LDAP patch from Novell, 2006-10-13
authorKen Raeburn <raeburn@mit.edu>
Wed, 15 Nov 2006 23:56:02 +0000 (23:56 +0000)
committerKen Raeburn <raeburn@mit.edu>
Wed, 15 Nov 2006 23:56:02 +0000 (23:56 +0000)
Patch from 13 November from Savitha R:
> Fix for delpol deleting ticket policies
> Removed references to old schema
> Moved some unused code under #ifdef HAVE_EDIRECTORY

ticket: new
target_version: 1.6
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18812 dc483132-0cff-0310-8789-dd5450dbe970

src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c
src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c
src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h
src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c
src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c
src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c
src/plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c
src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c
src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.h
src/plugins/kdb/ldap/libkdb_ldap/ldap_service_rights.c

index 77b7e822c7f4f20fd12d7e7d3496d46b1d994e8e..a13bdfacbce5bfcabbd03fded23787b3b8687b9d 100644 (file)
@@ -900,7 +900,6 @@ void kdb5_ldap_modify(argc, argv)
 #ifdef HAVE_EDIRECTORY
     int j = 0;
     char *list[MAX_LIST_ENTRIES];
-    char **slist = {NULL};
     int existing_entries = 0, list_entries = 0;
     int newkdcdn = 0, newadmindn = 0, newpwddn = 0;
     char **tempstr = NULL;
@@ -1432,6 +1431,8 @@ void kdb5_ldap_modify(argc, argv)
        }
 
        if ((mask & LDAP_REALM_SUBTREE)) {
+            int check_subtree = 1;
+
             newsubtrees = (char**) calloc(rparams->subtreecount, sizeof(char*));
 
             if (newsubtrees == NULL) {
@@ -1452,7 +1453,7 @@ void kdb5_ldap_modify(argc, argv)
             for(j=0;oldsubtrees[j]!=NULL;j++) {
                 check_subtree = 1;
                 for(i=0; ( (oldsubtrees[j] && !rparams->subtree[i]) ||
-                        (!oldsubtrees[j] && rparams->subtree[i]))i; i++) {
+                        (!oldsubtrees[j] && rparams->subtree[i])); i++) {
                     if(strcasecmp( oldsubtrees[j], rparams->subtree[i]) == 0) {
                         check_subtree = 0;
                         continue;
index e5bf6c11d7d6234afba778d04259a7994f814722..883897bc868ee182a73789f617d40580cbbaaee4 100644 (file)
@@ -330,6 +330,7 @@ krb5_error_code krb5_ldap_open(krb5_context context,
            }
 
            srv_cnt++;
+#ifdef HAVE_EDIRECTORY
        } else if (opt && !strcmp(opt, "cert")) {
            if (val == NULL) {
                status = EINVAL;
@@ -374,6 +375,7 @@ krb5_error_code krb5_ldap_open(krb5_context context,
                sprintf(ldap_context->root_certificate_file,"%s %s", oldstr, val);
                free (oldstr);
            }
+#endif
        } else {
            /* ignore hash argument. Might have been passed from create */
            status = EINVAL;
index 97da15d2144e4dd8ddd6071dedd765523a840cf5..b1ffd84979ea4208b92c9470385785fb86081fae 100644 (file)
@@ -195,7 +195,9 @@ struct _krb5_ldap_server_info {
     krb5_ldap_server_handle      *ldap_server_handles;
     time_t                       downtime;
     char                       *server_name;
+#ifdef HAVE_EDIRECTORY
     char                       *root_certificate_file;
+#endif
     struct _krb5_ldap_server_info *next;
 };
 
index 768ba6a593ba542645af23e87f83f7d1f4d402b7..8c60c177d9384e043ac46648b17945979227a400 100644 (file)
@@ -180,6 +180,7 @@ krb5_ldap_create (krb5_context context, char *conf_section, char **db_args)
            }
 
