ldap/libkdb_ldap/ldap_services.c

2N/A/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
2N/A/*
2N/A * lib/kdb/kdb_ldap/ldap_services.c
2N/A *
2N/A * Copyright (c) 2004-2005, Novell, Inc.
2N/A * All rights reserved.
2N/A *
2N/A * Redistribution and use in source and binary forms, with or without
2N/A * modification, are permitted provided that the following conditions are met:
2N/A *
2N/A *   * Redistributions of source code must retain the above copyright notice,
2N/A *       this list of conditions and the following disclaimer.
2N/A *   * Redistributions in binary form must reproduce the above copyright
2N/A *       notice, this list of conditions and the following disclaimer in the
2N/A *       documentation and/or other materials provided with the distribution.
2N/A *   * The copyright holder's name is not used to endorse or promote products
2N/A *       derived from this software without specific prior written permission.
2N/A *
2N/A * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
2N/A * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
2N/A * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
2N/A * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
2N/A * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
2N/A * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
2N/A * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
2N/A * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
2N/A * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
2N/A * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
2N/A * POSSIBILITY OF SUCH DAMAGE.
2N/A */
2N/A
2N/A#include "ldap_main.h"
2N/A#include "kdb_ldap.h"
2N/A#include "ldap_services.h"
2N/A#include "ldap_err.h"
2N/A#include <libintl.h> /* Solaris Kerberos */
2N/A
2N/A#if defined(HAVE_EDIRECTORY)
2N/A
2N/Astatic char *realmcontclass[] = {"krbRealmContainer", NULL};
2N/A
2N/A/*
2N/A * create the service object from Directory
2N/A */
2N/A
2N/Akrb5_error_code
2N/Akrb5_ldap_create_service(krb5_context context,
2N/A                         krb5_ldap_service_params *service, int mask)
2N/A{
2N/A    int                         i=0, j=0;
2N/A    krb5_error_code             st=0;
2N/A    LDAP                        *ld=NULL;
2N/A    char                        **rdns=NULL, *realmattr=NULL, *strval[3]={NULL};
2N/A    LDAPMod                     **mods=NULL;
2N/A    kdb5_dal_handle             *dal_handle=NULL;
2N/A    krb5_ldap_context           *ldap_context=NULL;
2N/A    krb5_ldap_server_handle     *ldap_server_handle=NULL;
2N/A    char                        errbuf[1024];
2N/A
2N/A    /* validate the input parameter */
2N/A    if (service == NULL || service->servicedn == NULL) {
2N/A        st = EINVAL;
2N/A        krb5_set_error_message (context, st, gettext("Service DN NULL"));
2N/A        goto cleanup;
2N/A    }
2N/A
2N/A    SETUP_CONTEXT();
2N/A    GET_HANDLE();
2N/A
2N/A    /* identify the class that the object should belong to. This depends on the servicetype */
2N/A    memset(strval, 0, sizeof(strval));
2N/A    strval[0] = "krbService";
2N/A    if (service->servicetype == LDAP_KDC_SERVICE) {
2N/A        strval[1] = "krbKdcService";
2N/A        realmattr = "krbKdcServers";
2N/A    } else if (service->servicetype == LDAP_ADMIN_SERVICE) {
2N/A        strval[1] = "krbAdmService";
2N/A        realmattr = "krbAdmServers";
2N/A    } else if (service->servicetype == LDAP_PASSWD_SERVICE) {
2N/A        strval[1] = "krbPwdService";
2N/A        realmattr = "krbPwdServers";
2N/A    } else {
2N/A        strval[1] = "krbKdcService";
2N/A        realmattr = "krbKdcServers";
2N/A    }
2N/A    if ((st=krb5_add_str_mem_ldap_mod(&mods, "objectclass", LDAP_MOD_ADD, strval)) != 0)
2N/A        goto cleanup;
2N/A
2N/A    rdns = ldap_explode_dn(service->servicedn, 1);
2N/A    if (rdns == NULL) {
2N/A        st = LDAP_INVALID_DN_SYNTAX;
2N/A        goto cleanup;
2N/A    }
2N/A    memset(strval, 0, sizeof(strval));
2N/A    strval[0] = rdns[0];
2N/A    if ((st=krb5_add_str_mem_ldap_mod(&mods, "cn", LDAP_MOD_ADD, strval)) != 0)
2N/A        goto cleanup;
2N/A
2N/A    if (mask & LDAP_SERVICE_SERVICEFLAG) {
