Patch from Will Fiveash for "kdb5_util create" support in LDAP, modified to
authorKen Raeburn <raeburn@mit.edu>
Mon, 25 Sep 2006 21:17:42 +0000 (21:17 +0000)
committerKen Raeburn <raeburn@mit.edu>
Mon, 25 Sep 2006 21:17:42 +0000 (21:17 +0000)
drop separate port-number spec so it'll build with current sources.  Not
tested because of a bug in the recent Novell patch. :-(

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18616 dc483132-0cff-0310-8789-dd5450dbe970

16 files changed:
src/kadmin/dbutil/kdb5_create.c
src/kadmin/dbutil/kdb5_util.c
src/plugins/kdb/ldap/ldap_exp.c
src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c
src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.h
src/plugins/kdb/ldap/libkdb_ldap/Makefile.in
src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c
src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h
src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c
src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c [new file with mode: 0644]
src/plugins/kdb/ldap/libkdb_ldap/ldap_krbcontainer.h
src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c
src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.h
src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c
src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.h
src/plugins/kdb/ldap/libkdb_ldap/libkdb_ldap.exports

index 46bccce4304ac221ba9469b182a793d65c3fa9ee..da192256ea612e5eb62bd2b93ab5787dada6c175 100644 (file)
@@ -425,6 +425,10 @@ add_principal(context, princ, op, pblock)
        break;
     }
 
+    entry.mask = (KADM5_KEY_DATA | KADM5_PRINCIPAL | KADM5_ATTRIBUTES |
+       KADM5_MAX_LIFE | KADM5_MAX_RLIFE | KADM5_TL_DATA |
+       KADM5_PRINC_EXPIRE_TIME);
+
     retval = krb5_db_put_principal(context, &entry, &nentries);
 
 error_out:;
index 00c87a225636864053df51cb1ec4ce33e104a10b..e60e9929c6936efe1db668882d5dc95ad04d953d 100644 (file)
@@ -229,11 +229,9 @@ int main(argc, argv)
            }
 
        } else if (strcmp(*argv, "-x") == 0 && ARG_VAL) {
-          db5util_db_args_size++;
           if (!add_db_arg(koptarg)) {
-              fprintf(stderr,"%s: Cannot initialize. Not enough memory\n",
-                      argv[0]);
-              exit(1);
+               com_err(progname, ENOMEM, "while parsing command arguments\n");
+               exit(1);
           }
 
        } else if (strcmp(*argv, "-r") == 0 && ARG_VAL) {
index d0eec64d8022a9c4f60ae7351c1bcd9203e1d620..eaeef2a8c4a144eff58c47cdff4736ed7b907984 100644 (file)
@@ -52,7 +52,7 @@ kdb_vftabl kdb_function_table = {
   /* fini_library */                          krb5_ldap_lib_cleanup,
   /* init_module */                           krb5_ldap_open,
   /* fini_module */                           krb5_ldap_close,
-  /* db_create */                             krb5_ldap_create_realm_1,
+  /* db_create */                             krb5_ldap_create,
   /* db_destroy */                            krb5_ldap_delete_realm_1,
   /* db_get_age */                             krb5_ldap_db_get_age,
   /* db_set_option */                         krb5_ldap_set_option,
index ea98647da9fbc0ad9aa67c52e762ba1bd7684b16..1f658b423b1dd4869564ad7eec3952b9add8a067 100644 (file)
@@ -87,6 +87,7 @@
 #include "kdb5_ldap_util.h"
 #include "kdb5_ldap_list.h"
 #include <ldap_principal.h>
+#include <ldap_krbcontainer.h>
 extern time_t get_date(char *); /* kadmin/cli/getdate.o */
 
 char *yes = "yes\n"; /* \n to compare against result of fgets */
index 59b684beb28c39f4f964f23ba0de8fef1c908ed7..9a2972a5ad1e80e2900bf6b1f68c2310c081aceb 100644 (file)
@@ -29,8 +29,6 @@
  * POSSIBILITY OF SUCH DAMAGE.
  */
 
