Some mechanical changes (mainly whitespace) to match up better with
authorKen Raeburn <raeburn@mit.edu>
Tue, 29 Aug 2006 22:54:46 +0000 (22:54 +0000)
committerKen Raeburn <raeburn@mit.edu>
Tue, 29 Aug 2006 22:54:46 +0000 (22:54 +0000)
MIT coding style.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18551 dc483132-0cff-0310-8789-dd5450dbe970

18 files changed:
src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c
src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h
src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c
src/plugins/kdb/ldap/libkdb_ldap/kdb_xdr.c
src/plugins/kdb/ldap/libkdb_ldap/ldap_err.c
src/plugins/kdb/ldap/libkdb_ldap/ldap_fetch_mkey.c
src/plugins/kdb/ldap/libkdb_ldap/ldap_handle.c
src/plugins/kdb/ldap/libkdb_ldap/ldap_krbcontainer.c
src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c
src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c
src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c
src/plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c
src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c
src/plugins/kdb/ldap/libkdb_ldap/ldap_service_rights.c
src/plugins/kdb/ldap/libkdb_ldap/ldap_service_stash.c
src/plugins/kdb/ldap/libkdb_ldap/ldap_services.c
src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c
src/plugins/kdb/ldap/libkdb_ldap/princ_xdr.c

index 7c3622425950c7c0a878295e9670601c51dc7d39..b2798b9f269a00b2fb5dd179eb3679ae487fd11c 100644 (file)
 #include <kdb5.h>
 
 static krb5_error_code
-krb5_ldap_get_db_opt( char *input, char **opt, char **val )
+krb5_ldap_get_db_opt(char *input, char **opt, char **val)
 {
     char *pos = strchr(input, '=');
 
     *val = NULL;
-    if (pos == NULL)
-    {
+    if (pos == NULL) {
        *opt = strdup(input);
-       if (*opt == NULL)
-       {
+       if (*opt == NULL) {
            return ENOMEM;
        }
-    }
-    else
-    {
+    } else {
        int len = pos - input;
        *opt = malloc((unsigned) len + 1);
-       if (!*opt)
-       {
+       if (!*opt) {
            return ENOMEM;
        }
        memcpy(*opt, input, (unsigned) len);
@@ -65,14 +60,13 @@ krb5_ldap_get_db_opt( char *input, char **opt, char **val )
        while (isblank((*opt)[len-1]))
            --len;
        (*opt)[len] = '\0';
-       
+
        pos += 1; /* move past '=' */
        while (isblank(*pos))  /* ignore leading blanks */
            pos += 1;
        if (*pos != '\0') {
            *val = strdup (pos);
-           if (!*val)
-           {
+           if (!*val) {
                free (*opt);
                return ENOMEM;
            }
@@ -106,19 +100,19 @@ krb5_ldap_read_startup_information(krb5_context context)
     kdb5_dal_handle      *dal_handle=NULL;
     krb5_ldap_context    *ldap_context=NULL;
     int                  mask=0;
-       
+
     SETUP_CONTEXT();
     if ((retval=krb5_ldap_read_krbcontainer_params(context, &(ldap_context->krbcontainer)))) {
-        prepend_err_str (context, "Unable to read Kerberos container", retval, retval);
+       prepend_err_str (context, "Unable to read Kerberos container", retval, retval);
        goto cleanup;
     }
 
     if ((retval=krb5_ldap_read_realm_params(context, context->default_realm, &(ldap_context->lrparams), &mask))) {
-        prepend_err_str (context, "Unable to read Realm", retval, retval);
+       prepend_err_str (context, "Unable to read Realm", retval, retval);
        goto cleanup;
     }
-    
- cleanup:
+
+cleanup:
     return retval;
 }
 
@@ -132,10 +126,10 @@ krb5_ldap_read_startup_information(krb5_context context)
 #define ERR_MSG1 "Unable to check if SASL EXTERNAL mechanism is supported by LDAP server. Proceeding anyway ..."
 #define ERR_MSG2 "SASL EXTERNAL mechanism not supported by LDAP server. Can't perform certificate-based bind."
 
