rev/recurse flags */
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan    char                   **db_args;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf{
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    krb5_db_entry            entry;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    krb5_principal           principal;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    char                     **subtree=NULL, *princ_name=NULL, *realm=NULL, **values=NULL, *filter=NULL;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    unsigned int             filterlen=0, tree=0, ntree=1, i=0;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    krb5_error_code          st=0, tempst=0;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    LDAP                     *ld=NULL;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    LDAPMessage              *result=NULL, *ent=NULL;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    kdb5_dal_handle          *dal_handle=NULL;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    krb5_ldap_context        *ldap_context=NULL;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    krb5_ldap_server_handle  *ldap_server_handle=NULL;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    char                     *default_match_expr = "*";
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    /* Clear the global error string */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    krb5_clear_error_message(context);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf
2dd2efa5a06a9befe46075cf41e16f57533c9f98willf    /* Solaris Kerberos: adding support for -rev/recurse flags */
2dd2efa5a06a9befe46075cf41e16f57533c9f98willf    if (db_args) {
2dd2efa5a06a9befe46075cf41e16f57533c9f98willf    /* LDAP does not support db_args DB arguments for krb5_ldap_iterate */
2dd2efa5a06a9befe46075cf41e16f57533c9f98willf    krb5_set_error_message(context, EINVAL,
2dd2efa5a06a9befe46075cf41e16f57533c9f98willf                   gettext("Unsupported argument \"%s\" for ldap"),
2dd2efa5a06a9befe46075cf41e16f57533c9f98willf                   db_args[0]);
2dd2efa5a06a9befe46075cf41e16f57533c9f98willf    return EINVAL;
2dd2efa5a06a9befe46075cf41e16f57533c9f98willf    }
2dd2efa5a06a9befe46075cf41e16f57533c9f98willf
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    memset(&entry, 0, sizeof(krb5_db_entry));
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    SETUP_CONTEXT();
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    realm = ldap_context->lrparams->realm_name;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    if (realm == NULL) {
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    realm = context->default_realm;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    if (realm == NULL) {
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf        st = EINVAL;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf        krb5_set_error_message(context, st, gettext("Default realm not set"));
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf        goto cleanup;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    }
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    }
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    /*
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf     * If no match_expr then iterate through all krb princs like the db2 plugin
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf     */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    if (match_expr == NULL)
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    match_expr = default_match_expr;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    filterlen = strlen(FILTER) + strlen(match_expr) + 2 + 1;  /* 2 for closing brackets */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    filter = malloc (filterlen);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    CHECK_NULL(filter);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    memset(filter, 0, filterlen);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    /*LINTED*/
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    sprintf(filter, FILTER"%s))", match_expr);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    if ((st = krb5_get_subtree_info(ldap_context, &subtree, &ntree)) != 0)
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    goto cleanup;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    GET_HANDLE();
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    for (tree=0; tree < ntree; ++tree) {
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    LDAP_SEARCH(subtree[tree], ldap_context->lrparams->search_scope, filter, principal_attributes);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    for (ent=ldap_first_entry(ld, result); ent != NULL; ent=ldap_next_entry(ld, ent)) {
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf        if ((values=ldap_get_values(ld, ent, "krbprincipalname")) != NULL) {
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf        for (i=0; values[i] != NULL; ++i) {
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf            if (values[i])
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf            if (krb5_ldap_parse_principal_name(values[i], &princ_name) != 0)
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf            continue;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf            if (krb5_parse_name(context, princ_name, &principal) != 0)
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf            continue;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf            if (is_principal_in_realm(ldap_context, principal) == 0) {
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf            if ((st = populate_krb5_db_entry(context, ldap_context, ld, ent, principal,
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf                    &entry)) != 0)
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf                goto cleanup;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf            (*func)(func_arg, &entry);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf            krb5_dbe_free_contents(context, &entry);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf            (void) krb5_free_principal(context, principal);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf            if (princ_name)
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf                free(princ_name);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf            break;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf            }
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf            (void) krb5_free_principal(context, principal);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf            if (princ_name)
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf            free(princ_name);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf        }
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf        ldap_value_free(values);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf        }
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    } /* end of for (ent= ... */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    ldap_msgfree(result);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    } /* end of for (tree= ... */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillfcleanup:
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    if (filter)
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    free (filter);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    for (;ntree; --ntree)
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    if (subtree[ntree-1])
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf        free (subtree[ntree-1]);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    /* Solaris Kerberos: fix memory leak */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    if (subtree != NULL) {
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    free(subtree);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    }
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    krb5_ldap_put_handle_to_pool(ldap_context, ldap_server_handle);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    return st;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf}
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf/*
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf * delete a principal from the directory.