-#define MAX_KRB_CONTAINER_LEN  256
-
 #define BUFF_LEN               64      /* Max len of enctype string */
 #define MAX_PRINC_SIZE                 256
 
index b7d0175a5b1afa752151cd03c0127602b0c263f7..ca5b7851f286dc7377df65b04c2a938b7c146b5b 100644 (file)
@@ -38,6 +38,7 @@ SHLIB_RDIRS=$(KRB5_LIBDIR)
 SRCS=  $(srcdir)/kdb_ldap.c \
        $(srcdir)/kdb_ldap_conn.c \
        $(srcdir)/ldap_realm.c \
+       $(srcdir)/ldap_create.c \
        $(srcdir)/ldap_krbcontainer.c \
        $(srcdir)/ldap_principal.c \
        $(srcdir)/ldap_principal2.c \
@@ -58,6 +59,7 @@ STOBJLISTS=OBJS.ST
 STLIBOBJS= kdb_ldap.o \
        kdb_ldap_conn.o \
        ldap_realm.o \
+       ldap_create.o \
        ldap_krbcontainer.o \
        ldap_principal.o \
        ldap_principal2.o \
index cfefa097eb62001e1fff1c3a3458092b43f4cb55..cd4c1f070ca0f6a2519e64a1291b11de9e325a20 100644 (file)
@@ -38,7 +38,7 @@
 #include "ldap_misc.h"
 #include <kdb5.h>
 
-static krb5_error_code
+krb5_error_code
 krb5_ldap_get_db_opt(char *input, char **opt, char **val)
 {
     char *pos = strchr(input, '=');
@@ -394,6 +394,8 @@ krb5_error_code krb5_ldap_open(krb5_context context,
     dal_handle->db_context = ldap_context;
     status = krb5_ldap_read_server_params(context, conf_section, mode & 0x0300);
     if (status) {
+       if (ldap_context)
+           krb5_ldap_free_ldap_context(ldap_context);
        ldap_context = NULL;
        dal_handle->db_context = NULL;
        prepend_err_str (context, "Error reading LDAP server params: ", status, status);
index 37e0fa77619a154fa98ecd0d8408477040fd0a71..f9f965c46b1ba687eac1e7af3400afdff18abaa6 100644 (file)
@@ -255,13 +255,15 @@ krb5_ldap_alloc( krb5_context kcontext,  void *ptr, size_t size );
 
 void 
 krb5_ldap_free( krb5_context kcontext, void *ptr );
-                                                                                                                             
 krb5_error_code
 krb5_ldap_get_mkey(krb5_context, krb5_keyblock **);
 
 krb5_error_code
 krb5_ldap_set_mkey(krb5_context, char *, krb5_keyblock *);
 
+krb5_error_code
+krb5_ldap_create(krb5_context , char *, char **);
+
 krb5_error_code 
 krb5_ldap_open( krb5_context , char *,
                char **db_args,
@@ -269,6 +271,9 @@ krb5_ldap_open( krb5_context , char *,
 krb5_error_code 
 krb5_ldap_close( krb5_context );
 
+krb5_error_code
+krb5_ldap_free_ldap_context(krb5_ldap_context *);
+
 krb5_error_code
 krb5_ldap_read_startup_information(krb5_context );
 
@@ -280,6 +285,7 @@ krb5_get_policydn(krb5_context, krb5_db_entry *, char **);
 
 /* DAL functions */
 
+
 krb5_error_code
 krb5_ldap_set_option( krb5_context, int, void * );
 
index b5d11761fefb1a93b8f752f8247777e386a951dc..343705efc2f576a1c8e1120bd850ed2f93633704 100644 (file)
@@ -314,7 +314,22 @@ krb5_error_code krb5_ldap_lib_cleanup()
     return 0;
 }
 
+krb5_error_code
+krb5_ldap_free_ldap_context(krb5_ldap_context *ldap_context)
+{
+    if (ldap_context == NULL)
+       return 0;
+
+    krb5_ldap_free_krbcontainer_params(ldap_context->krbcontainer);
+    ldap_context->krbcontainer = NULL;
+
+    krb5_ldap_free_realm_params(ldap_context->lrparams);
+    ldap_context->lrparams = NULL;
+
+    krb5_ldap_free_server_params(ldap_context);
 
+    return 0;
+}
 
 krb5_error_code
 krb5_ldap_close(krb5_context context)
@@ -331,16 +346,7 @@ krb5_ldap_close(krb5_context context)
     ldap_context = (krb5_ldap_context *) dal_handle->db_context;
     dal_handle->db_context = NULL;
 
