prepend_err_str (context, "Error reading LDAP server params: ", status, status);
goto cleanup;
}
- if (status = krb5_ldap_db_init(context, ldap_context)) {
+ status = krb5_ldap_db_init(context, ldap_context);
+ if (status) {
goto cleanup;
}
extern char *strptime (const char *, const char *, struct tm *);
#endif
+/* Linux (GNU Libc) provides a length-limited variant of strdup.
+ But all the world's not Linux. */
+#undef strndup
+#define strndup my_strndup
+static char *my_strndup (const char *input, size_t limit)
+{
+ size_t len = strlen(input);
+ char *result;
+ if (len > limit) {
+ result = malloc(1 + limit);
+ if (result != NULL) {
+ memcpy(result, input, limit);
+ result[limit] = 0;
+ }
+ return result;
+ } else
+ return strdup(input);
+}
+
/* Get integer or string values from the config section, falling back
to the default section, then to hard-coded values. */
static errcode_t
}
(*server_info)[ele]->server_status = NOTSET;
} else {
- char *server=NULL, *item=NULL;
+ char *item=NULL;
item = strtok_r(tempval,delims,&save_ptr);
while (item != NULL && ele<SERV_COUNT) {
unsigned int *ntree;
{
int st=0, i=0, subtreecount=0;
- int j=0, ncount=0, search_scope=0;
+ int ncount=0, search_scope=0;
char **subtree=NULL, *realm_cont_dn=NULL;
char **subtarr=NULL;
char *containerref=NULL;
int *intptr=NULL;
long *longptr=NULL;
char *DN=NULL, **DNarr=NULL;
- krb5_boolean keyfound=FALSE;
- KEY *secretkey = NULL;
krb5_error_code st=-1;
*data = NULL;
/* the same should be done with the objectclass attributes */
{
char *attrvalues[] = {"krbticketpolicyaux", "krbprincipalaux", NULL};
-// char *attrvalues[] = {"krbpwdpolicyrefaux", "krbticketpolicyaux", "krbprincipalaux", NULL};
+/* char *attrvalues[] = {"krbpwdpolicyrefaux", "krbticketpolicyaux", "krbprincipalaux", NULL}; */
int p, q, r=0, amask=0;
if ((st=checkattributevalue(ld, DN, "objectclass", attrvalues, &amask)) != 0)
}
}
- // Set tl_data
+ /* Set tl_data */
{
int i;
struct berval **ber_tl_data = NULL;
char *user=NULL, *subtree=NULL, *principal_dn=NULL;
char **values=NULL, *strval[10]={NULL}, errbuf[1024];
struct berval **bersecretkey=NULL;
- LDAPMod **mods=NULL, **mod_for_link=NULL;
- krb5_boolean dnfound=TRUE, tktpolicy_set=FALSE, create_standalone_prinicipal=FALSE;
+ LDAPMod **mods=NULL;
+ krb5_boolean tktpolicy_set=FALSE, create_standalone_prinicipal=FALSE;
krb5_boolean krb_identity_exists=FALSE, establish_links=FALSE;
- krb5_boolean extend_object_with_princrefaux=FALSE;
char *standalone_principal_dn=NULL;
krb5_tl_data *tl_data=NULL;
krb5_key_data **keys=NULL;
* hack if the entries->mask has KRB_PRINCIPAL flag set
* then it is a add operation
*/
- if (entries->mask & KDB_PRINCIPAL == 1)
+ if (entries->mask & KDB_PRINCIPAL)
optype = ADD_PRINCIPAL;
else
optype = MODIFY_PRINCIPAL;
}
if (entries->mask & KDB_KEY_DATA || entries->mask & KDB_KVNO) {
- int kcount=0, zero=0, salttype=0, totalkeys=0;
- char *currpos=NULL, *krbsecretkey=NULL;
-
bersecretkey = krb5_encode_krbsecretkey (entries->key_data,
entries->n_key_data);
} /* Modify Key data ends here */
- // Set tl_data
+ /* Set tl_data */
if (entries->tl_data != NULL) {
int count = 0;
struct berval **ber_tl_data = NULL;
|| ptr->tl_data_type == KRB5_TL_KADM_DATA
|| ptr->tl_data_type == KDB_TL_USER_INFO)
continue;
- count ++;
+ count++;
}
if (count != 0) {
- int i;
+ int j;
ber_tl_data = (struct berval **) calloc (count, sizeof (struct
berval*));
- for (i = 0, ptr = entries->tl_data; ptr != NULL; ptr = ptr->tl_data_next) {
+ for (j = 0, ptr = entries->tl_data; ptr != NULL; ptr = ptr->tl_data_next) {
/* Ignore tl_data that are stored in separate directory
* attributes */
if (ptr->tl_data_type == KRB5_TL_LAST_PWD_CHANGE
|| ptr->tl_data_type == KRB5_TL_KADM_DATA
|| ptr->tl_data_type == KDB_TL_USER_INFO)
continue;
- if ((st = tl_data2berval (ptr, &ber_tl_data[i])) != 0)
+ if ((st = tl_data2berval (ptr, &ber_tl_data[j])) != 0)
break;
- i++;
+ j++;
}
if (st != 0) {
- for (i = 0; ber_tl_data[i] != NULL; i++) {
- free (ber_tl_data[i]->bv_val);
- free (ber_tl_data[i]);
+ for (j = 0; ber_tl_data[j] != NULL; j++) {
+ free (ber_tl_data[j]->bv_val);
+ free (ber_tl_data[j]);
}
free (ber_tl_data);
goto cleanup;
/* Directory specific attribute */
if (xargs.tktpolicydn != NULL) {
- int tmask=0, tkttree = 0, subtreednlen = 0, ntre = 0, tktdnlen = 0;
-
- char **subtreednlist=NULL;
- krb5_boolean dnoutofsubtree=TRUE;
+ int tmask=0;
if (strlen(xargs.tktpolicydn) != 0) {
st = checkattributevalue(ld, xargs.tktpolicydn, "objectclass", policyclass, &tmask);
&mkvno);
if (st != 0) {
- char *msg = error_message(st);
+ const char *msg = error_message(st);
st = -1; /* Something more appropriate ? */
krb5_set_error_message (context, st,
"unable to decode stored principal key data (%s)", msg);
* Delete the realm along with the principals belonging to the realm in the Directory.