2N/A        if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbserviceflags", LDAP_MOD_ADD,
2N/A                                          service->krbserviceflags)) != 0)
2N/A            goto cleanup;
2N/A    }
2N/A
2N/A    if (mask & LDAP_SERVICE_HOSTSERVER) {
2N/A        if (service->krbhostservers != NULL) {
2N/A            if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbhostserver", LDAP_MOD_ADD,
2N/A                                              service->krbhostservers)) != 0)
2N/A                goto cleanup;
2N/A        } else {
2N/A            st = EINVAL;
2N/A            krb5_set_error_message (context, st, gettext("'krbhostserver' argument invalid"));
2N/A            goto cleanup;
2N/A        }
2N/A    }
2N/A
2N/A    if (mask & LDAP_SERVICE_REALMREFERENCE) {
2N/A        if (service->krbrealmreferences != NULL) {
2N/A            unsigned int realmmask=0;
2N/A
2N/A            /* check for the validity of the values */
2N/A            for (j=0; service->krbrealmreferences[j] != NULL; ++j) {
2N/A                st = checkattributevalue(ld, service->krbrealmreferences[j], "ObjectClass",
2N/A                                         realmcontclass, &realmmask);
2N/A                CHECK_CLASS_VALIDITY(st, realmmask, "realm object value: ");
2N/A            }
2N/A            if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbrealmreferences", LDAP_MOD_ADD,
2N/A                                              service->krbrealmreferences)) != 0)
2N/A                goto cleanup;
2N/A        } else {
2N/A            st = EINVAL;
2N/A            krb5_set_error_message (context, st, gettext("Server has no 'krbrealmreferences'"));
2N/A            goto cleanup;
2N/A        }
2N/A    }
2N/A
2N/A    /* ldap add operation */
2N/A    if ((st=ldap_add_ext_s(ld, service->servicedn, mods, NULL, NULL)) != LDAP_SUCCESS) {
2N/A        st = set_ldap_error (context, st, OP_ADD);
2N/A        goto cleanup;
2N/A    }
2N/A
2N/A    /*
2N/A     * If the service created has realm/s associated with it, then the realm should be updated
2N/A     * to have a reference to the service object just created.
2N/A     */
2N/A    if (mask & LDAP_SERVICE_REALMREFERENCE) {
2N/A        for (i=0; service->krbrealmreferences[i]; ++i) {
2N/A            if ((st=updateAttribute(ld, service->krbrealmreferences[i], realmattr,
2N/A                                    service->servicedn)) != 0) {
2N/A                snprintf (errbuf, sizeof(errbuf),
2N/A                          "Error adding 'krbRealmReferences' to %s: ",
2N/A                          service->krbrealmreferences[i]);
2N/A                prepend_err_str (context, errbuf, st, st);
2N/A                /* delete service object, status ignored intentionally */
2N/A                ldap_delete_ext_s(ld, service->servicedn, NULL, NULL);
2N/A                goto cleanup;
2N/A            }
2N/A        }
2N/A    }
2N/A
2N/Acleanup:
2N/A
2N/A    if (rdns)
2N/A        ldap_value_free (rdns);
2N/A
2N/A    ldap_mods_free(mods, 1);
2N/A    krb5_ldap_put_handle_to_pool(ldap_context, ldap_server_handle);
2N/A    return st;
2N/A}
2N/A
2N/A
2N/A/*
2N/A * modify the service object from Directory
2N/A */
2N/A
2N/Akrb5_error_code
2N/Akrb5_ldap_modify_service(krb5_context context,
2N/A                         krb5_ldap_service_params *service, int mask)
2N/A{
2N/A    int                         i=0, j=0, count=0;
2N/A    krb5_error_code             st=0;
2N/A    LDAP                        *ld=NULL;
2N/A    char                        **values=NULL, *attr[] = { "krbRealmReferences", NULL};
2N/A    char                        *realmattr=NULL;
2N/A    char                        **oldrealmrefs=NULL, **newrealmrefs=NULL;
2N/A    LDAPMod                     **mods=NULL;
2N/A    LDAPMessage                 *result=NULL, *ent=NULL;
2N/A    kdb5_dal_handle             *dal_handle=NULL;
2N/A    krb5_ldap_context           *ldap_context=NULL;
2N/A    krb5_ldap_server_handle     *ldap_server_handle=NULL;
2N/A
2N/A    /* validate the input parameter */
2N/A    if (service == NULL || service->servicedn == NULL) {
2N/A        st = EINVAL;
