2N/A/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ 2N/A * Copyright (c) 2004-2005, Novell, Inc. 2N/A * All rights reserved. 2N/A * Redistribution and use in source and binary forms, with or without 2N/A * modification, are permitted provided that the following conditions are met: 2N/A * * Redistributions of source code must retain the above copyright notice, 2N/A * this list of conditions and the following disclaimer. 2N/A * * Redistributions in binary form must reproduce the above copyright 2N/A * notice, this list of conditions and the following disclaimer in the 2N/A * documentation and/or other materials provided with the distribution. 2N/A * * The copyright holder's name is not used to endorse or promote products 2N/A * derived from this software without specific prior written permission. 2N/A * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 2N/A * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 2N/A * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 2N/A * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE 2N/A * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 2N/A * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 2N/A * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 2N/A * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 2N/A * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 2N/A * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 2N/A * POSSIBILITY OF SUCH DAMAGE. 2N/A/* Ticket policy object management */ 2N/A * create the Ticket policy object in Directory. 2N/A /* validate the input parameters */ 2N/A /* ldap add operation */ 2N/A * modify the Ticket policy object in Directory. 2N/A /* validate the input parameters */ 2N/A /* the policydn object should be of the krbTicketPolicy object class */ 2N/A if ((
objectmask &
0x02) == 0) {
/* add krbticketpolicyaux to the object class list */ 2N/A * Read the policy object from the Directory and populate the krb5_ldap_policy_params 2N/A /* Solaris kerberos: unsigned better for mask */ 2N/A char *
attributes[] = {
"krbMaxTicketLife",
"krbMaxRenewableAge",
"krbTicketFlags",
NULL};
2N/A /* validate the input parameters */ 2N/A /* the policydn object should be of the krbTicketPolicy object class */ 2N/A /* Initialize ticket policy structure */ 2N/A * Function to delete ticket policy object from the directory. Before 2N/A * calling this function krb5_ldap_read_policy should be called to 2N/A * check the existence of the object. This serves one major purpose, 2N/A * i.e., if the object to be is anything other than the ticket policy 2N/A * object then the krb5_ldap_read_policy returns an error and thus is 2N/A * not accidently deleted in this function. 2N/A * NOTE: Other kerberos objects (user/realm object) might be having 2N/A * references to the policy object to be deleted. This situation is 2N/A * not handled here, instead is taken care of at all the places where 2N/A * the deleted policy object is read, to ignore a return status of 2N/A * LDAP_NO_SUCH_OBJECT and continue. 2N/A /* Checking for policy count for 0 and will not permit delete if 2N/A * it is greater than 0. */ 2N/A * list policy objects from Directory 2N/A * Function to free the ticket policy object structure. 2N/A * Note: this function assumes that memory of the policy structure is dynamically allocated and hence the whole 2N/A * structure is freed up. Care should be taken not to call this function on a static structure 2N/A * This function is general object listing routine. It is currently 2N/A * used for ticket policy object listing. 2N/A /* check if the containerdn exists */ 2N/A /* set the filter for the search operation */ 2N/A /* some error, free up all the memory */