2N/A/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ 2N/A * Copyright (c) 2004-2005, Novell, Inc. 2N/A * All rights reserved. 2N/A * Redistribution and use in source and binary forms, with or without 2N/A * modification, are permitted provided that the following conditions are met: 2N/A * * Redistributions of source code must retain the above copyright notice, 2N/A * this list of conditions and the following disclaimer. 2N/A * * Redistributions in binary form must reproduce the above copyright 2N/A * notice, this list of conditions and the following disclaimer in the 2N/A * documentation and/or other materials provided with the distribution. 2N/A * * The copyright holder's name is not used to endorse or promote products 2N/A * derived from this software without specific prior written permission. 2N/A * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 2N/A * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 2N/A * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 2N/A * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE 2N/A * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 2N/A * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 2N/A * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 2N/A * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 2N/A * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 2N/A * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 2N/A * POSSIBILITY OF SUCH DAMAGE. 2N/A * Copyright (c) 2006, 2011, Oracle and/or its affiliates. All rights reserved. 2N/A "krbMaxTicketLife",
"krbMaxRenewableAge",
2N/A "krbTicketFlags",
"krbUpEnabled",
2N/A "krbTicketPolicyReference",
2N/A "krbKdcServers",
"krbAdmServers",
2N/A "krbMaxRenewableAge",
2N/Achar *
subtreeclass[] = {
"Organization",
"OrganizationalUnit",
"Domain",
"krbContainer",
2N/A "krbRealmContainer",
"Country",
"Locality",
NULL };
2N/A * list realms from eDirectory 2N/A * Function to remove all special characters from a string (rfc2254). 2N/A * Use whenever exact matching is to be done ... 2N/A /* ptr[count - 1] = '\0'; */ 2N/A /* Cross realm trust ... */ 2N/A * Lists the realms in the Directory. 2N/A /* get the kerberos container DN information */ 2N/A /* get ldap handle */ 2N/A "(objectclass=krbRealmContainer)",
2N/A }
/* for (ent= ... */ 2N/A /* some error, free up all the memory */ 2N/A /* If there are no elements, still return a NULL terminated array */ 2N/A * Delete the realm along with the principals belonging to the realm in the Directory. 2N/A /* get ldap handle */ 2N/A /* delete all the principals belonging to the realm in the tree */ 2N/A /* LDAP_SEARCH(NULL, LDAP_SCOPE_SUBTREE, filter, attr); */ 2N/A /* NOTE: Here all the principals should be cached and the ldap handle should be freed, 2N/A * as a DAL-LDAP interface is called right down here. Caching might be constrained by 2N/A * availability of the memory. The caching is not done, however there would be limit 2N/A * on the minimum number of handles for a server and it is 2. As the DAL-LDAP is not 2N/A * thread-safe this should suffice. 2N/A /* Delete all password policies */ 2N/A /* Delete all ticket policies */ 2N/A /* Delete the realm object */ 2N/A /* Solaris Kerberos */ 2N/A * Modify the realm attributes in the Directory. 2N/A /* Solaris kerberos: oldmask isn't used */ 2N/A /* int oldmask=0, objectmask=0,k=0; */ 2N/A /* Check validity of arguments */ 2N/A /* get ldap handle */ 2N/A /* Solaris kerberos: oldmask isn't used */ 2N/A#
if 0
/************** Begin IFDEF'ed OUT *******************************/ 2N/A /* get the oldmask obtained from the krb5_ldap_read_realm_params */ 2N/A#
endif /**************** END IFDEF'ed OUT *******************************/ 2N/A /* SUBTREE ATTRIBUTE */ 2N/A /*replace the subtrees with the present if the subtrees are present*/ 2N/A /* CONTAINERREF ATTRIBUTE */ 2N/A /* SEARCHSCOPE ATTRIBUTE */ 2N/A /* krbMaxTicketLife ATTRIBUTE */ 2N/A /* krbTicketFlags ATTRIBUTE */ 2N/A /* KDCSERVERS ATTRIBUTE */ 2N/A /* validate the server list */ 2N/A /* ADMINSERVERS ATTRIBUTE */ 2N/A /* validate the server list */ 2N/A /* PASSWDSERVERS ATTRIBUTE */ 2N/A /* validate the server list */ 2N/A * Read the old values of the krbkdcservers, krbadmservers and 2N/A * krbpwdservers. This information is later used to decided the 2N/A char *
