ldap_principal.c revision 54925bf60766fbb4f1f2d7c843721406a7b7a3fb
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers#pragma ident "%Z%%M% %I% %E% SMI"
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers/*
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * lib/kdb/kdb_ldap/ldap_principal.c
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers *
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * Copyright (c) 2004-2005, Novell, Inc.
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * All rights reserved.
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers *
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * Redistribution and use in source and binary forms, with or without
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * modification, are permitted provided that the following conditions are met:
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers *
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * * Redistributions of source code must retain the above copyright notice,
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * this list of conditions and the following disclaimer.
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * * Redistributions in binary form must reproduce the above copyright
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * notice, this list of conditions and the following disclaimer in the
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * documentation and/or other materials provided with the distribution.
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * * The copyright holder's name is not used to endorse or promote products
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * derived from this software without specific prior written permission.
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers *
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * POSSIBILITY OF SUCH DAMAGE.
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers */
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers/*
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * Copyright 2007 Sun Microsystems, Inc. All rights reserved.
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * Use is subject to license terms.
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers */
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers#include "ldap_main.h"
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers#include "kdb_ldap.h"
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers#include "ldap_principal.h"
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers#include "princ_xdr.h"
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers#include "ldap_err.h"
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers#include <libintl.h>
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowersstruct timeval timelimit = {300, 0}; /* 5 minutes */
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowerschar *principal_attributes[] = { "krbprincipalname",
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers "objectclass",
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers "krbprincipalkey",
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers "krbmaxrenewableage",
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers "krbmaxticketlife",
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers "krbticketflags",
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers "krbprincipalexpiration",
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers "krbticketpolicyreference",
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers "krbUpEnabled",
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers "krbpwdpolicyreference",
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers "krbpasswordexpiration",
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers "krbLastFailedAuth",
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers "krbLoginFailedCount",
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers "krbLastSuccessfulAuth",
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers#ifdef HAVE_EDIRECTORY
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers "loginexpirationtime",
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers "logindisabled",
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers#endif
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers "loginexpirationtime",
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers "logindisabled",
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers "modifytimestamp",
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers "krbLastPwdChange",
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers "krbExtraData",
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers "krbObjectReferences",
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers NULL };
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers/* Must match KDB_*_ATTR macros in ldap_principal.h. */
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowersstatic char *attributes_set[] = { "krbmaxticketlife",
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers "krbmaxrenewableage",
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers "krbticketflags",
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers "krbprincipalexpiration",
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers "krbticketpolicyreference",
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers "krbUpEnabled",
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers "krbpwdpolicyreference",
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers "krbpasswordexpiration",
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers "krbprincipalkey",
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers "krblastpwdchange",
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers "krbextradata",
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers "krbLastSuccessfulAuth",
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers "krbLastFailedAuth",
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers "krbLoginFailedCount",
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers NULL };
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowersvoid
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowerskrb5_dbe_free_contents(context, entry)
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers krb5_context context;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers krb5_db_entry *entry;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers{
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers krb5_tl_data *tl_data_next=NULL;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers krb5_tl_data *tl_data=NULL;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers int i, j;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers if (entry->e_data)
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers free(entry->e_data);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers if (entry->princ)
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers krb5_free_principal(context, entry->princ);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers for (tl_data = entry->tl_data; tl_data; tl_data = tl_data_next) {
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers tl_data_next = tl_data->tl_data_next;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers if (tl_data->tl_data_contents)
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers free(tl_data->tl_data_contents);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers free(tl_data);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers }
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers if (entry->key_data) {
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers for (i = 0; i < entry->n_key_data; i++) {
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers for (j = 0; j < entry->key_data[i].key_data_ver; j++) {
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers if (entry->key_data[i].key_data_length[j]) {
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers if (entry->key_data[i].key_data_contents[j]) {
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers memset(entry->key_data[i].key_data_contents[j],
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers 0,
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers (unsigned) entry->key_data[i].key_data_length[j]);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers free (entry->key_data[i].key_data_contents[j]);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers }
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers }
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers entry->key_data[i].key_data_contents[j] = NULL;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers entry->key_data[i].key_data_length[j] = 0;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers entry->key_data[i].key_data_type[j] = 0;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers }
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers }
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers free(entry->key_data);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers }
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers memset(entry, 0, sizeof(*entry));
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers return;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers}
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowerskrb5_error_code
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowerskrb5_ldap_free_principal(kcontext , entries, nentries)
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers krb5_context kcontext;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers krb5_db_entry *entries;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers int nentries;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers{
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers register int i;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers for (i = 0; i < nentries; i++)
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers krb5_dbe_free_contents(kcontext, &entries[i]);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers return 0;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers}
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowerskrb5_error_code
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowerskrb5_ldap_iterate(context, match_expr, func, func_arg)
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers krb5_context context;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers char *match_expr;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers krb5_error_code (*func) (krb5_pointer, krb5_db_entry *);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers krb5_pointer func_arg;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers{
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers krb5_db_entry entry;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers krb5_principal principal;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers char **subtree=NULL, *princ_name=NULL, *realm=NULL, **values=NULL, *filter=NULL;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers unsigned int filterlen=0, tree=0, ntree=1, i=0;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers krb5_error_code st=0, tempst=0;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers LDAP *ld=NULL;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers LDAPMessage *result=NULL, *ent=NULL;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers kdb5_dal_handle *dal_handle=NULL;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers krb5_ldap_context *ldap_context=NULL;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers krb5_ldap_server_handle *ldap_server_handle=NULL;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers char *default_match_expr = "*";
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers /* Clear the global error string */
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers krb5_clear_error_message(context);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers memset(&entry, 0, sizeof(krb5_db_entry));
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers SETUP_CONTEXT();
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers realm = ldap_context->lrparams->realm_name;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers if (realm == NULL) {
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers realm = context->default_realm;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers if (realm == NULL) {
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers st = EINVAL;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers krb5_set_error_message(context, st, gettext("Default realm not set"));
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers goto cleanup;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers }
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers }
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers /*
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * If no match_expr then iterate through all krb princs like the db2 plugin
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers */
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers if (match_expr == NULL)
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers match_expr = default_match_expr;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers filterlen = strlen(FILTER) + strlen(match_expr) + 2 + 1; /* 2 for closing brackets */
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers filter = malloc (filterlen);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers CHECK_NULL(filter);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers memset(filter, 0, filterlen);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers /*LINTED*/
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers sprintf(filter, FILTER"%s))", match_expr);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers if ((st = krb5_get_subtree_info(ldap_context, &subtree, &ntree)) != 0)
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers goto cleanup;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers GET_HANDLE();
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers for (tree=0; tree < ntree; ++tree) {
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers LDAP_SEARCH(subtree[tree], ldap_context->lrparams->search_scope, filter, principal_attributes);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers for (ent=ldap_first_entry(ld, result); ent != NULL; ent=ldap_next_entry(ld, ent)) {
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers if ((values=ldap_get_values(ld, ent, "krbprincipalname")) != NULL) {
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers for (i=0; values[i] != NULL; ++i) {
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers if (values[i])
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers if (krb5_ldap_parse_principal_name(values[i], &princ_name) != 0)
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers continue;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers if (krb5_parse_name(context, princ_name, &principal) != 0)
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers continue;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers if (is_principal_in_realm(ldap_context, principal) == 0) {
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers if ((st = populate_krb5_db_entry(context, ldap_context, ld, ent, principal,
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers &entry)) != 0)
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers goto cleanup;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers (*func)(func_arg, &entry);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers krb5_dbe_free_contents(context, &entry);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers (void) krb5_free_principal(context, principal);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers if (princ_name)
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers free(princ_name);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers break;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers }
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers (void) krb5_free_principal(context, principal);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers if (princ_name)
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers free(princ_name);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers }
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers ldap_value_free(values);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers }
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers } /* end of for (ent= ... */
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers ldap_msgfree(result);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers } /* end of for (tree= ... */
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowerscleanup:
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers if (filter)
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers free (filter);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers for (;ntree; --ntree)
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers if (subtree[ntree-1])
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers free (subtree[ntree-1]);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers /* Solaris Kerberos: fix memory leak */
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers if (subtree != NULL) {
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers free(subtree);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers }
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers krb5_ldap_put_handle_to_pool(ldap_context, ldap_server_handle);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers return st;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers}
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers/*
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * delete a principal from the directory.