2N/A        krb5_set_error_message (context, st, gettext("Service DN is NULL"));
2N/A        goto cleanup;
2N/A    }
2N/A
2N/A    SETUP_CONTEXT();
2N/A    GET_HANDLE();
2N/A
2N/A    if (mask & LDAP_SERVICE_SERVICEFLAG) {
2N/A        if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbserviceflags", LDAP_MOD_REPLACE,
2N/A                                          service->krbserviceflags)) != 0)
2N/A            goto cleanup;
2N/A    }
2N/A
2N/A    if (mask & LDAP_SERVICE_HOSTSERVER) {
2N/A        if (service->krbhostservers != NULL) {
2N/A            if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbhostserver", LDAP_MOD_REPLACE,
2N/A                                              service->krbhostservers)) != 0)
2N/A                goto cleanup;
2N/A        } else {
2N/A            st = EINVAL;
2N/A            krb5_set_error_message (context, st, gettext("'krbhostserver' value invalid"));
2N/A            goto cleanup;
2N/A        }
2N/A    }
2N/A
2N/A    if (mask & LDAP_SERVICE_REALMREFERENCE) {
2N/A        if (service->krbrealmreferences != NULL) {
2N/A            unsigned int realmmask=0;
2N/A
2N/A            /* check for the validity of the values */
2N/A            for (j=0; service->krbrealmreferences[j]; ++j) {
2N/A                st = checkattributevalue(ld, service->krbrealmreferences[j], "ObjectClass",
2N/A                                         realmcontclass, &realmmask);
2N/A                CHECK_CLASS_VALIDITY(st, realmmask, "realm object value: ");
2N/A            }
2N/A            if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbrealmreferences", LDAP_MOD_REPLACE,
2N/A                                              service->krbrealmreferences)) != 0)
2N/A                goto cleanup;
2N/A
2N/A
2N/A            /* get the attribute of the realm to be set */
2N/A            if (service->servicetype == LDAP_KDC_SERVICE)
2N/A                realmattr = "krbKdcServers";
2N/A            else if (service->servicetype == LDAP_ADMIN_SERVICE)
2N/A                realmattr = "krbAdmservers";
2N/A            else if (service->servicetype == LDAP_PASSWD_SERVICE)
2N/A                realmattr = "krbPwdServers";
2N/A            else
2N/A                realmattr = "krbKdcServers";
2N/A
2N/A            /* read the existing list of krbRealmreferences. this will needed  */
2N/A            if ((st = ldap_search_ext_s (ld,
2N/A                                         service->servicedn,
2N/A                                         LDAP_SCOPE_BASE,
2N/A                                         0,
2N/A                                         attr,
2N/A                                         0,
2N/A                                         NULL,
2N/A                                         NULL,
2N/A                                         NULL,
2N/A                                         0,
2N/A                                         &result)) != LDAP_SUCCESS) {
2N/A                st = set_ldap_error (context, st, OP_SEARCH);
2N/A                goto cleanup;
2N/A            }
2N/A
2N/A            ent = ldap_first_entry(ld, result);
2N/A            if (ent) {
2N/A                if ((values=ldap_get_values(ld, ent, "krbRealmReferences")) != NULL) {
2N/A                    count = ldap_count_values(values);
2N/A                    if ((st=copy_arrays(values, &oldrealmrefs, count)) != 0)
2N/A                        goto cleanup;
2N/A                    ldap_value_free(values);
2N/A                }
2N/A            }
2N/A            ldap_msgfree(result);
2N/A        } else {
2N/A            st = EINVAL;
2N/A            krb5_set_error_message (context, st, "'krbRealmReferences' value invalid");
2N/A            goto cleanup;
2N/A        }
2N/A    }
2N/A
2N/A    /* ldap modify operation */
2N/A    if ((st=ldap_modify_ext_s(ld, service->servicedn, mods, NULL, NULL)) != LDAP_SUCCESS) {
2N/A        st = set_ldap_error (context, st, OP_MOD);
2N/A        goto cleanup;
2N/A    }
2N/A
2N/A    /*
2N/A     * If the service modified had realm/s associations changed, then the realm should be
2N/A     * updated to reflect the changes.