-int 
+int
 has_sasl_external_mech(context, ldap_server)
-     krb5_context     context;
-     char             *ldap_server;
+    krb5_context     context;
+    char             *ldap_server;
 {
     int               i=0, flag=0, ret=0, retval=0;
     char              *attrs[]={"supportedSASLMechanisms", NULL}, **values=NULL;
@@ -143,7 +137,7 @@ has_sasl_external_mech(context, ldap_server)
     LDAPMessage       *msg=NULL, *res=NULL;
 
     ld = ldap_open(ldap_server, 389); /*  Should the port number be configurable ? */
-    if(ld == NULL){
+    if (ld == NULL) {
        krb5_set_error_message(context, 2, "%s", ERR_MSG1);
        ret = 2; /* Don't know */
        goto cleanup;
@@ -151,40 +145,40 @@ has_sasl_external_mech(context, ldap_server)
 
     /* Anonymous bind */
     retval = ldap_simple_bind_s(ld, NULL, NULL);
-    if(retval != LDAP_SUCCESS){
+    if (retval != LDAP_SUCCESS) {
        krb5_set_error_message(context, 2, "%s", ERR_MSG1);
        ret = 2; /* Don't know */
        goto cleanup;
     }
 
     retval = ldap_search_s(ld, "", LDAP_SCOPE_BASE, NULL, attrs, 0, &res);
-    if(retval != LDAP_SUCCESS){
+    if (retval != LDAP_SUCCESS) {
        krb5_set_error_message(context, 2, "%s", ERR_MSG1);
        ret = 2; /* Don't know */
        goto cleanup;
     }
 
     msg = ldap_first_message(ld, res);
-    if(msg == NULL){
+    if (msg == NULL) {
        krb5_set_error_message(context, 2, "%s", ERR_MSG1);
        ret = 2; /* Don't know */
        goto cleanup;
     }
 
     values = ldap_get_values(ld, msg, "supportedSASLMechanisms");
-    if(values == NULL){
+    if (values == NULL) {
        krb5_set_error_message(context, 1, "%s", ERR_MSG2);
        ret = 1; /* Not supported */
        goto cleanup;
     }
 
-    for(i = 0; values[i] != NULL; i++){
-       if(strcmp(values[i], "EXTERNAL"))
+    for (i = 0; values[i] != NULL; i++) {
+       if (strcmp(values[i], "EXTERNAL"))
            continue;
        flag = 1;
     }
 
-    if(flag != 1){
+    if (flag != 1) {
        krb5_set_error_message(context, 1, "%s", ERR_MSG2);
        ret = 1; /* Not supported */
        goto cleanup;
@@ -192,33 +186,33 @@ has_sasl_external_mech(context, ldap_server)
 
 cleanup:
 
-    if(values != NULL)
+    if (values != NULL)
        ldap_value_free(values);
 
-    if(res != NULL)
+    if (res != NULL)
        ldap_msgfree(res);
 
-    if(ld != NULL)
+    if (ld != NULL)
        ldap_unbind_s(ld);
 
     return ret;
 }
 
-void * krb5_ldap_alloc( krb5_context context,  void *ptr, size_t size )
+void * krb5_ldap_alloc(krb5_context context, void *ptr, size_t size)
 {
     return realloc(ptr, size);
 }
 
-void krb5_ldap_free( krb5_context context, void *ptr )
+void krb5_ldap_free(krb5_context context, void *ptr)
 