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillfkrb5_error_code
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillfkrb5_ldap_delete_principal(context, searchfor, nentries)
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    krb5_context context;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    krb5_const_principal searchfor;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    int *nentries;      /* how many found & deleted */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf{
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    char                      *user=NULL, *DN=NULL, *strval[10] = {NULL};
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    LDAPMod                   **mods=NULL;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    LDAP                      *ld=NULL;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    int                   j=0, ptype=0, pcount=0;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    unsigned int          attrsetmask=0;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    krb5_error_code           st=0;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    krb5_boolean              singleentry=FALSE;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    KEY                       *secretkey=NULL;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    kdb5_dal_handle           *dal_handle=NULL;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    krb5_ldap_context         *ldap_context=NULL;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    krb5_ldap_server_handle   *ldap_server_handle=NULL;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    krb5_db_entry             entries;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    krb5_boolean              more=0;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    /* Clear the global error string */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    krb5_clear_error_message(context);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    SETUP_CONTEXT();
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    /* get the principal info */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    if ((st=krb5_ldap_get_principal(context, searchfor, &entries, nentries, &more)) != 0 || *nentries == 0)
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    goto cleanup;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    if (((st=krb5_get_princ_type(context, &entries, &(ptype))) != 0) ||
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    ((st=krb5_get_attributes_mask(context, &entries, &(attrsetmask))) != 0) ||
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    ((st=krb5_get_princ_count(context, &entries, &(pcount))) != 0) ||
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    ((st=krb5_get_userdn(context, &entries, &(DN))) != 0))
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    goto cleanup;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    if (DN == NULL) {
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    st = EINVAL;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    krb5_set_error_message(context, st, gettext("DN information missing"));
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    goto cleanup;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    }
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    GET_HANDLE();
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    if (ptype == KDB_STANDALONE_PRINCIPAL_OBJECT) {
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf        st = ldap_delete_ext_s(ld, DN, NULL, NULL);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf        if (st != LDAP_SUCCESS) {
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf            st = set_ldap_error (context, st, OP_DEL);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf            goto cleanup;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf        }
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    } else {
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    if (((st=krb5_unparse_name(context, searchfor, &user)) != 0)
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf        || ((st=krb5_ldap_unparse_principal_name(user)) != 0))
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf        goto cleanup;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    memset(strval, 0, sizeof(strval));
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    strval[0] = user;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbprincipalname", LDAP_MOD_DELETE,
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf                      strval)) != 0)
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf        goto cleanup;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    singleentry = (pcount == 1) ? TRUE: FALSE;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    if (singleentry == FALSE) {
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf        if (secretkey != NULL) {
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf        if ((st=krb5_add_ber_mem_ldap_mod(&mods, "krbprincipalkey", LDAP_MOD_DELETE | LDAP_MOD_BVALUES,
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf                          secretkey->keys)) != 0)
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf            goto cleanup;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf        }
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    } else {
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf        /*
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf         * If the Kerberos user principal to be deleted happens to be the last one associated
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf         * with the directory user object, then it is time to delete the other kerberos
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf         * specific attributes like krbmaxticketlife, i.e, unkerberize the directory user.
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf         * From the attrsetmask value, identify the attributes set on the directory user
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf         * object and delete them.
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf         * NOTE: krbsecretkey attribute has per principal entries. There can be chances that the
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf         * other principals' keys are exisiting/left-over. So delete all the values.
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf         */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf        while (attrsetmask) {
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf        if (attrsetmask & 1) {
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf            if ((st=krb5_add_str_mem_ldap_mod(&mods, attributes_set[j], LDAP_MOD_DELETE,
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf                              NULL)) != 0)
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf            goto cleanup;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf        }
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf        attrsetmask >>= 1;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf        ++j;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf        }
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf        /* the same should be done with the objectclass attributes */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf        {
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf        char *attrvalues[] = {"krbticketpolicyaux", "krbprincipalaux", NULL};
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf/*      char *attrvalues[] = {"krbpwdpolicyrefaux", "krbticketpolicyaux", "krbprincipalaux", NULL};  */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf        int p, q, r=0, amask=0;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf        if ((st=checkattributevalue(ld, DN, "objectclass", attrvalues, &amask)) != 0)
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf            goto cleanup;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf        memset(strval, 0, sizeof(strval));
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf        for (p=1, q=0; p<=4; p<<=1, ++q)
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf            if (p & amask)
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf            strval[r++] = attrvalues[q];
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf        strval[r] = NULL;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf        if (r > 0) {
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf            if ((st=krb5_add_str_mem_ldap_mod(&mods, "objectclass", LDAP_MOD_DELETE,
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf                              strval)) != 0)
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf            goto cleanup;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf        }
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf        }
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    }
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    st=ldap_modify_ext_s(ld, DN, mods, NULL, NULL);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    if (st != LDAP_SUCCESS) {
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf        st = set_ldap_error(context, st, OP_MOD);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf        goto cleanup;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    }
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    }
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillfcleanup:
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    if (user)
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    free (user);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    if (DN)
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    free (DN);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    if (secretkey != NULL) {
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    int i=0;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    while (i < secretkey->nkey) {
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf        free (secretkey->keys[i]->bv_val);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf        free (secretkey->keys[i]);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf        ++i;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    }
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    free (secretkey->keys);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    free (secretkey);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    }
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    if (st == 0)
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    krb5_ldap_free_principal(context, &entries, *nentries);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    ldap_mods_free(mods, 1);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    krb5_ldap_put_handle_to_pool(ldap_context, ldap_server_handle);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    return st;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf}
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf/*
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf * Function: krb5_ldap_unparse_principal_name
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf *
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf * Purpose: Removes '\\' that comes before every occurence of '@'
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf *          in the principal name component.