2N/A     */
2N/A
2N/A    if (mask & LDAP_SERVICE_REALMREFERENCE) {
2N/A        /* get the count of the new list of krbrealmreferences */
2N/A        for (i=0; service->krbrealmreferences[i]; ++i)
2N/A            ;
2N/A
2N/A        /* make a new copy of the krbrealmreferences */
2N/A        if ((st=copy_arrays(service->krbrealmreferences, &newrealmrefs, i)) != 0)
2N/A            goto cleanup;
2N/A
2N/A        /* find the deletions/additions to the list of krbrealmreferences */
2N/A        if (disjoint_members(oldrealmrefs, newrealmrefs) != 0)
2N/A            goto cleanup;
2N/A
2N/A        /* see if some of the attributes have to be deleted */
2N/A        if (oldrealmrefs) {
2N/A
2N/A            /* update the dn represented by the attribute that is to be deleted */
2N/A            for (i=0; oldrealmrefs[i]; ++i)
2N/A                if ((st=deleteAttribute(ld, oldrealmrefs[i], realmattr, service->servicedn)) != 0) {
2N/A                    prepend_err_str (context, gettext("Error deleting realm attribute:"), st, st);
2N/A                    goto cleanup;
2N/A                }
2N/A        }
2N/A
2N/A        /* see if some of the attributes have to be added */
2N/A        for (i=0; newrealmrefs[i]; ++i)
2N/A            if ((st=updateAttribute(ld, newrealmrefs[i], realmattr, service->servicedn)) != 0) {
2N/A                prepend_err_str (context, gettext("Error updating realm attribute: "), st, st);
2N/A                goto cleanup;
2N/A            }
2N/A    }
2N/A
2N/Acleanup:
2N/A
2N/A    if (oldrealmrefs) {
2N/A        for (i=0; oldrealmrefs[i]; ++i)
2N/A            free (oldrealmrefs[i]);
2N/A        free (oldrealmrefs);
2N/A    }
2N/A
2N/A    if (newrealmrefs) {
2N/A        for (i=0; newrealmrefs[i]; ++i)
2N/A            free (newrealmrefs[i]);
2N/A        free (newrealmrefs);
2N/A    }
2N/A
2N/A    ldap_mods_free(mods, 1);
2N/A    krb5_ldap_put_handle_to_pool(ldap_context, ldap_server_handle);
2N/A    return st;
2N/A}
2N/A
2N/A
2N/Akrb5_error_code
2N/Akrb5_ldap_delete_service(krb5_context context,
2N/A                         krb5_ldap_service_params *service, char *servicedn)
2N/A{
2N/A    krb5_error_code             st = 0;
2N/A    LDAP                        *ld=NULL;
2N/A    kdb5_dal_handle             *dal_handle=NULL;
2N/A    krb5_ldap_context           *ldap_context=NULL;
2N/A    krb5_ldap_server_handle     *ldap_server_handle=NULL;
2N/A
2N/A    SETUP_CONTEXT();
2N/A    GET_HANDLE();
2N/A
2N/A    st = ldap_delete_ext_s(ld, servicedn, NULL, NULL);
2N/A    if (st != 0) {
2N/A        st = set_ldap_error (context, st, OP_DEL);
2N/A    }
2N/A
2N/A    /* NOTE: This should be removed now as the backlinks are going off in OpenLDAP */
2N/A    /* time to delete krbrealmreferences. This is only for OpenLDAP */
2N/A#ifndef HAVE_EDIRECTORY
2N/A    {
2N/A        int                         i=0;
2N/A        char                        *attr=NULL;
2N/A
2N/A        if (service) {
2N/A            if (service->krbrealmreferences) {
2N/A                if (service->servicetype == LDAP_KDC_SERVICE)
2N/A                    attr = "krbkdcservers";
2N/A                else if (service->servicetype == LDAP_ADMIN_SERVICE)
2N/A                    attr = "krbadmservers";
2N/A                else if (service->servicetype == LDAP_PASSWD_SERVICE)
2N/A                    attr = "krbpwdservers";
2N/A
2N/A                for (i=0; service->krbrealmreferences[i]; ++i) {
2N/A                    deleteAttribute(ld, service->krbrealmreferences[i], attr, servicedn);
2N/A                }