 {
     free(ptr);
 }
 
-krb5_error_code krb5_ldap_open( krb5_context context,
-                               char *conf_section,
-                               char **db_args,
-                               int mode )
+krb5_error_code krb5_ldap_open(krb5_context context,
+                              char *conf_section,
+                              char **db_args,
+                              int mode)
 {
     krb5_error_code status  = 0;
     char **t_ptr = db_args;
@@ -230,104 +224,87 @@ krb5_error_code krb5_ldap_open( krb5_context context,
     krb5_clear_error_message(context);
 
     ldap_context = calloc(1, sizeof(krb5_ldap_context));
-    if (ldap_context == NULL) 
-    {
+    if (ldap_context == NULL) {
        status = ENOMEM;
        goto clean_n_exit;
     }
-    
+
     ldap_context->kcontext = context;
 
-    while ( t_ptr && *t_ptr )
-    {
+    while (t_ptr && *t_ptr) {
        char *opt = NULL, *val = NULL;
 
-       if( (status = krb5_ldap_get_db_opt( *t_ptr, &opt, &val )) != 0 )
-       {
+       if ((status = krb5_ldap_get_db_opt(*t_ptr, &opt, &val)) != 0) {
            goto clean_n_exit;
        }
-       if( opt && !strcmp( opt, "binddn" ) )
-       {
-           if( ldap_context->bind_dn ) 
-           {
+       if (opt && !strcmp(opt, "binddn")) {
+           if (ldap_context->bind_dn) {
                free (opt);
                free (val);
                status = EINVAL;
-                krb5_set_error_message (context, status, "'binddn' missing");
+               krb5_set_error_message (context, status, "'binddn' missing");
                goto clean_n_exit;
            }
-           if( val == NULL )
-           {
+           if (val == NULL) {
                status = EINVAL;
-                krb5_set_error_message (context, status, "'binddn' value missing");
+               krb5_set_error_message (context, status, "'binddn' value missing");
                free(opt);
                goto clean_n_exit;
            }
            ldap_context->bind_dn = strdup(val);
-           if (ldap_context->bind_dn == NULL) { 
+           if (ldap_context->bind_dn == NULL) {
                free (opt);
                free (val);
                status = ENOMEM;
                goto clean_n_exit;
            }
-       } 
-       else if( opt && !strcmp( opt, "nconns" ) )
-       {
-           if( ldap_context->max_server_conns ) 
-           {
+       } else if (opt && !strcmp(opt, "nconns")) {
+           if (ldap_context->max_server_conns) {
                free (opt);
                free (val);
                status = EINVAL;
-                krb5_set_error_message (context, status, "'nconns' missing");
+               krb5_set_error_message (context, status, "'nconns' missing");
                goto clean_n_exit;
            }
-           if( val == NULL )
-           {
+           if (val == NULL) {
                status = EINVAL;
-                krb5_set_error_message (context, status, "'nconns' value missing");
+               krb5_set_error_message (context, status, "'nconns' value missing");
                free(opt);
                goto clean_n_exit;
            }
            ldap_context->max_server_conns = atoi(val) ? atoi(val) : DEFAULT_CONNS_PER_SERVER;
-       } 
-       else if( opt && !strcmp( opt, "bindpwd" ) )
-       {
-           if( ldap_context->bind_pwd ) 
-           {
+       } else if (opt && !strcmp(opt, "bindpwd")) {
+           if (ldap_context->bind_pwd) {
                free (opt);
                free (val);
                status = EINVAL;
-                krb5_set_error_message (context, status, "'bindpwd' missing");
+               krb5_set_error_message (context, status, "'bindpwd' missing");
                goto clean_n_exit;
            }
-           if( val == NULL )
-           {
+           if (val == NULL) {
                status = EINVAL;
-                krb5_set_error_message (context, status, "'bindpwd' value missing");
+               krb5_set_error_message (context, status, "'bindpwd' value missing");
                free(opt);
                goto clean_n_exit;
            }
            ldap_context->bind_pwd = strdup(val);
-           if (ldap_context->bind_pwd == NULL) { 
+           if (ldap_context->bind_pwd == NULL) {
                free (opt);
                free (val);
                status = ENOMEM;
                goto clean_n_exit;
            }
-       } 
-       else if( opt && !strcmp( opt, "host" ) )
-       {
+       } else if (opt && !strcmp(opt, "host")) {
            char *port = NULL;
 