-    if (ldap_context == NULL)
-       return 0;
-
-    krb5_ldap_free_krbcontainer_params(ldap_context->krbcontainer);
-    ldap_context->krbcontainer = NULL;
-
-    krb5_ldap_free_realm_params(ldap_context->lrparams);
-    ldap_context->lrparams = NULL;
-
-    krb5_ldap_free_server_params(ldap_context);
+    krb5_ldap_free_ldap_context(ldap_context);
 
     return 0;
 }
diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c
new file mode 100644 (file)
index 0000000..989dea7
--- /dev/null
@@ -0,0 +1,381 @@
+/*
+ * lib/kdb/kdb_ldap/ldap_create.c
+ *
+ * Copyright (c) 2004-2005, Novell, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *   * Redistributions of source code must retain the above copyright notice,
+ *       this list of conditions and the following disclaimer.
+ *   * Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in the
+ *       documentation and/or other materials provided with the distribution.
+ *   * The copyright holder's name is not used to endorse or promote products
+ *       derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "ldap_main.h"
+#include "ldap_realm.h"
+#include "ldap_principal.h"
+#include "ldap_krbcontainer.h"
+#include "ldap_err.h"
+
+/* 
+ * ******************************************************************************
+ * DAL functions
+ * ******************************************************************************
+ */
+
+/*
+ * This function will create a krbcontainer and realm on the LDAP Server, with
+ * the specified attributes.
+ */
+krb5_error_code
+krb5_ldap_create (krb5_context context, char *conf_section, char **db_args)
+{
+    krb5_error_code status = 0;
+    char  **t_ptr = db_args;
+    krb5_ldap_realm_params *rparams = NULL;
+    kdb5_dal_handle *dal_handle = NULL;
+    krb5_ldap_context *ldap_context=NULL;
+    krb5_boolean realm_obj_created = FALSE;
+    krb5_boolean krbcontainer_obj_created = FALSE;
+    int srv_cnt = 0;
+    int mask = 0;
+#ifdef HAVE_EDIRECTORY
+    int i = 0, rightsmask = 0;
+#endif
+
+    /* Clear the global error string */
+    krb5_clear_error_message(context);
+
+    ldap_context = malloc(sizeof(krb5_ldap_context));
+    if (ldap_context == NULL) {
+       status = ENOMEM;
+       goto cleanup;
+    }
+    memset(ldap_context, 0, sizeof(*ldap_context));
+
+    ldap_context->kcontext = context;
+
+    /* populate ldap_context with ldap specific options */
+    while (t_ptr && *t_ptr) {
+       char *opt = NULL, *val = NULL;
+
+       if ((status = krb5_ldap_get_db_opt(*t_ptr, &opt, &val)) != 0) {
+           goto cleanup;
+       }
+       if (opt && !strcmp(opt, "binddn")) {
+           if (ldap_context->bind_dn) {
+               free (opt);
+               free (val);
+               status = EINVAL;
+               krb5_set_error_message (context, status, "'binddn' missing");
+               goto cleanup;
+           }
+           if (val == NULL) {
+               status = EINVAL;
+               krb5_set_error_message (context, status, "'binddn' value missing");
+               free(opt);
+               goto cleanup;
+           }
+           ldap_context->bind_dn = strdup(val);
+           if (ldap_context->bind_dn == NULL) {
+               free (opt);
+               free (val);
+               status = ENOMEM;
+               goto cleanup;
+           }
+       } else if (opt && !strcmp(opt, "nconns")) {
+           if (ldap_context->max_server_conns) {
+               free (opt);
+               free (val);
+               status = EINVAL;
+               krb5_set_error_message (context, status, "'nconns' missing");
+               goto cleanup;
+           }
+           if (val == NULL) {
+               status = EINVAL;
+               krb5_set_error_message (context, status, "'nconns' value missing");
+               free(opt);
+               goto cleanup;
+           }
+           ldap_context->max_server_conns = atoi(val) ? atoi(val) : DEFAULT_CONNS_PER_SERVER;
+       } else if (opt && !strcmp(opt, "bindpwd")) {
+           if (ldap_context->bind_pwd) {
+               free (opt);
+               free (val);
+               status = EINVAL;
+               krb5_set_error_message (context, status, "'bindpwd' missing");
+               goto cleanup;
+           }
+           if (val == NULL) {
+               status = EINVAL;
+               krb5_set_error_message (context, status, "'bindpwd' value missing");
+               free(opt);
+               goto cleanup;
+           }
+           ldap_context->bind_pwd = strdup(val);
+           if (ldap_context->bind_pwd == NULL) {
+               free (opt);
+               free (val);
+               status = ENOMEM;
+               goto cleanup;
+           }
+       } else if (opt && !strcmp(opt, "host")) {
+           if (val == NULL) {
+               status = EINVAL;