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers */
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowerskrb5_error_code
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowerskrb5_ldap_delete_principal(context, searchfor, nentries)
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers krb5_context context;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers krb5_const_principal searchfor;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers int *nentries; /* how many found & deleted */
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers{
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers char *user=NULL, *DN=NULL, *strval[10] = {NULL};
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers LDAPMod **mods=NULL;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers LDAP *ld=NULL;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers int j=0, ptype=0, pcount=0;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers unsigned int attrsetmask=0;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers krb5_error_code st=0;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers krb5_boolean singleentry=FALSE;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers KEY *secretkey=NULL;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers kdb5_dal_handle *dal_handle=NULL;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers krb5_ldap_context *ldap_context=NULL;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers krb5_ldap_server_handle *ldap_server_handle=NULL;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers krb5_db_entry entries;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers krb5_boolean more=0;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers /* Clear the global error string */
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers krb5_clear_error_message(context);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers SETUP_CONTEXT();
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers /* get the principal info */
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers if ((st=krb5_ldap_get_principal(context, searchfor, &entries, nentries, &more)) != 0 || *nentries == 0)
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers goto cleanup;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers if (((st=krb5_get_princ_type(context, &entries, &(ptype))) != 0) ||
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers ((st=krb5_get_attributes_mask(context, &entries, &(attrsetmask))) != 0) ||
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers ((st=krb5_get_princ_count(context, &entries, &(pcount))) != 0) ||
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers ((st=krb5_get_userdn(context, &entries, &(DN))) != 0))
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers goto cleanup;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers if (DN == NULL) {
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers st = EINVAL;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers krb5_set_error_message(context, st, gettext("DN information missing"));
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers goto cleanup;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers }
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers GET_HANDLE();
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers if (ptype == KDB_STANDALONE_PRINCIPAL_OBJECT) {
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers st = ldap_delete_ext_s(ld, DN, NULL, NULL);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers if (st != LDAP_SUCCESS) {
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers st = set_ldap_error (context, st, OP_DEL);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers goto cleanup;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers }
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers } else {
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers if (((st=krb5_unparse_name(context, searchfor, &user)) != 0)
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers || ((st=krb5_ldap_unparse_principal_name(user)) != 0))
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers goto cleanup;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers memset(strval, 0, sizeof(strval));
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers strval[0] = user;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbprincipalname", LDAP_MOD_DELETE,
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers strval)) != 0)
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers goto cleanup;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers singleentry = (pcount == 1) ? TRUE: FALSE;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers if (singleentry == FALSE) {
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers if (secretkey != NULL) {
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers if ((st=krb5_add_ber_mem_ldap_mod(&mods, "krbprincipalkey", LDAP_MOD_DELETE | LDAP_MOD_BVALUES,
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers secretkey->keys)) != 0)
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers goto cleanup;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers }
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers } else {
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers /*
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * If the Kerberos user principal to be deleted happens to be the last one associated
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * with the directory user object, then it is time to delete the other kerberos
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * specific attributes like krbmaxticketlife, i.e, unkerberize the directory user.
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * From the attrsetmask value, identify the attributes set on the directory user
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * object and delete them.
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * NOTE: krbsecretkey attribute has per principal entries. There can be chances that the
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * other principals' keys are exisiting/left-over. So delete all the values.
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers */
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers while (attrsetmask) {
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers if (attrsetmask & 1) {
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers if ((st=krb5_add_str_mem_ldap_mod(&mods, attributes_set[j], LDAP_MOD_DELETE,
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers NULL)) != 0)
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers goto cleanup;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers }
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers attrsetmask >>= 1;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers ++j;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers }
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers /* the same should be done with the objectclass attributes */
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers {
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers char *attrvalues[] = {"krbticketpolicyaux", "krbprincipalaux", NULL};
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers/* char *attrvalues[] = {"krbpwdpolicyrefaux", "krbticketpolicyaux", "krbprincipalaux", NULL}; */
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers int p, q, r=0, amask=0;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers if ((st=checkattributevalue(ld, DN, "objectclass", attrvalues, &amask)) != 0)
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers goto cleanup;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers memset(strval, 0, sizeof(strval));
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers for (p=1, q=0; p<=4; p<<=1, ++q)
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers if (p & amask)
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers strval[r++] = attrvalues[q];
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers strval[r] = NULL;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers if (r > 0) {
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers if ((st=krb5_add_str_mem_ldap_mod(&mods, "objectclass", LDAP_MOD_DELETE,
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers strval)) != 0)
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers goto cleanup;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers }
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers }
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers }
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers st=ldap_modify_ext_s(ld, DN, mods, NULL, NULL);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers if (st != LDAP_SUCCESS) {
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers st = set_ldap_error(context, st, OP_MOD);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers goto cleanup;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers }
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers }
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowerscleanup:
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers if (user)
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers free (user);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers if (DN)
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers free (DN);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers if (secretkey != NULL) {
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers int i=0;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers while (i < secretkey->nkey) {
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers free (secretkey->keys[i]->bv_val);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers free (secretkey->keys[i]);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers ++i;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers }
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers free (secretkey->keys);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers free (secretkey);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers }
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers if (st == 0)
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers krb5_ldap_free_principal(context, &entries, *nentries);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers ldap_mods_free(mods, 1);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers krb5_ldap_put_handle_to_pool(ldap_context, ldap_server_handle);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers return st;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers}
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers/*
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * Function: krb5_ldap_unparse_principal_name
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers *
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * Purpose: Removes '\\' that comes before every occurence of '@'
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * in the principal name component.