-           if( val == NULL )
-           {
+           if (val == NULL) {
                status = EINVAL;
-                krb5_set_error_message (context, status, "'host' value missing");
+               krb5_set_error_message (context, status, "'host' value missing");
                free(opt);
                goto clean_n_exit;
            }
-           if (ldap_context->server_info_list == NULL) 
-               ldap_context->server_info_list = (krb5_ldap_server_info **) calloc (SERV_COUNT+1, sizeof (krb5_ldap_server_info *)) ;   
+           if (ldap_context->server_info_list == NULL)
+               ldap_context->server_info_list = (krb5_ldap_server_info **) calloc (SERV_COUNT+1, sizeof (krb5_ldap_server_info *)) ;
 
            if (ldap_context->server_info_list == NULL) {
                free (opt);
@@ -335,7 +312,7 @@ krb5_error_code krb5_ldap_open( krb5_context context,
                status = ENOMEM;
                goto clean_n_exit;
            }
-           
+
            ldap_context->server_info_list[srv_cnt] = (krb5_ldap_server_info *) calloc (1, sizeof (krb5_ldap_server_info));
            if (ldap_context->server_info_list[srv_cnt] == NULL) {
                free (opt);
@@ -345,69 +322,58 @@ krb5_error_code krb5_ldap_open( krb5_context context,
            }
 
            ldap_context->server_info_list[srv_cnt]->server_status = NOTSET;
-           
+
            val = strtok_r(val, ":", &port);
-           ldap_context->server_info_list[srv_cnt]->server_name = strdup(val);     
+           ldap_context->server_info_list[srv_cnt]->server_name = strdup(val);
            if (ldap_context->server_info_list[srv_cnt]->server_name == NULL) {
                free (opt);
                free (val);
                status = ENOMEM;
                goto clean_n_exit;
            }
-           
+
            if (port) {
-               ldap_context->server_info_list[srv_cnt]->port = atoi(port);         
+               ldap_context->server_info_list[srv_cnt]->port = atoi(port);
            }
            srv_cnt++;
-       } 
-       else if( opt && !strcmp( opt, "port" ) )
-       {
-           if( ldap_context->port ) 
-           {
+       } else if (opt && !strcmp(opt, "port")) {
+           if (ldap_context->port) {
                free (opt);
                free (val);
                status = EINVAL;
-                krb5_set_error_message (context, status, "'port' missing");
+               krb5_set_error_message (context, status, "'port' missing");
                goto clean_n_exit;
            }
-           if( val == NULL )
-           {
+           if (val == NULL) {
                status = EINVAL;
-                krb5_set_error_message (context, status, "'port' value missing");
+               krb5_set_error_message (context, status, "'port' value missing");
                free(opt);
                goto clean_n_exit;
            }
-           ldap_context->port = atoi(val);         
-       } 
-       else if( opt && !strcmp( opt, "cert" ) )
-       {
-           if( val == NULL )
-           {
+           ldap_context->port = atoi(val);
+       } else if (opt && !strcmp(opt, "cert")) {
+           if (val == NULL) {
                status = EINVAL;
-                krb5_set_error_message (context, status, "'cert' value missing");
+               krb5_set_error_message (context, status, "'cert' value missing");
                free(opt);
                goto clean_n_exit;
            }
 