+               krb5_set_error_message (context, status, "'host' value missing");
+               free(opt);
+               goto cleanup;
+           }
+           if (ldap_context->server_info_list == NULL)
+               ldap_context->server_info_list =
+                   (krb5_ldap_server_info **) calloc(SERV_COUNT+1, sizeof(krb5_ldap_server_info *));
+
+           if (ldap_context->server_info_list == NULL) {
+               free (opt);
+               free (val);
+               status = ENOMEM;
+               goto cleanup;
+           }
+
+           ldap_context->server_info_list[srv_cnt] =
+               (krb5_ldap_server_info *) calloc(1, sizeof(krb5_ldap_server_info));
+           if (ldap_context->server_info_list[srv_cnt] == NULL) {
+               free (opt);
+               free (val);
+               status = ENOMEM;
+               goto cleanup;
+           }
+
+           ldap_context->server_info_list[srv_cnt]->server_status = NOTSET;
+
+           ldap_context->server_info_list[srv_cnt]->server_name = strdup(val);
+           if (ldap_context->server_info_list[srv_cnt]->server_name == NULL) {
+               free (opt);
+               free (val);
+               status = ENOMEM;
+               goto cleanup;
+           }
+
+           srv_cnt++;
+       } else if (opt && !strcmp(opt, "cert")) {
+           if (val == NULL) {
+               status = EINVAL;
+               krb5_set_error_message (context, status, "'cert' value missing");
+               free(opt);
+               goto cleanup;
+           }
+
+           if (ldap_context->root_certificate_file == NULL) {
+               ldap_context->root_certificate_file = strdup(val);
+               if (ldap_context->root_certificate_file == NULL) {
+                   free (opt);
+                   free (val);
+                   status = ENOMEM;
+                   goto cleanup;
+               }
+           } else {
+               void *tmp=NULL;
+               char *oldstr = NULL;
+               unsigned int len=0;
+
+               oldstr = strdup(ldap_context->root_certificate_file);
+               if (oldstr == NULL) {
+                   free (opt);
+                   free (val);
+                   status = ENOMEM;
+                   goto cleanup;
+               }
+
+               tmp = ldap_context->root_certificate_file;
+               len = strlen(ldap_context->root_certificate_file) + 2 + strlen(val);
+               ldap_context->root_certificate_file = realloc(ldap_context->root_certificate_file,
+                                                             len);
+               if (ldap_context->root_certificate_file == NULL) {
+                   free (tmp);
+                   free (opt);
+                   free (val);
+                   status = ENOMEM;
+                   goto cleanup;
+               }
+               memset(ldap_context->root_certificate_file, 0, len);
+               sprintf(ldap_context->root_certificate_file,"%s %s", oldstr, val);
+               free (oldstr);
+           }
+       }
+       /* ignore hash argument. Might have been passed from create */
+       else {
+           status = EINVAL;
+           krb5_set_error_message (context, status, "unknown option \'%s\'",
+                                   opt?opt:val);
+           free(opt);
+           free(val);
+           goto cleanup;
+       }
+
+       free(opt);
+       free(val);
+       t_ptr++;
+    }
+
+    dal_handle = (kdb5_dal_handle *) context->db_context;
+    dal_handle->db_context = (kdb5_dal_handle *) ldap_context;
+
+    status = krb5_ldap_read_server_params(context, conf_section, KRB5_KDB_SRV_TYPE_ADMIN);
+    if (status) {
+       dal_handle->db_context = NULL;
+       prepend_err_str (context, "Error reading LDAP server params: ", status, status);
+       goto cleanup;
+    }
+    if (status = krb5_ldap_db_init(context, ldap_context)) {
+       goto cleanup;
+    }
+
+    /* read the kerberos container */
+    if ((status = krb5_ldap_read_krbcontainer_params(context,
+                           &(ldap_context->krbcontainer))) == KRB5_KDB_NOENTRY) {
+       krb5_ldap_krbcontainer_params kparams;
+
+       /* The kerberos container does not exist so try to create. */
+       memset(&kparams, 0, sizeof(kparams));
+
+       /* Read the kerberos container location from configuration file */
+       if (ldap_context->conf_section) {
+           if ((status = profile_get_string(context->profile,
+                                          KDB_MODULE_SECTION, ldap_context->conf_section,
+                                          "ldap_kerberos_container_dn", NULL,
+                                          &kparams.DN)) != 0) {
+               goto cleanup;
+           }
+       }
+       if (kparams.DN == NULL) {