2N/A            }
2N/A        }
2N/A    }
2N/A#endif
2N/A
2N/Acleanup:
2N/A
2N/A    krb5_ldap_put_handle_to_pool(ldap_context, ldap_server_handle);
2N/A    return st;
2N/A}
2N/A
2N/A
2N/A/*
2N/A * This function lists service objects from Directory
2N/A */
2N/A
2N/Akrb5_error_code
2N/Akrb5_ldap_list_services(krb5_context context, char *containerdn,
2N/A                        char ***services)
2N/A{
2N/A    return (krb5_ldap_list(context, services, "krbService", containerdn));
2N/A}
2N/A
2N/A/*
2N/A * This function reads the service object from Directory
2N/A */
2N/Akrb5_error_code
2N/Akrb5_ldap_read_service(krb5_context context, char *servicedn,
2N/A                       krb5_ldap_service_params **service, int *omask)
2N/A{
2N/A    char                        **values=NULL;
2N/A    int                         i=0, count=0, objectmask=0;
2N/A    krb5_error_code             st=0, tempst=0;
2N/A    LDAPMessage                 *result=NULL,*ent=NULL;
2N/A    char                        *attributes[] = {"krbHostServer", "krbServiceflags",
2N/A                                                 "krbRealmReferences", "objectclass", NULL};
2N/A    char                        *attrvalues[] = {"krbService", NULL};
2N/A    krb5_ldap_service_params    *lservice=NULL;
2N/A    krb5_ldap_context           *ldap_context=NULL;
2N/A    kdb5_dal_handle             *dal_handle=NULL;
2N/A    krb5_ldap_server_handle     *ldap_server_handle=NULL;
2N/A    LDAP                        *ld = NULL;
2N/A
2N/A    /* validate the input parameter */
2N/A    if (servicedn == NULL) {
2N/A        st = EINVAL;
2N/A        krb5_set_error_message (context, st, "Service DN NULL");
2N/A        goto cleanup;
2N/A    }
2N/A
2N/A    SETUP_CONTEXT();
2N/A    GET_HANDLE();
2N/A
2N/A    *omask = 0;
2N/A
2N/A    /* the policydn object should be of the krbService object class */
2N/A    st = checkattributevalue(ld, servicedn, "objectClass", attrvalues, &objectmask);
2N/A    CHECK_CLASS_VALIDITY(st, objectmask, "service object value: ");
2N/A
2N/A    /* Initialize service structure */
2N/A    lservice =(krb5_ldap_service_params *) calloc(1, sizeof(krb5_ldap_service_params));
2N/A    if (lservice == NULL) {
2N/A        st = ENOMEM;
2N/A        goto cleanup;
2N/A    }
2N/A
2N/A    /* allocate tl_data structure to store MASK information */
2N/A    lservice->tl_data = calloc (1, sizeof(*lservice->tl_data));
2N/A    if (lservice->tl_data == NULL) {
2N/A        st = ENOMEM;
2N/A        goto cleanup;
2N/A    }
2N/A    lservice->tl_data->tl_data_type = KDB_TL_USER_INFO;
2N/A
2N/A    LDAP_SEARCH(servicedn, LDAP_SCOPE_BASE, "(objectclass=krbService)", attributes);
2N/A
2N/A    lservice->servicedn = strdup(servicedn);
2N/A    CHECK_NULL(lservice->servicedn);
2N/A
2N/A    ent=ldap_first_entry(ld, result);
2N/A    if (ent != NULL) {
2N/A
2N/A        if ((values=ldap_get_values(ld, ent, "krbServiceFlags")) != NULL) {
2N/A            lservice->krbserviceflags = atoi(values[0]);
2N/A            *omask |= LDAP_SERVICE_SERVICEFLAG;
2N/A            ldap_value_free(values);
2N/A        }
2N/A
2N/A        if ((values=ldap_get_values(ld, ent, "krbHostServer")) != NULL) {
2N/A            count = ldap_count_values(values);
2N/A            if ((st=copy_arrays(values, &(lservice->krbhostservers), count)) != 0)
2N/A                goto cleanup;
2N/A            *omask |= LDAP_SERVICE_HOSTSERVER;
2N/A            ldap_value_free(values);
2N/A        }
2N/A
2N/A        if ((values=ldap_get_values(ld, ent, "krbRealmReferences")) != NULL) {