-           if( ldap_context->root_certificate_file == NULL )
-           {
+           if (ldap_context->root_certificate_file == NULL) {
                ldap_context->root_certificate_file = strdup(val);
-               if (ldap_context->root_certificate_file == NULL) { 
+               if (ldap_context->root_certificate_file == NULL) {
                    free (opt);
                    free (val);
                    status = ENOMEM;
                    goto clean_n_exit;
                }
-           }
-           else 
-           {
+           } else {
                void *tmp=NULL;
                char *oldstr = NULL;
                unsigned int len=0;
 
                oldstr = strdup(ldap_context->root_certificate_file);
-               if (oldstr == NULL)
-               {
+               if (oldstr == NULL) {
                    free (opt);
                    free (val);
                    status = ENOMEM;
@@ -418,7 +384,7 @@ krb5_error_code krb5_ldap_open( krb5_context context,
                len = strlen(ldap_context->root_certificate_file) + 2 + strlen(val);
                ldap_context->root_certificate_file = realloc(ldap_context->root_certificate_file,
                                                              len);
-               if (ldap_context->root_certificate_file == NULL) { 
+               if (ldap_context->root_certificate_file == NULL) {
                    free (tmp);
                    free (opt);
                    free (val);
@@ -429,12 +395,11 @@ krb5_error_code krb5_ldap_open( krb5_context context,
                sprintf(ldap_context->root_certificate_file,"%s %s", oldstr, val);
                free (oldstr);
            }
-       } 
+       }
        /* ignore hash argument. Might have been passed from create */
-       else
-       {
+       else {
            status = EINVAL;
-            krb5_set_error_message (context, status, "unknown option \'%s\'",
+           krb5_set_error_message (context, status, "unknown option \'%s\'",
                                    opt?opt:val);
            free(opt);
            free(val);
@@ -452,10 +417,10 @@ krb5_error_code krb5_ldap_open( krb5_context context,
     if (status) {
        ldap_context = NULL;
        dal_handle->db_context = NULL;
-        prepend_err_str (context, "Error reading LDAP server params: ", status, status);
+       prepend_err_str (context, "Error reading LDAP server params: ", status, status);
        goto clean_n_exit;
     }
-    if ((status=krb5_ldap_db_init( context, ldap_context)) != 0) {
+    if ((status=krb5_ldap_db_init(context, ldap_context)) != 0) {
        goto clean_n_exit;
     }
 
@@ -463,7 +428,7 @@ krb5_error_code krb5_ldap_open( krb5_context context,
        goto clean_n_exit;
     }
 
- clean_n_exit:
+clean_n_exit:
     /* may be clearing up is not required  db_fini might do it for us, check out */
     if (status) {
        krb5_ldap_close(context);
index 2bb3b8574fa831d177b98b9a19276812630d6a5a..295ba263bb81eaa7592a5345772d5b4b416390a7 100644 (file)
@@ -146,8 +146,8 @@ extern void prepend_err_str (krb5_context ctx, const char *s, krb5_error_code er
 
 /* To be used later */
 typedef struct _krb5_ldap_certificates{
-  char *certificate;
-  int  certtype;
+    char *certificate;
+    int  certtype;
 }krb5_ldap_certificates;
 
 /* ldap server info structure */
@@ -158,25 +158,24 @@ typedef enum _server_status {OFF, ON, NOTSET} krb5_ldap_server_status;
 
 typedef struct _krb5_ldap_server_info krb5_ldap_server_info;
 
-typedef struct  _krb5_ldap_server_handle{
-  int                              msgid;
-  LDAP                             *ldap_handle;
-  krb5_boolean                     server_info_update_pending;
-  krb5_ldap_server_info            *server_info;
-  struct _krb5_ldap_server_handle  *next;
-
-}krb5_ldap_server_handle;
+typedef struct  _krb5_ldap_server_handle {
+    int                              msgid;
+    LDAP                             *ldap_handle;
+    krb5_boolean                     server_info_update_pending;
+    krb5_ldap_server_info            *server_info;
+    struct _krb5_ldap_server_handle  *next;
+} krb5_ldap_server_handle;
 