+           if ((status = profile_get_string(context->profile,
+                                          KDB_MODULE_DEF_SECTION,
+                                          "ldap_kerberos_container_dn", NULL,
+                                          NULL, &kparams.DN)) != 0) {
+               goto cleanup;
+           }
+       }
+
+       /* create the kerberos container */
+       status = krb5_ldap_create_krbcontainer(context,
+                                              ((kparams.DN != NULL) ? &kparams : NULL));
+       if (status)
+           goto cleanup;
+
+       krbcontainer_obj_created = TRUE;
+
+       status = krb5_ldap_read_krbcontainer_params(context,
+                                                   &(ldap_context->krbcontainer));
+       if (status) {
+           krb5_set_error_message(context, status, "while reading kerberos container information");
+           goto cleanup;
+       }
+    } else if (status) {
+       krb5_set_error_message(context, status, "while reading kerberos container information");
+       goto cleanup;
+    }
+
+    rparams = (krb5_ldap_realm_params *) malloc(sizeof(krb5_ldap_realm_params));
+    if (rparams == NULL) {
+       status = ENOMEM;
+       goto cleanup;
+    }
+    memset(rparams, 0, sizeof(*rparams));
+    rparams->realm_name = strdup(context->default_realm);
+    if (rparams->realm_name == NULL) {
+       status = ENOMEM;
+       goto cleanup;
+    }
+
+    if ((status = krb5_ldap_create_realm(context, rparams, mask))) {
+       krb5_set_error_message(context, status, "while creating realm object entry");
+       goto cleanup;
+    }
+
+    /* We just created the Realm container. Here starts our transaction tracking */
+    realm_obj_created = TRUE;
+
+    /* verify realm object */
+    if ((status = krb5_ldap_read_realm_params(context,
+                                             rparams->realm_name,
+                                             &(ldap_context->lrparams),
+                                             &mask))) {
+       krb5_set_error_message(context, status, "while reading realm object entry");
+       goto cleanup;
+    }
+
+#ifdef HAVE_EDIRECTORY
+    if ((mask & LDAP_REALM_KDCSERVERS) || (mask & LDAP_REALM_ADMINSERVERS) ||
+       (mask & LDAP_REALM_PASSWDSERVERS)) {
+
+       rightsmask =0;
+       rightsmask |= LDAP_REALM_RIGHTS;
+       rightsmask |= LDAP_SUBTREE_RIGHTS;
+       if ((rparams != NULL) && (rparams->kdcservers != NULL)) {
+           for (i=0; (rparams->kdcservers[i] != NULL); i++) {
+               if ((status=krb5_ldap_add_service_rights(context,
+                                                        LDAP_KDC_SERVICE, rparams->kdcservers[i],
+                                                        rparams->realm_name, rparams->subtree, rightsmask)) != 0) {
+                   goto cleanup;
+               }
+           }
+       }
+
+       rightsmask = 0;
+       rightsmask |= LDAP_REALM_RIGHTS;
+       rightsmask |= LDAP_SUBTREE_RIGHTS;
+       if ((rparams != NULL) && (rparams->adminservers != NULL)) {
+           for (i=0; (rparams->adminservers[i] != NULL); i++) {
+               if ((status=krb5_ldap_add_service_rights(context,
+                                                        LDAP_ADMIN_SERVICE, rparams->adminservers[i],
+                                                        rparams->realm_name, rparams->subtree, rightsmask)) != 0) {
+                   goto cleanup;
+               }
+           }
+       }
+
+       rightsmask = 0;
+       rightsmask |= LDAP_REALM_RIGHTS;
+       rightsmask |= LDAP_SUBTREE_RIGHTS;
+       if ((rparams != NULL) && (rparams->passwdservers != NULL)) {
+           for (i=0; (rparams->passwdservers[i] != NULL); i++) {
+               if ((status=krb5_ldap_add_service_rights(context,
+                                                        LDAP_PASSWD_SERVICE, rparams->passwdservers[i],
+                                                        rparams->realm_name, rparams->subtree, rightsmask)) != 0) {
+                   goto cleanup;
+               }
+           }
+       }
+    }
+#endif
+
+cleanup:
+#if 0 /************** Begin IFDEF'ed OUT *******************************/
+    /* If the krbcontainer/realm creation is not complete, do the roll-back here */
+    if ((krbcontainer_obj_created) && (!realm_obj_created))
+       /* XXX WAF this needs to be created !!! */
+       krb5_ldap_delete_krbcontainer(context);
+#endif /**************** END IFDEF'ed OUT *******************************/
+
+    if (rparams)
+       krb5_ldap_free_realm_params(rparams);
+
+    return(status);
+}
index 4d1b4e4e53f1fda81ff37047a96e9ba5bc0c743e..7dfc2a55d8e6c413bf07f42b91e8c52348a558d1 100644 (file)
@@ -31,6 +31,8 @@
 #ifndef _LDAP_KRBCONTAINER_H_
 #define _LDAP_KRBCONTAINER_H_ 1
 