            srv_cnt++;
+#ifdef HAVE_EDIRECTORY
        } else if (opt && !strcmp(opt, "cert")) {
            if (val == NULL) {
                status = EINVAL;
@@ -224,6 +225,7 @@ krb5_ldap_create (krb5_context context, char *conf_section, char **db_args)
                sprintf(ldap_context->root_certificate_file,"%s %s", oldstr, val);
                free (oldstr);
            }
+#endif
        } else {
        /* ignore hash argument. Might have been passed from create */
            status = EINVAL;
index efcb73ee7bff3b413476e1b5d6605f86afa2ef1a..f76a6e895f3f71b8ae7c30716e550e2728eb002e 100644 (file)
@@ -229,6 +229,7 @@ krb5_ldap_read_server_params(context, conf_section, srv_type)
            goto cleanup;
     }
 
+#ifdef HAVE_EDIRECTORY
     /*
      * If root certificate file is not set read it from database
      * module section of conf file this is the trusted root
@@ -241,6 +242,7 @@ krb5_ldap_read_server_params(context, conf_section, srv_type)
        if (st)
            goto cleanup;
     }
+#endif
 
     /*
      * If the ldap server parameter is not set read the list of ldap
@@ -270,7 +272,7 @@ krb5_ldap_read_server_params(context, conf_section, srv_type)
            (*server_info)[ele] = (krb5_ldap_server_info *)calloc(1,
                                                                  sizeof(krb5_ldap_server_info));
 
-           (*server_info)[ele]->server_name = strdup("localhost");
+           (*server_info)[ele]->server_name = strdup("ldapi://");
            if ((*server_info)[ele]->server_name == NULL) {
                st = ENOMEM;
                goto cleanup;
@@ -326,9 +328,11 @@ krb5_ldap_free_server_params(ldap_context)
            if (ldap_context->server_info_list[i]->server_name) {
                free (ldap_context->server_info_list[i]->server_name);
            }
+#ifdef HAVE_EDIRECTORY
            if (ldap_context->server_info_list[i]->root_certificate_file) {
                free (ldap_context->server_info_list[i]->root_certificate_file);
            }
+#endif
            if (ldap_context->server_info_list[i]->ldap_server_handles) {
                ldap_server_handle = ldap_context->server_info_list[i]->ldap_server_handles;
                while (ldap_server_handle) {
@@ -365,10 +369,12 @@ krb5_ldap_free_server_params(ldap_context)
        ldap_context->service_password_file = NULL;
     }
 
+#ifdef HAVE_EDIRECTORY
     if (ldap_context->root_certificate_file != NULL) {
        krb5_xfree(ldap_context->root_certificate_file);
        ldap_context->root_certificate_file = NULL;
     }
+#endif
 
     if (ldap_context->service_cert_path != NULL) {
        krb5_xfree(ldap_context->service_cert_path);
@@ -915,8 +921,10 @@ checkattributevalue (ld, dn, attribute, attrvalues, mask)
     char                        **values=NULL, *attributes[2] = {NULL};
     LDAPMessage                 *result=NULL, *entry=NULL;
 
-    if (strlen(dn) == 0)
-       return LDAP_NO_SUCH_OBJECT;
+    if (strlen(dn) == 0) {
+       st = set_ldap_error(0, LDAP_NO_SUCH_OBJECT, OP_SEARCH);
+       return st;
+    }
 
     attributes[0] = attribute;
 
index 9bfef1510a1badbe6dec9d91b868ee7bf15cfd53..e0ada5d3ae24f759c849f2134fa0ffa5abe8e6f0 100644 (file)
@@ -1076,10 +1076,9 @@ krb5_ldap_put_principal(context, entries, nentries, db_args)
                int p, q, r=0, amask=0;
 