 struct _krb5_ldap_server_info {
-  krb5_ldap_server_type                server_type;
-  krb5_ldap_server_status       server_status;
-  krb5_ui_4                     num_conns;
-  krb5_ldap_server_handle       *ldap_server_handles;
-  time_t                        downtime;
-  char                         *server_name;
-  krb5_ui_4                     port;  
-  char                         *root_certificate_file;
-  struct _krb5_ldap_server_info *next;
+    krb5_ldap_server_type       server_type;
+    krb5_ldap_server_status      server_status;
+    krb5_ui_4                    num_conns;
+    krb5_ldap_server_handle      *ldap_server_handles;
+    time_t                       downtime;
+    char                       *server_name;
+    krb5_ui_4                    port; 
+    char                       *root_certificate_file;
+    struct _krb5_ldap_server_info *next;
 };
 
 
index e808e350fb220f7a7cabf42bb8270291696ec725..3b1dd996f805d257573530cbba71e646cd5a31d7 100644 (file)
@@ -42,13 +42,13 @@ krb5_validate_ldap_context(krb5_context context, krb5_ldap_context *ldap_context
 {
     krb5_error_code             st=0;
     unsigned char               *password=NULL;
-    
+
     if (ldap_context->bind_dn == NULL) {
-       st = EINVAL;    
+       st = EINVAL;
        krb5_set_error_message(context, st, "LDAP bind dn value missing ");
        goto err_out;
     }
-    
+
     if (ldap_context->bind_pwd == NULL && ldap_context->service_password_file == NULL) {
        st = EINVAL;
        krb5_set_error_message(context, st, "LDAP bind password value missing ");
@@ -56,12 +56,12 @@ krb5_validate_ldap_context(krb5_context context, krb5_ldap_context *ldap_context
     }
 
     if (ldap_context->bind_pwd == NULL && ldap_context->service_password_file !=
-           NULL && ldap_context->service_cert_path == NULL) {
+       NULL && ldap_context->service_cert_path == NULL) {
        if ((st=krb5_ldap_readpassword(context, ldap_context, &password)) != 0) {
-            prepend_err_str(context, "Error reading password from stash: ", st, st);
+           prepend_err_str(context, "Error reading password from stash: ", st, st);
            goto err_out;
-        }
-      
+       }
+
        /* Check if the returned 'password' is actually the path of a certificate */
        if (!strncmp("{FILE}", (char *)password, 6)) {
            /* 'password' format: <path>\0<password> */
@@ -69,14 +69,14 @@ krb5_validate_ldap_context(krb5_context context, krb5_ldap_context *ldap_context
            if (password[strlen((char *)password) + 1] == '\0')
                ldap_context->service_cert_pass = NULL;
            else
-               ldap_context->service_cert_pass = strdup((char *)password + 
+               ldap_context->service_cert_pass = strdup((char *)password +
                                                         strlen((char *)password) + 1);
            free(password);
        } else {
            ldap_context->bind_pwd = (char *)password;
            if (ldap_context->bind_pwd == NULL) {
                st = EINVAL;
-                krb5_set_error_message(context, st, "Error reading password from stash");
+               krb5_set_error_message(context, st, "Error reading password from stash");
                goto err_out;
            }
        }
@@ -85,7 +85,7 @@ krb5_validate_ldap_context(krb5_context context, krb5_ldap_context *ldap_context
     /* NULL password not allowed */
     if (ldap_context->bind_pwd != NULL && strlen(ldap_context->bind_pwd) == 0) {
        st = EINVAL;
-        krb5_set_error_message(context, st, "Service password length is zero");
+       krb5_set_error_message(context, st, "Service password length is zero");
        goto err_out;
     }
 
@@ -94,47 +94,47 @@ err_out:
 }
 
 /*
- * Internal Functions called by init functions. 
+ * Internal Functions called by init functions.
  */
 
