ldap_services.c revision 54925bf60766fbb4f1f2d7c843721406a7b7a3fb
0a47c91c895e274dd0990009919e30e984364a8bRobert Mustacchi#pragma ident "%Z%%M% %I% %E% SMI"
0a47c91c895e274dd0990009919e30e984364a8bRobert Mustacchi * Copyright (c) 2004-2005, Novell, Inc.
0a47c91c895e274dd0990009919e30e984364a8bRobert Mustacchi * All rights reserved.
0a47c91c895e274dd0990009919e30e984364a8bRobert Mustacchi * Redistribution and use in source and binary forms, with or without
0a47c91c895e274dd0990009919e30e984364a8bRobert Mustacchi * modification, are permitted provided that the following conditions are met:
0a47c91c895e274dd0990009919e30e984364a8bRobert Mustacchi * * Redistributions of source code must retain the above copyright notice,
0a47c91c895e274dd0990009919e30e984364a8bRobert Mustacchi * this list of conditions and the following disclaimer.
0a47c91c895e274dd0990009919e30e984364a8bRobert Mustacchi * * Redistributions in binary form must reproduce the above copyright
0a47c91c895e274dd0990009919e30e984364a8bRobert Mustacchi * notice, this list of conditions and the following disclaimer in the
0a47c91c895e274dd0990009919e30e984364a8bRobert Mustacchi * documentation and/or other materials provided with the distribution.
0a47c91c895e274dd0990009919e30e984364a8bRobert Mustacchi * * The copyright holder's name is not used to endorse or promote products
0a47c91c895e274dd0990009919e30e984364a8bRobert Mustacchi * derived from this software without specific prior written permission.
0a47c91c895e274dd0990009919e30e984364a8bRobert Mustacchi * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
0a47c91c895e274dd0990009919e30e984364a8bRobert Mustacchi * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
0a47c91c895e274dd0990009919e30e984364a8bRobert Mustacchi * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
0a47c91c895e274dd0990009919e30e984364a8bRobert Mustacchi * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
0a47c91c895e274dd0990009919e30e984364a8bRobert Mustacchi * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
0a47c91c895e274dd0990009919e30e984364a8bRobert Mustacchi * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
0a47c91c895e274dd0990009919e30e984364a8bRobert Mustacchi * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
0a47c91c895e274dd0990009919e30e984364a8bRobert Mustacchi * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
0a47c91c895e274dd0990009919e30e984364a8bRobert Mustacchi * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
0a47c91c895e274dd0990009919e30e984364a8bRobert Mustacchi * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
0a47c91c895e274dd0990009919e30e984364a8bRobert Mustacchi * POSSIBILITY OF SUCH DAMAGE.
0a47c91c895e274dd0990009919e30e984364a8bRobert Mustacchistatic char *realmcontclass[] = {"krbRealmContainer", NULL};
0a47c91c895e274dd0990009919e30e984364a8bRobert Mustacchi * create the service object from Directory
0a47c91c895e274dd0990009919e30e984364a8bRobert Mustacchikrb5_ldap_create_service(context, service, mask)
0a47c91c895e274dd0990009919e30e984364a8bRobert Mustacchi int i=0, j=0;