servers[] = {
"krbKdcServers",
"krbAdmServers",
"krbPwdServers",
NULL};
2N/A /* Realm modify opearation */ 2N/A * to the 4 servers' list. 2N/A /* find the deletions and additions to the server list */ 2N/A /* delete the krbRealmReferences attribute from the servers that are dis-associated. */ 2N/A /* add the krbRealmReferences attribute from the servers that are associated. */ 2N/A /* find the deletions and additions to the server list */ 2N/A /* delete the krbRealmReferences attribute from the servers that are dis-associated. */ 2N/A /* add the krbRealmReferences attribute from the servers that are associated. */ 2N/A /* find the deletions and additions to the server list */ 2N/A /* delete the krbRealmReferences attribute from the servers that are dis-associated. */ 2N/A /* add the krbRealmReferences attribute from the servers that are associated. */ 2N/A * Create the Kerberos container in the Directory 2N/A /* get ldap handle */ 2N/A /* If the user has not given, use the default cn=Kerberos,cn=Security */ 2N/A /* check if the policy reference value exists and is of krbticketpolicyreference object class */ 2N/A /* create the kerberos container */ 2N/A /* free the mods array */ 2N/A /* check whether the security container is bound to krbcontainerrefaux object class */ 2N/A /* delete Kerberos Container, status ignored intentionally */ 2N/A /* Security Container is extended with krbcontainerrefaux object class */ 2N/A /* update the security container with krbContainerReference attribute */ 2N/A /* delete Kerberos Container, status ignored intentionally */ 2N/A * Delete the Kerberos container in the Directory 2N/A /* get ldap handle */ 2N/A /* If the user has not given, use the default cn=Kerberos,cn=Security */ 2N/A /* delete the kerberos container */ 2N/A * Create Realm in eDirectory. This is used by kdb5_util 2N/A /* Check input validity ... */ 2N/A /* get ldap handle */ 2N/A /* SUBTREE ATTRIBUTE */ 2N/A /* CONTAINER REFERENCE ATTRIBUTE */ 2N/A /* SEARCHSCOPE ATTRIBUTE */ 2N/A /* krbMaxTicketLife ATTRIBUTE */ 2N/A /* krbTicketFlags ATTRIBUTE */ 2N/A /* KDCSERVERS ATTRIBUTE */ 2N/A /* validate the server list */ 2N/A /* ADMINSERVERS ATTRIBUTE */ 2N/A /* validate the server list */ 2N/A /* PASSWDSERVERS ATTRIBUTE */ 2N/A /* validate the server list */ 2N/A /* realm creation operation */ 2N/A /* delete Realm, status ignored intentionally */ 2N/A /* delete Realm, status ignored intentionally */ 2N/A /* delete Realm, status ignored intentionally */ 2N/A * Read the realm container configuration from eDirectory for the specified realm. 2N/A /* validate the input parameter */ 2N/A /* read kerberos container, if not read already */ 2N/A /* get ldap handle */ 2N/A /* Initialize realm container structure */ 2N/A /* allocate tl_data structure to store MASK information */ 2N/A /* set the mask parameter to 0 */ 2N/A /* set default values */ 2N/A /* populate the realm name in the structure */ 2N/A /* This could happen when the DN used to bind and read the realm object 2N/A * does not have sufficient rights to read its attributes 2N/A /* Read the attributes */ 2N/A /* searchscope can be ONE-LEVEL or SUBTREE, else default to SUBTREE */ 2N/A * If all of maxtktlife, maxrenewlife and ticketflags are not directly 2N/A * available, use the policy dn from the policy reference attribute, if 2N/A * available, to fetch the missing. 2N/A /* if there is an error, free allocated structures */ 2N/A Free the krb5_ldap_realm_params. 2N/A * ****************************************************************************** 2N/A * ******************************************************************************