                if ((st=checkattributevalue(ld, (xargs.dn) ? xargs.dn : principal_dn,
-                                           "objectclass", attrvalues, &amask)) != 0) {
-                   st = KRB5_KDB_UK_RERROR;
+                                           "objectclass", attrvalues, &amask)) != 0)
                    goto cleanup;
-               }
+
                memset(strval, 0, sizeof(strval));
                for (p=1, q=0; p<=2; p<<=1, ++q) {
                    if ((p & amask) == 0)
index 3c229c05529503b927bf1dc2ed21c4a998c3ca8f..6f8b3efd89ba6e7441e139fd4e75d8a1b5841faf 100644 (file)
@@ -323,7 +323,8 @@ krb5_ldap_delete_password_policy (context, policy)
     krb5_context                context;
     char                        *policy;
 {
-    char                        *policy_dn = NULL;
+    int                         mask = 0;
+    char                        *policy_dn = NULL, *class[] = {"krbpwdpolicy", NULL};
     krb5_error_code             st=0;
     LDAP                        *ld=NULL;
     kdb5_dal_handle             *dal_handle=NULL;
@@ -344,6 +345,15 @@ krb5_ldap_delete_password_policy (context, policy)
     if (st != 0)
        goto cleanup;
 
+    /* Ensure that the object is a password policy */
+    if ((st=checkattributevalue(ld, policy_dn, "objectclass", class, &mask)) != 0)
+       goto cleanup;
+
+    if (mask == 0) {
+       st = KRB5_KDB_NOENTRY;
+       goto cleanup;
+    }
+
     if ((st=ldap_delete_ext_s(ld, policy_dn, NULL, NULL)) != LDAP_SUCCESS) {
        st = set_ldap_error (context, st, OP_DEL);
        goto cleanup;
index 3013838eab389ec44f50bd151b8d2cbbc53266cf..b5e198ff711c3c8ccdd79ddf6555a023a6c801ab 100644 (file)
 #define END_OF_LIST -1
 char  *realm_attributes[] = {"krbSearchScope","krbSubTrees", "krbPrincContainerRef", 
                             "krbMaxTicketLife", "krbMaxRenewableAge",
-                            "krbTicketFlags", "krbDefaultEncType",
-                            "krbDefaultSaltType", "krbUpEnabled",
-                            "krbTicketPolicyReference", "krbSupportedEncTypes",
-                            "krbSupportedSaltTypes", "krbLdapServers",
+                            "krbTicketFlags", "krbUpEnabled",
+                            "krbTicketPolicyReference",
+                            "krbLdapServers",
                             "krbKdcServers",  "krbAdmServers",
                             "krbPwdServers", NULL};
 
@@ -64,14 +63,6 @@ char  *pwdclass[] =        { "krbPwdService", NULL };
 char  *subtreeclass[] =    { "Organization", "OrganizationalUnit", "Domain", "krbContainer",
                              "krbRealmContainer", "Country", "Locality", NULL };
 
-int supportedenctypes[] = { ENCTYPE_DES_CBC_CRC, ENCTYPE_DES_CBC_MD4, ENCTYPE_DES_CBC_MD5,
-                           ENCTYPE_DES3_CBC_SHA1, ENCTYPE_AES128_CTS_HMAC_SHA1_96,
-                           ENCTYPE_AES256_CTS_HMAC_SHA1_96, ENCTYPE_ARCFOUR_HMAC, -1};
-
-int supportedsalttypes[] = { KRB5_KDB_SALTTYPE_NORMAL, KRB5_KDB_SALTTYPE_V4,
-                            KRB5_KDB_SALTTYPE_NOREALM, KRB5_KDB_SALTTYPE_ONLYREALM,
-                            KRB5_KDB_SALTTYPE_SPECIAL, -1};
-
 
 char  *krbContainerRefclass[] = { "krbContainerRefAux", NULL};
 
@@ -460,9 +451,6 @@ krb5_ldap_modify_realm(context, rparams, mask)
        rparams->tl_data->tl_data_contents == NULL ||
        ((mask & LDAP_REALM_SUBTREE) && rparams->subtree == NULL) ||
        ((mask & LDAP_REALM_CONTREF) && rparams->containerref == NULL) ||
-       /* This has to be fixed ... */
-       ((mask & LDAP_REALM_DEFENCTYPE) && rparams->suppenctypes == NULL) ||
-       ((mask & LDAP_REALM_DEFSALTTYPE) && rparams->suppsalttypes == NULL) ||
 #ifdef HAVE_EDIRECTORY
        ((mask & LDAP_REALM_KDCSERVERS) && rparams->kdcservers == NULL) ||
        ((mask & LDAP_REALM_ADMINSERVERS) && rparams->adminservers == NULL) ||
@@ -490,22 +478,6 @@ krb5_ldap_modify_realm(context, rparams, mask)
        }
     }
 