0a47c91c895e274dd0990009919e30e984364a8bRobert Mustacchi char **rdns=NULL, *realmattr=NULL, *strval[3]={NULL};
0a47c91c895e274dd0990009919e30e984364a8bRobert Mustacchi krb5_ldap_server_handle *ldap_server_handle=NULL;
0a47c91c895e274dd0990009919e30e984364a8bRobert Mustacchi /* validate the input parameter */
0a47c91c895e274dd0990009919e30e984364a8bRobert Mustacchi if (service == NULL || service->servicedn == NULL) {
0a47c91c895e274dd0990009919e30e984364a8bRobert Mustacchi krb5_set_error_message (context, st, gettext("Service DN NULL"));
0a47c91c895e274dd0990009919e30e984364a8bRobert Mustacchi /* identify the class that the object should belong to. This depends on the servicetype */
0a47c91c895e274dd0990009919e30e984364a8bRobert Mustacchi if (service->servicetype == LDAP_KDC_SERVICE) {
0a47c91c895e274dd0990009919e30e984364a8bRobert Mustacchi } else if (service->servicetype == LDAP_ADMIN_SERVICE) {
0a47c91c895e274dd0990009919e30e984364a8bRobert Mustacchi } else if (service->servicetype == LDAP_PASSWD_SERVICE) {
0a47c91c895e274dd0990009919e30e984364a8bRobert Mustacchi if ((st=krb5_add_str_mem_ldap_mod(&mods, "objectclass", LDAP_MOD_ADD, strval)) != 0)
0a47c91c895e274dd0990009919e30e984364a8bRobert Mustacchi rdns = ldap_explode_dn(service->servicedn, 1);
0a47c91c895e274dd0990009919e30e984364a8bRobert Mustacchi if ((st=krb5_add_str_mem_ldap_mod(&mods, "cn", LDAP_MOD_ADD, strval)) != 0)
0a47c91c895e274dd0990009919e30e984364a8bRobert Mustacchi if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbserviceflags", LDAP_MOD_ADD,
0a47c91c895e274dd0990009919e30e984364a8bRobert Mustacchi if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbhostserver", LDAP_MOD_ADD,
0a47c91c895e274dd0990009919e30e984364a8bRobert Mustacchi krb5_set_error_message (context, st, gettext("'krbhostserver' argument invalid"));
0a47c91c895e274dd0990009919e30e984364a8bRobert Mustacchi unsigned int realmmask=0;
0a47c91c895e274dd0990009919e30e984364a8bRobert Mustacchi /* check for the validity of the values */
0a47c91c895e274dd0990009919e30e984364a8bRobert Mustacchi for (j=0; service->krbrealmreferences[j] != NULL; ++j) {
0a47c91c895e274dd0990009919e30e984364a8bRobert Mustacchi st = checkattributevalue(ld, service->krbrealmreferences[j], "ObjectClass",
0a47c91c895e274dd0990009919e30e984364a8bRobert Mustacchi CHECK_CLASS_VALIDITY(st, realmmask, "realm object value: ");
0a47c91c895e274dd0990009919e30e984364a8bRobert Mustacchi if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbrealmreferences", LDAP_MOD_ADD,
0a47c91c895e274dd0990009919e30e984364a8bRobert Mustacchi krb5_set_error_message (context, st, gettext("Server has no 'krbrealmreferences'"));
0a47c91c895e274dd0990009919e30e984364a8bRobert Mustacchi /* ldap add operation */
0a47c91c895e274dd0990009919e30e984364a8bRobert Mustacchi if ((st=ldap_add_ext_s(ld, service->servicedn, mods, NULL, NULL)) != LDAP_SUCCESS) {
0a47c91c895e274dd0990009919e30e984364a8bRobert Mustacchi * If the service created has realm/s associated with it, then the realm should be updated
0a47c91c895e274dd0990009919e30e984364a8bRobert Mustacchi * to have a reference to the service object just created.
