fix krb5_ldap_iterate to handle NULL match_expr and open_db_and_mkey to use KRB5_KDB_...
authorWill Fiveash <will.fiveash@oracle.com>
Mon, 23 Oct 2006 21:36:46 +0000 (21:36 +0000)
committerWill Fiveash <will.fiveash@oracle.com>
Mon, 23 Oct 2006 21:36:46 +0000 (21:36 +0000)
When I ran kdb5_util dump I had two initial problems.  First, the LDAP
plugin was not finding the bind DN because open_db_and_mkey() was
passing KRB5_KDB_SRV_TYPE_OTHER to krb5_db_open().  When I change this
to KRB5_KDB_SRV_TYPE_ADMIN then the ldap_kadmind_dn parameter is used
from krb5.conf and a valid bind DN is found.  Second,
krb5_ldap_iterate() will core dump when it is called withy a NULL
match_expr arg.  This is how dump_db calls krb5_db_iterate().  I updated
krb5_ldap_iterate() to use a default_match_expr of "*" if match_expr ==
NULL.

ticket: new

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18736 dc483132-0cff-0310-8789-dd5450dbe970

src/kadmin/dbutil/kdb5_util.c
src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c

index e60e9929c6936efe1db668882d5dc95ad04d953d..1807d1ad00fcfe164e659b9ad9697f557673b23d 100644 (file)
@@ -378,7 +378,7 @@ static int open_db_and_mkey()
     valid_master_key = 0;
 
     if ((retval = krb5_db_open(util_context, db5util_db_args, 
-                              KRB5_KDB_OPEN_RW | KRB5_KDB_SRV_TYPE_OTHER))) {
+                              KRB5_KDB_OPEN_RW | KRB5_KDB_SRV_TYPE_ADMIN))) {
        com_err(progname, retval, "while initializing database");
        exit_status++;
        return(1);
index 0cbf8d82fc45fe6d001bee36076ad7693647f4a9..3ace96cbad7f8b0d8dd5ea7c9c6a47dd7cd5df63 100644 (file)
@@ -149,6 +149,7 @@ krb5_ldap_iterate(context, match_expr, func, func_arg)
     kdb5_dal_handle          *dal_handle=NULL;
     krb5_ldap_context        *ldap_context=NULL;
     krb5_ldap_server_handle  *ldap_server_handle=NULL;
+    char                     *default_match_expr = "*";
 
     /* Clear the global error string */
     krb5_clear_error_message(context);
@@ -166,6 +167,12 @@ krb5_ldap_iterate(context, match_expr, func, func_arg)
        }
     }
 
+    /* 
+     * If no match_expr then iterate through all krb princs like the db2 plugin
+     */
+    if (match_expr == NULL)
+       match_expr = default_match_expr;
+
     filterlen = strlen(FILTER) + strlen(match_expr) + 2 + 1;  /* 2 for closing brackets */
     filter = malloc (filterlen);
     CHECK_NULL(filter);