+#define MAX_KRB_CONTAINER_LEN  256
+
 /* kerberos container structure */
 
 typedef struct _krb5_ldap_krbcontainer_params {
index d69785304e0dfc9fb8072eed769e1d004a18e340..f0001623975a2af52fb761049372013af2ded38d 100644 (file)
@@ -461,6 +461,16 @@ krb5_get_subtree_info(ldap_context, subtreearr, ntree)
      * works in both case.
      */
     if (subtree == NULL || strcasecmp(subtree, "") == 0) {
+       /* 
+        * XXX WAF to see if I can get around ldapsearch issue with a null base
+        * which doesn't work in solaris.  This should probably be a Solaris
+        * specific #ifdef but I am not sure what define value to use.
+        */
+       if (realm_cont_dn != NULL) {
+           subtreearr[0] = strdup(realm_cont_dn);
+           if (subtreearr[0] == NULL)
+               return ENOMEM;
+       }
        *ntree = 1;
        return 0;
     }
index d15b7c70f6f0c07ac9e9e0dd81353f0acf32d770..954e71ccccdd5a29245e56ffe9f983ea67f0f835 100644 (file)
@@ -122,4 +122,7 @@ krb5_add_int_mem_ldap_mod(LDAPMod  ***, char *, int , int);
 krb5_error_code
 krb5_ldap_free_mod_array(LDAPMod **);
 
+krb5_error_code
+krb5_ldap_get_db_opt(char *, char **, char **);
+
 #endif
index 724786b7b8c2139695183c0836f81e4a34628936..221b38c65ec13cb8add665d4ace48f00852f4918 100644 (file)
@@ -1643,15 +1643,11 @@ krb5_ldap_free_realm_params(rparams)
     return;
 }
 
-/* DAL functions */
-
-krb5_error_code
-krb5_ldap_create_realm_1(krb5_context kcontext, char *conf_section, char **db_args)
-{
-    krb5_error_code status = KRB5_PLUGIN_OP_NOTSUPP;
-    krb5_set_error_message(kcontext, status, "LDAP %s", error_message(status));
-    return status;
-}
+/* 
+ * ******************************************************************************
+ * DAL functions
+ * ******************************************************************************
+ */
 
 krb5_error_code
 krb5_ldap_delete_realm_1(krb5_context kcontext, char *conf_section, char **db_args)
index 21d7d877c6384ec0790afe4813ae51a6b4d57dbb..9ffd3e86ec79f79f300e75cfaaaf0e1fa5327a05 100644 (file)
@@ -95,9 +95,6 @@ krb5_ldap_read_realm_params(krb5_context , char *, krb5_ldap_realm_params **, in
 void
 krb5_ldap_free_realm_params(krb5_ldap_realm_params *);
 
-krb5_error_code
-krb5_ldap_create_realm_1(krb5_context, char *, char **);
-
 krb5_error_code
 krb5_ldap_delete_realm_1(krb5_context, char *, char **);
 
index 36659da92767ac708e280e0b826e54afb177f3e1..027fd74c79a775d61ac1703f758ca803ae5e177f 100644 (file)
@@ -39,7 +39,6 @@ krb5_ldap_free
 krb5_ldap_set_mkey
 krb5_ldap_get_mkey
 disjoint_members
-krb5_ldap_create_realm_1
 krb5_ldap_delete_realm_1
 krb5_ldap_set_option
 krb5_ldap_lock