0a47c91c895e274dd0990009919e30e984364a8bRobert Mustacchi for (i=0; service->krbrealmreferences[i]; ++i) {
0a47c91c895e274dd0990009919e30e984364a8bRobert Mustacchi if ((st=updateAttribute(ld, service->krbrealmreferences[i], realmattr,
0a47c91c895e274dd0990009919e30e984364a8bRobert Mustacchi snprintf (errbuf, sizeof(errbuf), gettext("Error adding 'krbRealmReferences' to %s: "),
0a47c91c895e274dd0990009919e30e984364a8bRobert Mustacchi /* delete service object, status ignored intentionally */
0a47c91c895e274dd0990009919e30e984364a8bRobert Mustacchi ldap_delete_ext_s(ld, service->servicedn, NULL, NULL);
0a47c91c895e274dd0990009919e30e984364a8bRobert Mustacchi krb5_ldap_put_handle_to_pool(ldap_context, ldap_server_handle);
0a47c91c895e274dd0990009919e30e984364a8bRobert Mustacchi * modify the service object from Directory
0a47c91c895e274dd0990009919e30e984364a8bRobert Mustacchikrb5_ldap_modify_service(context, service, mask)
0a47c91c895e274dd0990009919e30e984364a8bRobert Mustacchi int i=0, j=0, count=0;
0a47c91c895e274dd0990009919e30e984364a8bRobert Mustacchi char **values=NULL, *attr[] = { "krbRealmReferences", NULL};
0a47c91c895e274dd0990009919e30e984364a8bRobert Mustacchi char **oldrealmrefs=NULL, **newrealmrefs=NULL;
0a47c91c895e274dd0990009919e30e984364a8bRobert Mustacchi krb5_ldap_server_handle *ldap_server_handle=NULL;
0a47c91c895e274dd0990009919e30e984364a8bRobert Mustacchi /* validate the input parameter */
0a47c91c895e274dd0990009919e30e984364a8bRobert Mustacchi if (service == NULL || service->servicedn == NULL) {
0a47c91c895e274dd0990009919e30e984364a8bRobert Mustacchi krb5_set_error_message (context, st, gettext("Service DN is NULL"));
0a47c91c895e274dd0990009919e30e984364a8bRobert Mustacchi if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbserviceflags", LDAP_MOD_REPLACE,
0a47c91c895e274dd0990009919e30e984364a8bRobert Mustacchi if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbhostserver", LDAP_MOD_REPLACE,
0a47c91c895e274dd0990009919e30e984364a8bRobert Mustacchi krb5_set_error_message (context, st, gettext("'krbhostserver' value invalid"));
0a47c91c895e274dd0990009919e30e984364a8bRobert Mustacchi unsigned int realmmask=0;
0a47c91c895e274dd0990009919e30e984364a8bRobert Mustacchi /* check for the validity of the values */
0a47c91c895e274dd0990009919e30e984364a8bRobert Mustacchi for (j=0; service->krbrealmreferences[j]; ++j) {
0a47c91c895e274dd0990009919e30e984364a8bRobert Mustacchi st = checkattributevalue(ld, service->krbrealmreferences[j], "ObjectClass",
0a47c91c895e274dd0990009919e30e984364a8bRobert Mustacchi CHECK_CLASS_VALIDITY(st, realmmask, "realm object value: ");
0a47c91c895e274dd0990009919e30e984364a8bRobert Mustacchi if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbrealmreferences", LDAP_MOD_REPLACE,
goto cleanup;
attr,
NULL,
NULL,
NULL,
goto cleanup;
if (ent) {
goto cleanup;
goto cleanup;
goto cleanup;
goto cleanup;
goto cleanup;
if (oldrealmrefs) {
for (i=0; oldrealmrefs[i]; ++i)
goto cleanup;
for (i=0; newrealmrefs[i]; ++i)
goto cleanup;
if (oldrealmrefs) {
for (i=0; oldrealmrefs[i]; ++i)
if (newrealmrefs) {
for (i=0; newrealmrefs[i]; ++i)
return st;
char *servicedn;
GET_HANDLE();
if (st != 0) {
#ifndef HAVE_EDIRECTORY
if (service) {
return st;
char *containerdn;
char ***services;
char *servicedn;
int *omask;
goto cleanup;
GET_HANDLE();
*omask = 0;
goto cleanup;
goto cleanup;
goto cleanup;
goto cleanup;
for (i=0; values[i]; ++i) {
if (st != 0) {
return st;
char *service;
char *passwd;
GET_HANDLE();
goto cleanup;
if (st) {
return st;