-    /*
-     * Sort the list of salt-types / enc-types ... just to eliminate duplicates
-     * later.
-     */
-    {
-       if ((mask & LDAP_REALM_SUPPENCTYPE) && rparams->suppenctypes) {
-           for (i = 0; rparams->suppenctypes [i] != END_OF_LIST; i++) {
-           }
-           qsort ((void *)rparams->suppenctypes, (unsigned) i, sizeof(krb5_int32), compare);
-       }
-       if ((mask & LDAP_REALM_SUPPSALTTYPE) && rparams->suppsalttypes) {
-           for (i = 0; rparams->suppenctypes [i] != END_OF_LIST; i++) {
-           }
-           qsort ((void *)rparams->suppsalttypes, (unsigned) i, sizeof(krb5_int32), compare);
-       }
-    }
 
     /* SUBTREE ATTRIBUTE */
     if (mask & LDAP_REALM_SUBTREE) {
@@ -575,124 +547,6 @@ krb5_ldap_modify_realm(context, rparams, mask)
     }
 
 
-    /* DEFENCTYPE ATTRIBUTE */
-    if (mask & LDAP_REALM_DEFENCTYPE) {
-       /* check if the entered enctype is valid */
-       if (krb5_c_valid_enctype(rparams->defenctype)) {
-
-           /* check if the defenctype exists in the suppenctypes list */
-           for (i = 0; rparams->suppenctypes[i] != END_OF_LIST; ++i)
-               if (rparams->defenctype == rparams->suppenctypes[i])
-                   break;
-
-           /* touching the end of list means defenctype is missing */
-           if (rparams->suppenctypes[i] == END_OF_LIST) {
-               st = EINVAL;
-               krb5_set_error_message (context, st, "Default enctype not in the supported list");
-               goto cleanup;
-           }
-
-           if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbdefaultenctype", LDAP_MOD_REPLACE,
-                                             rparams->defenctype)) != 0)
-               goto cleanup;
-       } else {
-           st = EINVAL;
-           krb5_set_error_message (context, st, "Invalid default enctype");
-           goto cleanup;
-       }
-    }
-
-    /* DEFSALTTYPE ATTRIBUTE */
-    if (mask & LDAP_REALM_DEFSALTTYPE) {
-       /* check if the entered salttype is valid */
-       if (rparams->defsalttype>=0 && rparams->defsalttype<6) {
-
-           /* check if the defsalttype exists in the suppsalttypes list */
-           for (i = 0; rparams->suppsalttypes[i] != END_OF_LIST; ++i)
-               if (rparams->defsalttype == rparams->suppsalttypes[i])
-                   break;
-
-           /* touching the end of the list means defsalttype is missing */
-           if (rparams->suppsalttypes[i] == END_OF_LIST) {
-               st = EINVAL;
-               krb5_set_error_message (context, st, "Default salttype not in the supported list");
-               goto cleanup;
-           }
-
-           if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbdefaultsalttype",
-                                             LDAP_MOD_REPLACE, rparams->defsalttype)) != 0)
-               goto cleanup;
-
-       } else {
-           st = EINVAL;
-           krb5_set_error_message (context, st, "Invalid default salttype");
-           goto cleanup;
-       }
-    }
-
-    /* SUPPSALTTYPE ATTRIBUTE */
-    if (mask & LDAP_REALM_SUPPSALTTYPE) {
-       krb5_boolean flag=FALSE;
-
-       for (i = 0; rparams->suppsalttypes[i] != END_OF_LIST; ++i) {
-           /* check if the salttypes entered is valid */
-           if (!(rparams->suppsalttypes[i]>=0 && rparams->suppsalttypes[i]<6)) {
-               st = EINVAL;
-               krb5_set_error_message (context, st, "salttype %d not valid", rparams->suppsalttypes[i]);
-               goto cleanup;
-           }
-
-           /* Ensure that the default salt type is supported */
-           if ((oldmask & LDAP_REALM_DEFSALTTYPE ||
-                mask & LDAP_REALM_DEFSALTTYPE) &&
-               rparams->defsalttype == rparams->suppsalttypes[i])
-               flag = TRUE;
-       }
-
-       if (flag == FALSE) { /* Default salt type is not supported */
-           st = EINVAL;
-           krb5_set_error_message (context, st, "Default salttype not in the supported list");
-           goto cleanup;
-       }
-       ignore_duplicates(rparams->suppsalttypes);
-
-       if ((st=krb5_add_int_arr_mem_ldap_mod(&mods, "krbsupportedsalttypes",
-                                             LDAP_MOD_REPLACE, rparams->suppsalttypes)) != 0)
-           goto cleanup;
-    }
-
-    /* SUPPENCTYPE ATTRIBUTE */
-    if (mask & LDAP_REALM_SUPPENCTYPE) {
-       krb5_boolean flag=FALSE;
-
-       for (i=0; rparams->suppenctypes[i] != END_OF_LIST; ++i) {
-
-           /* check if the enctypes entered is valid */
-           if (krb5_c_valid_enctype(rparams->suppenctypes[i]) == 0) {
-               st = EINVAL;
-               krb5_set_error_message (context, st, "Enctype %d not valid", rparams->suppenctypes[i]);
-               goto cleanup;
-           }
-
-           /* Ensure that the default encryption type is supported */
-           if ((oldmask & LDAP_REALM_DEFENCTYPE ||
-                mask & LDAP_REALM_DEFENCTYPE) &&
-               rparams->defenctype == rparams->suppenctypes[i])
-               flag = TRUE;
-       }
-
-       if (flag == FALSE) { /* Default encryption type is not supported */
-           st = EINVAL;
-           krb5_set_error_message(context, st, "Default enctype not in the supported list");
-           goto cleanup;
-       }
-       ignore_duplicates(rparams->suppenctypes);
-
-       if ((st=krb5_add_int_arr_mem_ldap_mod(&mods, "krbsupportedenctypes",
-                                             LDAP_MOD_REPLACE, rparams->suppenctypes)) != 0)
-           goto cleanup;
-    }
-
 #ifdef HAVE_EDIRECTORY
 