*/
+static void
+delete_password_policy (krb5_pointer ptr, osa_policy_ent_t pol)
+{
+ krb5_ldap_delete_password_policy ((krb5_context)ptr, pol->name);
+}
+
krb5_error_code
krb5_ldap_delete_realm (context, lrealm)
krb5_context context;
}
/* Delete all password policies */
- {
- char *attr[] = {NULL}, filter[256];
-
- void delete_password_policy (krb5_pointer ptr, osa_policy_ent_t pol) {
- krb5_ldap_delete_password_policy (context, pol->name);
- }
-
- krb5_ldap_iterate_password_policy (context, "*", delete_password_policy, NULL);
- }
+ krb5_ldap_iterate_password_policy (context, "*", delete_password_policy, context);
/* Delete all ticket policies */
{
int mask;
{
LDAP *ld=NULL;
- krb5_error_code st=0, retval=0;
+ krb5_error_code st=0;
char **strval=NULL, *strvalprc[5]={NULL};
#ifdef HAVE_EDIRECTORY
char **values=NULL;
char errbuf[1024];
#endif
LDAPMod **mods = NULL;
- int i=0, oldmask=0, objectmask=0,k=0,part_of_subtree=0;
+ int i=0, oldmask=0, objectmask=0,k=0;
kdb5_dal_handle *dal_handle=NULL;
krb5_ldap_context *ldap_context=NULL;
krb5_ldap_server_handle *ldap_server_handle=NULL;
char *strval[4]={NULL};
char *contref[2]={NULL};
LDAPMod **mods = NULL;
- int i=0, objectmask=0, subtreecount=0,k=0, part_of_subtree=0;
+ int i=0, objectmask=0, subtreecount=0;
kdb5_dal_handle *dal_handle=NULL;
krb5_ldap_context *ldap_context=NULL;
krb5_ldap_server_handle *ldap_server_handle=NULL;
kdb5_dal_handle *dal_handle=NULL;
krb5_ldap_context *ldap_context=NULL;
krb5_ldap_server_handle *ldap_server_handle=NULL;
- int valcount=0, x=0;
+ int x=0;
SETUP_CONTEXT ();
return ret;
}
+#if 0 /* not currently used */
static asn1_error_code
decode_tagged_unsigned_integer (asn1buf *buf, int expectedtag, unsigned long *val)
{
last:
return ret;
}
+#endif
static asn1_error_code
decode_tagged_octetstring (asn1buf *buf, int expectedtag, int *len,
{
int buflen;
asn1buf kbuf;
+ long lval;
+ int ival;
+
if (t.tagnum != 1)
cleanup (ASN1_MISSING_FIELD);
buflen = length;
ret = asn1buf_imbed(&kbuf, &subbuf, length, seqindef); checkerr;
- ret = decode_tagged_integer (&kbuf, 0, (int *)&key->key_data_type[0]);
+ ret = decode_tagged_integer (&kbuf, 0, &lval);
checkerr;
+ key->key_data_type[0] = lval; /* XXX range check? */
- ret = decode_tagged_octetstring (&kbuf, 1,
- (int *)&key->key_data_length[0],
+ ret = decode_tagged_octetstring (&kbuf, 1, &ival,
&key->key_data_contents[0]); checkerr;
+ key->key_data_length[0] = ival;
safe_syncbuf (&subbuf, &kbuf);
}
unsigned int length;
taginfo t;
int kvno, maj, min;
+ long lval;
*n_key_data = 0;
*out = NULL;
ret = asn1buf_imbed(&subbuf, &buf, length, seqindef); checkerr;
/* attribute-major-vno */
- ret = decode_tagged_integer (&subbuf, 0, &maj); checkerr;
+ ret = decode_tagged_integer (&subbuf, 0, &lval); checkerr;
+ maj = lval; /* XXX range check? */
/* attribute-minor-vno */
- ret = decode_tagged_integer (&subbuf, 1, &min); checkerr;
+ ret = decode_tagged_integer (&subbuf, 1, &lval); checkerr;
+ min = lval; /* XXX range check? */
if (maj != 1 || min != 1)
cleanup (ASN1_BAD_FORMAT);
/* kvno (assuming all keys in array have same version) */
- ret = decode_tagged_integer (&subbuf, 2, &kvno); checkerr;
+ ret = decode_tagged_integer (&subbuf, 2, &lval); checkerr;
+ kvno = lval; /* XXX range check? */
/* mkvno (optional) */
- ret = decode_tagged_integer (&subbuf, 3, mkvno); checkerr;
+ ret = decode_tagged_integer (&subbuf, 3, &lval); checkerr;
+ *mkvno = lval; /* XXX range check? */
ret = asn1_get_tag_2(&subbuf, &t); checkerr;