kdb_ldap.c revision 2
/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
/*
*/
/*
*
* Copyright (c) 2004-2005, Novell, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* * Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* * The copyright holder's name is not used to endorse or promote products
* derived from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*/
#include "autoconf.h"
#if HAVE_UNISTD_H
#include <unistd.h>
#endif
#include <ctype.h>
#include "kdb_ldap.h"
#include "ldap_misc.h"
#include <kdb5.h>
/* Solaris Kerberos */
#include <libintl.h>
#include "ldap_main.h"
#if defined(NEED_ISBLANK_PROTO) && !defined(isblank)
extern int isblank();
#endif
{
return ENOMEM;
}
} else {
if (!*opt) {
return ENOMEM;
}
/* ignore trailing blanks */
--len;
pos += 1;
if (*pos != '\0') {
if (!*val) {
return ENOMEM;
}
}
}
return (0);
}
/*
* ldap get age
*/
char *db_name;
{
return 0;
}
/*
* read startup information - kerberos and realm container
*/
{
krb5_error_code retval = 0;
int mask = 0;
goto cleanup;
}
if ((retval=krb5_ldap_read_realm_params(context, context->default_realm, &(ldap_context->lrparams), &mask))) {
goto cleanup;
}
|| ((mask & LDAP_REALM_KRBTICKETFLAGS) == 0)) {
if (retval) {
if ((mask & LDAP_REALM_MAXTICKETLIFE) == 0) {
}
if ((mask & LDAP_REALM_MAXRENEWLIFE) == 0) {
}
if ((mask & LDAP_REALM_KRBTICKETFLAGS) == 0) {
}
retval = 0;
goto cleanup;
}
if ((mask & LDAP_REALM_MAXTICKETLIFE) == 0) {
}
if ((mask & LDAP_REALM_MAXRENEWLIFE) == 0) {
}
if ((mask & LDAP_REALM_KRBTICKETFLAGS) == 0) {
}
}
return retval;
}
/*
* Interrogate the root DSE (zero length DN) for an attribute
* value assertion.
*/
static int
char *value)
{
/*
* Solaris Kerberos: don't use SSL since we are checking to see if SASL
* Externnal mech is supported.
*/
if (retval != LDAP_SUCCESS) {
goto cleanup;
}
/* Solaris Kerberos: anon bind not needed */
#if 0 /************** Begin IFDEF'ed OUT *******************************/
/* Anonymous bind */
if (retval != LDAP_SUCCESS) {
goto cleanup;
}
#endif /**************** END IFDEF'ed OUT *******************************/
if (retval != LDAP_SUCCESS) {
goto cleanup;
}
#if 0 /************** Begin IFDEF'ed OUT *******************************/
#else
/* Solaris Kerberos: more accurate */
#endif /**************** END IFDEF'ed OUT *******************************/
goto cleanup;
}
goto cleanup;
}
flag = 1;
break;
}
}
if (flag != 1) {
goto cleanup;
}
return ret;
}
#define ERR_MSG1 "Unable to check if SASL EXTERNAL mechanism is supported by LDAP server. Proceeding anyway ..."
#define ERR_MSG2 "SASL EXTERNAL mechanism not supported by LDAP server. Can't perform certificate-based bind."
/* Function to check if a LDAP server supports the SASL external mechanism
*Return values:
* 0 => supports
* 1 => does not support
* 2 => don't know
*/
int
{
int ret;
"supportedSASLMechanisms", "EXTERNAL");
switch (ret) {
case 1: /* not supported */
break;
case 2: /* don't know */
break;
default:
break;
}
return ret;
}
int
char *ldap_server;
{
"supportedFeatures", "1.3.6.1.1.14");
}
void *
{
}
void
{
}
int mode)
{
krb5_error_code status = 0;
int srv_cnt = 0;
/* Clear the global error string */
if (ldap_context == NULL) {
goto clean_n_exit;
}
goto clean_n_exit;
}
if (ldap_context->bind_dn) {
goto clean_n_exit;
}
goto clean_n_exit;
}
goto clean_n_exit;
}
if (ldap_context->max_server_conns) {
goto clean_n_exit;
}
goto clean_n_exit;
}
if (ldap_context->bind_pwd) {
goto clean_n_exit;
}
goto clean_n_exit;
}
goto clean_n_exit;
}
goto clean_n_exit;
}
ldap_context->server_info_list = (krb5_ldap_server_info **) calloc (SERV_COUNT+1, sizeof (krb5_ldap_server_info *)) ;
goto clean_n_exit;
}
ldap_context->server_info_list[srv_cnt] = (krb5_ldap_server_info *) calloc (1, sizeof (krb5_ldap_server_info));
goto clean_n_exit;
}
goto clean_n_exit;
}
srv_cnt++;
#ifdef HAVE_EDIRECTORY
goto clean_n_exit;
}
goto clean_n_exit;
}
} else {
char *newstr;
goto clean_n_exit;
}
}
#endif
} else {
/* ignore hash argument. Might have been passed from create */
/*
* temporary is passed in when kdb5_util load without -update is done.
* This is unsupported by the LDAP plugin.
*/
gettext("open of LDAP directory aborted, plugin requires -update argument"));
} else {
}
goto clean_n_exit;
}
t_ptr++;
}
/* Solaris Kerberos */
ldap_context = NULL;
if (status) {
goto clean_n_exit;
}
/* Solaris Kerberos */
goto clean_n_exit;
}
goto clean_n_exit;
}
/* may be clearing up is not required db_fini might do it for us, check out */
if (status) {
/*
* Solaris Kerberos
* This code path can be called before
* dal_handle->db_context == ldap_context in which case ldap_context
* should be freed. After dal_handle->db_context == ldap_context
* ldap_context will be set to NULL and the memory cleaned up by
* krb5_ldap_free_ldap_context() (via the context argument).
*/
if (ldap_context)
}
return status;
}
#include "ldap_err.h"
int
{
return translated_st;
}
void
{
const char *omsg;
/* Solaris Kerberos: Memleak */
}
extern krb5int_access accessor;
int
kldap_init_fn(void)
{
/* Global (per-module) initialization. */
}
int
kldap_ensure_initialized(void)
{
return CALL_INIT_FUNCTION (kldap_init_fn);
}