     /* KDCSERVERS ATTRIBUTE */
@@ -1147,8 +1001,6 @@ krb5_ldap_create_realm(context, rparams, mask)
        ((mask & LDAP_REALM_SUBTREE) && rparams->subtree  == NULL) ||
        ((mask & LDAP_REALM_CONTREF) && rparams->containerref == NULL) || 
        ((mask & LDAP_REALM_POLICYREFERENCE) && rparams->policyreference == NULL) ||
-       ((mask & LDAP_REALM_SUPPSALTTYPE) && rparams->suppsalttypes == NULL) ||
-       ((mask & LDAP_REALM_SUPPENCTYPE) && rparams->suppenctypes == NULL) ||
 #ifdef HAVE_EDIRECTORY
        ((mask & LDAP_REALM_KDCSERVERS) && rparams->kdcservers == NULL) ||
        ((mask & LDAP_REALM_ADMINSERVERS) && rparams->adminservers == NULL) ||
@@ -1428,8 +1280,7 @@ krb5_ldap_read_realm_params(context, lrealm, rlparamp, mask)
 
     LDAP_SEARCH(rlparams->realmdn, LDAP_SCOPE_BASE, "(objectclass=krbRealmContainer)", realm_attributes);
 
-    if ((st = ldap_count_entries(ld, result)) == 0)
-    {
+    if ((st = ldap_count_entries(ld, result)) <= 0) {
         /* This could happen when the DN used to bind and read the realm object
          * does not have sufficient rights to read its attributes
          */
@@ -1504,49 +1355,6 @@ krb5_ldap_read_realm_params(context, lrealm, rlparamp, mask)
            ldap_value_free(values);
        }
 