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf *
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf * Arguments:
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf *       user_name     (input/output)      Principal name
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf *
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillfkrb5_error_code
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillfkrb5_ldap_unparse_principal_name(char *user_name)
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf{
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    char *tmp_princ_name=NULL, *princ_name=NULL, *tmp=NULL;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    int l=0;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    krb5_error_code st=0;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    if (strstr(user_name, "\\@")) {
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    tmp_princ_name = strdup(user_name);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    if (!tmp_princ_name) {
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf        st = ENOMEM;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf        goto cleanup;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    }
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    tmp = tmp_princ_name;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    princ_name = (char *) malloc (strlen(user_name));
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    if (!princ_name) {
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf        st = ENOMEM;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf        goto cleanup;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    }
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    memset(princ_name, 0, strlen(user_name));
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    l = 0;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    while (*tmp_princ_name) {
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf        if ((*tmp_princ_name == '\\') && (*(tmp_princ_name+1) == '@')) {
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf        tmp_princ_name += 1;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf        } else {
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf        *(princ_name + l) = *tmp_princ_name++;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf        l++;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf        }
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    }
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    memset(user_name, 0, strlen(user_name));
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    /*LINTED*/
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    sprintf(user_name, "%s", princ_name);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    }
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillfcleanup:
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    if (tmp) {
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    free(tmp);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    tmp = NULL;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    }
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    if (princ_name) {
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    free(princ_name);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    princ_name = NULL;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    }
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    return st;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf}
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf/*
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf * Function: krb5_ldap_parse_principal_name
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf *
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf * Purpose: Inserts '\\' before every occurence of '@'
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf *          in the principal name component.
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf *
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf * Arguments:
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf *       i_princ_name     (input)      Principal name without '\\'
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf *       o_princ_name     (output)     Principal name with '\\'
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf *
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf * Note: The caller has to free the memory allocated for o_princ_name.
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillfkrb5_error_code
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillfkrb5_ldap_parse_principal_name(i_princ_name, o_princ_name)
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    char              *i_princ_name;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    char              **o_princ_name;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf{
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    char *tmp_princ_name = NULL, *princ_name = NULL, *at_rlm_name = NULL;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    int l = 0, m = 0, tmp_princ_name_len = 0, princ_name_len = 0, at_count = 0;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    krb5_error_code st = 0;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    at_rlm_name = strrchr(i_princ_name, '@');
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    if (!at_rlm_name) {
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    *o_princ_name = strdup(i_princ_name);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    if (!o_princ_name) {
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf        st = ENOMEM;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf        goto cleanup;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    }
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    } else {
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    tmp_princ_name_len = at_rlm_name - i_princ_name;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    tmp_princ_name = (char *) malloc ((unsigned) tmp_princ_name_len + 1);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    if (!tmp_princ_name) {
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf        st = ENOMEM;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf        goto cleanup;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    }
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    memset(tmp_princ_name, 0, (unsigned) tmp_princ_name_len + 1);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    memcpy(tmp_princ_name, i_princ_name, (unsigned) tmp_princ_name_len);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    l = 0;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    while (tmp_princ_name[l]) {
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf        if (tmp_princ_name[l++] == '@')
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf        at_count++;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    }
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    princ_name_len = strlen(i_princ_name) + at_count + 1;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    princ_name = (char *) malloc ((unsigned) princ_name_len);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    if (!princ_name) {
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf        st = ENOMEM;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf        goto cleanup;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    }
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    memset(princ_name, 0, (unsigned) princ_name_len);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    l = 0;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    m = 0;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    while (tmp_princ_name[l]) {
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf        if (tmp_princ_name[l] == '@') {
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf        princ_name[m++]='\\';
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf        }
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf        princ_name[m++]=tmp_princ_name[l++];
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    }
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    /* Solaris Kerberos: using strlcat for safety */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    strlcat(princ_name, at_rlm_name, princ_name_len);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    *o_princ_name = princ_name;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    }
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillfcleanup:
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    if (tmp_princ_name) {
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    free(tmp_princ_name);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    tmp_princ_name = NULL;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    }
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf    return st;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf}