54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf#pragma ident "%Z%%M% %I% %E% SMI"
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf * Copyright (c) 2004-2005, Novell, Inc.
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf * All rights reserved.
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf * Redistribution and use in source and binary forms, with or without
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf * modification, are permitted provided that the following conditions are met:
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf * * Redistributions of source code must retain the above copyright notice,
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf * this list of conditions and the following disclaimer.
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf * * Redistributions in binary form must reproduce the above copyright
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf * notice, this list of conditions and the following disclaimer in the
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf * documentation and/or other materials provided with the distribution.
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf * * The copyright holder's name is not used to endorse or promote products
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf * derived from this software without specific prior written permission.
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf * POSSIBILITY OF SUCH DAMAGE.
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillfstatic char *realmcontclass[] = {"krbRealmContainer", NULL};
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf * create the service object from Directory
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf int i=0, j=0;
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf /* validate the input parameter */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf krb5_set_error_message (context, st, gettext("Service DN NULL"));
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf /* identify the class that the object should belong to. This depends on the servicetype */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf } else if (service->servicetype == LDAP_ADMIN_SERVICE) {
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf } else if (service->servicetype == LDAP_PASSWD_SERVICE) {
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf if ((st=krb5_add_str_mem_ldap_mod(&mods, "objectclass", LDAP_MOD_ADD, strval)) != 0)
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf if ((st=krb5_add_str_mem_ldap_mod(&mods, "cn", LDAP_MOD_ADD, strval)) != 0)
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbserviceflags", LDAP_MOD_ADD,
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbhostserver", LDAP_MOD_ADD,
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf krb5_set_error_message (context, st, gettext("'krbhostserver' argument invalid"));
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf /* check for the validity of the values */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf for (j=0; service->krbrealmreferences[j] != NULL; ++j) {
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf st = checkattributevalue(ld, service->krbrealmreferences[j], "ObjectClass",
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf CHECK_CLASS_VALIDITY(st, realmmask, "realm object value: ");
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbrealmreferences", LDAP_MOD_ADD,
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf krb5_set_error_message (context, st, gettext("Server has no 'krbrealmreferences'"));
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf /* ldap add operation */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf if ((st=ldap_add_ext_s(ld, service->servicedn, mods, NULL, NULL)) != LDAP_SUCCESS) {
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf * If the service created has realm/s associated with it, then the realm should be updated
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf * to have a reference to the service object just created.
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf if ((st=updateAttribute(ld, service->krbrealmreferences[i], realmattr,
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf snprintf (errbuf, sizeof(errbuf), gettext("Error adding 'krbRealmReferences' to %s: "),
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf /* delete service object, status ignored intentionally */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf ldap_delete_ext_s(ld, service->servicedn, NULL, NULL);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf krb5_ldap_put_handle_to_pool(ldap_context, ldap_server_handle);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf * modify the service object from Directory
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf char **values=NULL, *attr[] = { "krbRealmReferences", NULL};
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf /* validate the input parameter */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf krb5_set_error_message (context, st, gettext("Service DN is NULL"));
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbserviceflags", LDAP_MOD_REPLACE,
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbhostserver", LDAP_MOD_REPLACE,
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf krb5_set_error_message (context, st, gettext("'krbhostserver' value invalid"));
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf /* check for the validity of the values */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf st = checkattributevalue(ld, service->krbrealmreferences[j], "ObjectClass",
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf CHECK_CLASS_VALIDITY(st, realmmask, "realm object value: ");
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbrealmreferences", LDAP_MOD_REPLACE,
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf /* get the attribute of the realm to be set */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf /* read the existing list of krbRealmreferences. this will needed */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf if ((values=ldap_get_values(ld, ent, "krbRealmReferences")) != NULL) {
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf if ((st=copy_arrays(values, &oldrealmrefs, count)) != 0)
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf krb5_set_error_message (context, st, gettext("'krbRealmReferences' value invalid"));
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf /* ldap modify operation */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf if ((st=ldap_modify_ext_s(ld, service->servicedn, mods, NULL, NULL)) != LDAP_SUCCESS) {
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf * If the service modified had realm/s associations changed, then the realm should be
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf * updated to reflect the changes.
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf /* get the count of the new list of krbrealmreferences */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf /* make a new copy of the krbrealmreferences */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf if ((st=copy_arrays(service->krbrealmreferences, &newrealmrefs, i)) != 0)
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf /* find the deletions/additions to the list of krbrealmreferences */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf if (disjoint_members(oldrealmrefs, newrealmrefs) != 0)
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf /* see if some of the attributes have to be deleted */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf /* update the dn represented by the attribute that is to be deleted */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf for (i=0; oldrealmrefs[i]; ++i)
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf if ((st=deleteAttribute(ld, oldrealmrefs[i], realmattr, service->servicedn)) != 0) {
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf prepend_err_str (context, gettext("Error deleting realm attribute:"), st, st);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf /* see if some of the attributes have to be added */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf for (i=0; newrealmrefs[i]; ++i)
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf if ((st=updateAttribute(ld, newrealmrefs[i], realmattr, service->servicedn)) != 0) {
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf prepend_err_str (context, gettext("Error updating realm attribute: "), st, st);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf for (i=0; oldrealmrefs[i]; ++i)
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf for (i=0; newrealmrefs[i]; ++i)
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf krb5_ldap_put_handle_to_pool(ldap_context, ldap_server_handle);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf if (st != 0) {
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf /* NOTE: This should be removed now as the backlinks are going off in OpenLDAP */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf /* time to delete krbrealmreferences. This is only for OpenLDAP */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf deleteAttribute(ld, service->krbrealmreferences[i], attr, servicedn);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf krb5_ldap_put_handle_to_pool(ldap_context, ldap_server_handle);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf * This function lists service objects from Directory
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillfkrb5_ldap_list_services(context, containerdn, services)
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf return (krb5_ldap_list(context, services, "krbService", containerdn));
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf * This function reads the service object from Directory
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillfkrb5_ldap_read_service(context, servicedn, service, omask)
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf char *attributes[] = {"krbHostServer", "krbServiceflags",
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf /* validate the input parameter */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf krb5_set_error_message (context, st, gettext("Service DN NULL"));
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf /* the policydn object should be of the krbService object class */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf st = checkattributevalue(ld, servicedn, "objectClass", attrvalues, &objectmask);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf CHECK_CLASS_VALIDITY(st, objectmask, "service object value: ");
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf /* Initialize service structure */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf lservice =(krb5_ldap_service_params *) calloc(1, sizeof(krb5_ldap_service_params));
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf /* allocate tl_data structure to store MASK information */
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf lservice->tl_data = calloc (1, sizeof(*lservice->tl_data));
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf LDAP_SEARCH(servicedn, LDAP_SCOPE_BASE, "(objectclass=krbService)", attributes);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf if ((values=ldap_get_values(ld, ent, "krbServiceFlags")) != NULL) {
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf if ((values=ldap_get_values(ld, ent, "krbHostServer")) != NULL) {
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf if ((st=copy_arrays(values, &(lservice->krbhostservers), count)) != 0)
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf if ((values=ldap_get_values(ld, ent, "krbRealmReferences")) != NULL) {
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf if ((st=copy_arrays(values, &(lservice->krbrealmreferences), count)) != 0)
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf if ((values=ldap_get_values(ld, ent, "objectClass")) != NULL) {
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf for (i=0; values[i]; ++i) {
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf if (st != 0) {
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf krb5_ldap_put_handle_to_pool(ldap_context, ldap_server_handle);
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf * This function frees the krb5_ldap_service_params structure members.
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf if ((st=krb5_add_str_mem_ldap_mod(&mods, "userPassword", LDAP_MOD_REPLACE, password)) != 0)
54925bf60766fbb4f1f2d7c843721406a7b7a3fbwillf st = ldap_modify_ext_s(ld, service, mods, NULL, NULL);