-       if ((values=ldap_get_values(ld, ent, "krbDefaultEncType")) != NULL) {
-           rlparams->defenctype = atoi(values[0]);
-           if (krb5_c_valid_enctype(rlparams->defenctype) == 0)
-               rlparams->defenctype = ENCTYPE_DES3_CBC_SHA1;
-           *mask |= LDAP_REALM_DEFENCTYPE;
-           ldap_value_free(values);
-       }
-
-       if ((values=ldap_get_values(ld, ent, "krbDefaultSaltType")) != NULL) {
-           rlparams->defsalttype = atoi(values[0]);
-           if (!(rlparams->defsalttype>=0 && rlparams->defsalttype<6))
-               rlparams->defsalttype = KRB5_KDB_SALTTYPE_NORMAL;
-           *mask |= LDAP_REALM_DEFSALTTYPE;
-           ldap_value_free(values);
-       }
-       if ((values=ldap_get_values(ld, ent, "krbSupportedEncTypes")) != NULL) {
-           count = ldap_count_values(values);
-           rlparams->suppenctypes = malloc (sizeof(krb5_int32) * (count + 1));
-           if (rlparams->suppenctypes == NULL) {
-               st = ENOMEM;
-               goto cleanup;
-           }
-           for (i=0; i<count; ++i)
-               rlparams->suppenctypes[i] = atoi(values[i]);
-           rlparams->suppenctypes[count] = -1;
-           *mask |= LDAP_REALM_SUPPENCTYPE;
-           ldap_value_free(values);
-       }
-
-       if ((values=ldap_get_values(ld, ent, "krbSupportedSaltTypes")) != NULL) {
-           count = ldap_count_values(values);
-           rlparams->suppsalttypes =  malloc (sizeof(krb5_int32) * (count + 1));
-           if (rlparams->suppsalttypes == NULL) {
-               st = ENOMEM;
-               goto cleanup;
-           }
-           for (i=0; i<count; ++i)
-               rlparams->suppsalttypes[i] = atoi(values[i]);
-           rlparams->suppsalttypes[count] = -1;
-           *mask |= LDAP_REALM_SUPPSALTTYPE;
-           ldap_value_free(values);
-       }
-
 #ifdef HAVE_EDIRECTORY
 
        if ((values=ldap_get_values(ld, ent, "krbKdcServers")) != NULL) {
@@ -1659,12 +1467,6 @@ krb5_ldap_free_realm_params(rparams)
            krb5_xfree(rparams->subtree);
         }
 
-       if (rparams->suppenctypes)
-           krb5_xfree(rparams->suppenctypes);
-
-       if (rparams->suppsalttypes)
-           krb5_xfree(rparams->suppsalttypes);
-
        if (rparams->kdcservers) {
            for (i=0; rparams->kdcservers[i]; ++i)
                krb5_xfree(rparams->kdcservers[i]);
index 3879bf437385fe084b8b3a4f85799731f1b75d60..05c2b14322d9b8f4d66b5ad39298f7dc86c23a78 100644 (file)
 /* realm specific mask */
 #define LDAP_REALM_SUBTREE            0x0001
 #define LDAP_REALM_SEARCHSCOPE        0x0002
-#define LDAP_REALM_DEFENCTYPE         0x0004
-#define LDAP_REALM_DEFSALTTYPE        0x0008
-#define LDAP_REALM_SUPPENCTYPE        0x0010
-#define LDAP_REALM_SUPPSALTTYPE       0x0020
-#define LDAP_REALM_POLICYREFERENCE    0x0040
-#define LDAP_REALM_UPENABLED          0x0080
-#define LDAP_REALM_LDAPSERVERS        0x0100
-#define LDAP_REALM_KDCSERVERS         0x0200
-#define LDAP_REALM_ADMINSERVERS       0x0400
-#define LDAP_REALM_PASSWDSERVERS      0x0800
-#define LDAP_REALM_MAXTICKETLIFE      0x1000
-#define LDAP_REALM_MAXRENEWLIFE       0x2000
-#define LDAP_REALM_KRBTICKETFLAGS     0x4000
-#define LDAP_REALM_CONTREF           0x8000 
+#define LDAP_REALM_POLICYREFERENCE    0x0004
+#define LDAP_REALM_UPENABLED          0x0008
+#define LDAP_REALM_LDAPSERVERS        0x0010
+#define LDAP_REALM_KDCSERVERS         0x0020
+#define LDAP_REALM_ADMINSERVERS       0x0040
+#define LDAP_REALM_PASSWDSERVERS      0x0080
+#define LDAP_REALM_MAXTICKETLIFE      0x0100
+#define LDAP_REALM_MAXRENEWLIFE       0x0200
+#define LDAP_REALM_KRBTICKETFLAGS     0x0400
+#define LDAP_REALM_CONTREF           0x0800 
 
 extern char *policy_attributes[];
 
@@ -67,10 +63,6 @@ typedef struct _krb5_ldap_realm_params {
   krb5_int32    max_life;
   krb5_int32    max_renewable_life;
   krb5_int32    tktflags;
-  krb5_enctype  defenctype;
-  krb5_int32    defsalttype;
-  krb5_enctype  *suppenctypes;
-  krb5_int32    *suppsalttypes;
   char          **kdcservers;
   char          **adminservers;
   char          **passwdservers;
index e4a28a5ac3baa7220d5708b9e768234a6440ffb9..b32ba91867cba1502b73d6470c37cf294bf7ab33 100644 (file)
@@ -151,10 +151,8 @@ static char *kdcrights_realmcontainer[][2]={
     {"2#subtree#","#krbPrincContainerRef"}, 
     {"2#subtree#","#krbSearchScope"},
     {"2#subtree#","#krbLdapServers"},
-    {"2#subtree#","#krbSupportedEncTypes"},
-    {"2#subtree#","#krbSupportedSaltTypes"},
-    {"2#subtree#","#krbDefaultEncType"},
-    {"2#subtree#","#krbDefaultSaltType"},
+    {"2#subtree#","#krbSupportedEncSaltTypes"},
+    {"2#subtree#","#krbDefaultEncSaltTypes"},
     {"2#subtree#","#krbKdcServers"},
     {"2#subtree#","#krbPwdServers"},
     {"2#subtree#","#krbTicketFlags"},
@@ -195,10 +193,8 @@ static char *adminrights_realmcontainer[][2]={
     {"2#subtree#","#krbPrincContainerRef"}, 
     {"2#subtree#","#krbSearchScope"},
     {"2#subtree#","#krbLdapServers"},
-    {"2#subtree#","#krbSupportedEncTypes"},
-    {"2#subtree#","#krbSupportedSaltTypes"},
-    {"2#subtree#","#krbDefaultEncType"},
-    {"2#subtree#","#krbDefaultSaltType"},
+    {"2#subtree#","#krbSupportedEncSaltTypes"},
+    {"2#subtree#","#krbDefaultEncSaltTypes"},
     {"2#subtree#","#krbKdcServers"},
     {"2#subtree#","#krbPwdServers"},
     {"6#subtree#","#krbTicketFlags"},
@@ -244,10 +240,8 @@ static char *pwdrights_realmcontainer[][2]={
     {"2#subtree#","#krbPrincContainerRef"}, 
     {"2#subtree#","#krbSearchScope"},
     {"2#subtree#","#krbLdapServers"},
-    {"2#subtree#","#krbSupportedEncTypes"},
-    {"2#subtree#","#krbSupportedSaltTypes"},
-    {"2#subtree#","#krbDefaultEncType"},
-    {"2#subtree#","#krbDefaultSaltType"},
+    {"2#subtree#","#krbSupportedEncSaltTypes"},
+    {"2#subtree#","#krbDefaultEncSaltTypes"},
     {"2#subtree#","#krbKdcServers"},
     {"2#subtree#","#krbPwdServers"},
     {"6#subtree#","#krbTicketFlags"},