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers *
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * Arguments:
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * user_name (input/output) Principal name
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers *
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers */
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowerskrb5_error_code
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowerskrb5_ldap_unparse_principal_name(char *user_name)
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers{
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers char *tmp_princ_name=NULL, *princ_name=NULL, *tmp=NULL;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers int l=0;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers krb5_error_code st=0;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers if (strstr(user_name, "\\@")) {
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers tmp_princ_name = strdup(user_name);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers if (!tmp_princ_name) {
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers st = ENOMEM;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers goto cleanup;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers }
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers tmp = tmp_princ_name;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers princ_name = (char *) malloc (strlen(user_name));
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers if (!princ_name) {
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers st = ENOMEM;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers goto cleanup;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers }
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers memset(princ_name, 0, strlen(user_name));
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers l = 0;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers while (*tmp_princ_name) {
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers if ((*tmp_princ_name == '\\') && (*(tmp_princ_name+1) == '@')) {
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers tmp_princ_name += 1;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers } else {
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers *(princ_name + l) = *tmp_princ_name++;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers l++;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers }
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers }
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers memset(user_name, 0, strlen(user_name));
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers /*LINTED*/
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers sprintf(user_name, "%s", princ_name);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers }
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowerscleanup:
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers if (tmp) {
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers free(tmp);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers tmp = NULL;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers }
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers if (princ_name) {
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers free(princ_name);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers princ_name = NULL;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers }
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers return st;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers}
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers/*
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * Function: krb5_ldap_parse_principal_name
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers *
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * Purpose: Inserts '\\' before every occurence of '@'
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * in the principal name component.
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers *
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * Arguments:
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * i_princ_name (input) Principal name without '\\'
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * o_princ_name (output) Principal name with '\\'
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers *
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers * Note: The caller has to free the memory allocated for o_princ_name.
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers */
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowerskrb5_error_code
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowerskrb5_ldap_parse_principal_name(i_princ_name, o_princ_name)
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers char *i_princ_name;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers char **o_princ_name;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers{
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers char *tmp_princ_name = NULL, *princ_name = NULL, *at_rlm_name = NULL;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers int l = 0, m = 0, tmp_princ_name_len = 0, princ_name_len = 0, at_count = 0;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers krb5_error_code st = 0;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers at_rlm_name = strrchr(i_princ_name, '@');
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers if (!at_rlm_name) {
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers *o_princ_name = strdup(i_princ_name);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers if (!o_princ_name) {
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers st = ENOMEM;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers goto cleanup;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers }
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers } else {
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers tmp_princ_name_len = at_rlm_name - i_princ_name;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers tmp_princ_name = (char *) malloc ((unsigned) tmp_princ_name_len + 1);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers if (!tmp_princ_name) {
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers st = ENOMEM;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers goto cleanup;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers }
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers memset(tmp_princ_name, 0, (unsigned) tmp_princ_name_len + 1);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers memcpy(tmp_princ_name, i_princ_name, (unsigned) tmp_princ_name_len);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers l = 0;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers while (tmp_princ_name[l]) {
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers if (tmp_princ_name[l++] == '@')
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers at_count++;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers }
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers princ_name_len = strlen(i_princ_name) + at_count + 1;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers princ_name = (char *) malloc ((unsigned) princ_name_len);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers if (!princ_name) {
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers st = ENOMEM;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers goto cleanup;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers }
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers memset(princ_name, 0, (unsigned) princ_name_len);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers l = 0;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers m = 0;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers while (tmp_princ_name[l]) {
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers if (tmp_princ_name[l] == '@') {
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers princ_name[m++]='\\';
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers }
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers princ_name[m++]=tmp_princ_name[l++];
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers }
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers /* Solaris Kerberos: using strlcat for safety */
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers strlcat(princ_name, at_rlm_name, princ_name_len);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers *o_princ_name = princ_name;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers }
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowerscleanup:
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers if (tmp_princ_name) {
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers free(tmp_princ_name);
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers tmp_princ_name = NULL;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers }
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers return st;
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers}
f9fbec18f5b458b560ecf45d3db8e8bd56bf6942mcpowers