2N/A            count = ldap_count_values(values);
2N/A            if ((st=copy_arrays(values, &(lservice->krbrealmreferences), count)) != 0)
2N/A                goto cleanup;
2N/A            *omask |= LDAP_SERVICE_REALMREFERENCE;
2N/A            ldap_value_free(values);
2N/A        }
2N/A
2N/A        if ((values=ldap_get_values(ld, ent, "objectClass")) != NULL) {
2N/A            for (i=0; values[i]; ++i) {
2N/A                if (strcasecmp(values[i], "krbKdcService") == 0) {
2N/A                    lservice->servicetype = LDAP_KDC_SERVICE;
2N/A                    break;
2N/A                }
2N/A
2N/A                if (strcasecmp(values[i], "krbAdmService") == 0) {
2N/A                    lservice->servicetype = LDAP_ADMIN_SERVICE;
2N/A                    break;
2N/A                }
2N/A
2N/A                if (strcasecmp(values[i], "krbPwdService") == 0) {
2N/A                    lservice->servicetype = LDAP_PASSWD_SERVICE;
2N/A                    break;
2N/A                }
2N/A            }
2N/A            ldap_value_free(values);
2N/A        }
2N/A    }
2N/A    ldap_msgfree(result);
2N/A
2N/Acleanup:
2N/A    if (st != 0) {
2N/A        krb5_ldap_free_service(context, lservice);
2N/A        *service = NULL;
2N/A    } else {
2N/A        store_tl_data(lservice->tl_data, KDB_TL_MASK, omask);
2N/A        *service = lservice;
2N/A    }
2N/A
2N/A    krb5_ldap_put_handle_to_pool(ldap_context, ldap_server_handle);
2N/A    return st;
2N/A}
2N/A
2N/A/*
2N/A * This function frees the krb5_ldap_service_params structure members.
2N/A */
2N/A
2N/Akrb5_error_code
2N/Akrb5_ldap_free_service(krb5_context context, krb5_ldap_service_params *service)
2N/A{
2N/A    int                         i=0;
2N/A
2N/A    if (service == NULL)
2N/A        return 0;
2N/A
2N/A    if (service->servicedn)
2N/A        free (service->servicedn);
2N/A
2N/A    if (service->krbrealmreferences) {
2N/A        for (i=0; service->krbrealmreferences[i]; ++i)
2N/A            free (service->krbrealmreferences[i]);
2N/A        free (service->krbrealmreferences);
2N/A    }
2N/A
2N/A    if (service->krbhostservers) {
2N/A        for (i=0; service->krbhostservers[i]; ++i)
2N/A            free (service->krbhostservers[i]);
2N/A        free (service->krbhostservers);
2N/A    }
2N/A
2N/A    if (service->tl_data) {
2N/A        if (service->tl_data->tl_data_contents)
2N/A            free (service->tl_data->tl_data_contents);
2N/A        free (service->tl_data);
2N/A    }
2N/A
2N/A    free (service);
2N/A    return 0;
2N/A}
2N/A
2N/Akrb5_error_code
2N/Akrb5_ldap_set_service_passwd(krb5_context context, char *service, char *passwd)
2N/A{
2N/A    krb5_error_code             st=0;
2N/A    LDAPMod                     **mods=NULL;
2N/A    char                        *password[2] = {NULL};
2N/A    LDAP                        *ld=NULL;
2N/A    krb5_ldap_context           *ldap_context=NULL;
2N/A    kdb5_dal_handle             *dal_handle=NULL;
2N/A    krb5_ldap_server_handle     *ldap_server_handle=NULL;
2N/A
2N/A    password[0] = passwd;
2N/A
2N/A    SETUP_CONTEXT();
2N/A    GET_HANDLE();
2N/A
2N/A    if ((st=krb5_add_str_mem_ldap_mod(&mods, "userPassword", LDAP_MOD_REPLACE, password)) != 0)
2N/A        goto cleanup;
2N/A
2N/A    st = ldap_modify_ext_s(ld, service, mods, NULL, NULL);
2N/A    if (st) {
2N/A        st = set_ldap_error (context, st, OP_MOD);
2N/A    }
2N/A
2N/Acleanup:
2N/A    ldap_mods_free(mods, 1);
2N/A    krb5_ldap_put_handle_to_pool(ldap_context, ldap_server_handle);
2N/A    return st;
2N/A}
2N/A#endif