-static krb5_error_code 
+static krb5_error_code
 krb5_ldap_bind(ldap_context, ldap_server_handle)
     krb5_ldap_context           *ldap_context;
     krb5_ldap_server_handle     *ldap_server_handle;
 {
     krb5_error_code             st=0;
     struct berval               bv={0, NULL}, *servercreds=NULL;
-    
-    if(ldap_context->service_cert_path != NULL){
+
+    if (ldap_context->service_cert_path != NULL) {
        /* Certificate based bind (SASL EXTERNAL mechanism) */
-       
-       st = ldap_sasl_bind_s(ldap_server_handle->ldap_handle,  
+
+       st = ldap_sasl_bind_s(ldap_server_handle->ldap_handle,
                              NULL,        /* Authenticating dn */
                              "EXTERNAL",  /* Method used for authentication */
-                             &bv,                    
-                             NULL,                     
-                             NULL,                     
-                             &servercreds); 
-       
+                             &bv,
+                             NULL,
+                             NULL,
+                             &servercreds);
+
        if (st == LDAP_SASL_BIND_IN_PROGRESS) {
-           st = ldap_sasl_bind_s( ldap_server_handle->ldap_handle,
-                                NULL,
-                                "EXTERNAL",
-                                servercreds,
-                                NULL,
-                                NULL,
-                                &servercreds);
+           st = ldap_sasl_bind_s(ldap_server_handle->ldap_handle,
+                                 NULL,
+                                 "EXTERNAL",
+                                 servercreds,
+                                 NULL,
+                                 NULL,
+                                 &servercreds);
        }
     } else {
        /* password based simple bind */
-       st = ldap_simple_bind_s(ldap_server_handle->ldap_handle, 
-                               ldap_context->bind_dn, 
+       st = ldap_simple_bind_s(ldap_server_handle->ldap_handle,
+                               ldap_context->bind_dn,
                                ldap_context->bind_pwd);
     }
     return st;
 }
 
-static krb5_error_code 
+static krb5_error_code
 krb5_ldap_initialize(ldap_context, server_info)
     krb5_ldap_context *ldap_context;
     krb5_ldap_server_info *server_info;
@@ -149,34 +149,34 @@ krb5_ldap_initialize(ldap_context, server_info)
        port = ldap_context->port;
     else
        port = LDAPS_PORT;
-    
-    
+
+
     ldap_server_handle = calloc(1, sizeof(krb5_ldap_server_handle));
     if (ldap_server_handle == NULL) {
        st = ENOMEM;
        goto err_out;
     }
-    
+
     /* ldap init */
-    if((ldap_server_handle->ldap_handle=ldap_init(server_info->server_name, 
-                                                 port)) == NULL) {
-        st = KRB5_KDB_ACCESS_ERROR;
-        if (ldap_context->kcontext)
+    if ((ldap_server_handle->ldap_handle=ldap_init(server_info->server_name,
+                                                  port)) == NULL) {
+       st = KRB5_KDB_ACCESS_ERROR;
+       if (ldap_context->kcontext)
            krb5_set_error_message (ldap_context->kcontext, st, "%s",
                                    strerror(errno));
        goto err_out;
     }
-    
+
     if ((st=krb5_ldap_bind(ldap_context, ldap_server_handle)) == 0) {
        ldap_server_handle->server_info_update_pending = FALSE;
        server_info->server_status = ON;
        krb5_update_ldap_handle(ldap_server_handle, server_info);
     } else {
-        if (ldap_context->kcontext)
-            krb5_set_error_message (ldap_context->kcontext,
+       if (ldap_context->kcontext)
+           krb5_set_error_message (ldap_context->kcontext,
                                    KRB5_KDB_ACCESS_ERROR, "%s",
                                    ldap_err2string(st));
-        st = KRB5_KDB_ACCESS_ERROR;
+       st = KRB5_KDB_ACCESS_ERROR;
        server_info->server_status = OFF;
        time(&server_info->downtime);
        /* ldap_unbind_s(ldap_server_handle->ldap_handle); */
@@ -201,53 +201,53 @@ krb5_ldap_db_init(krb5_context context, krb5_ldap_context *ldap_context)
 
     if ((st=krb5_validate_ldap_context(context, ldap_context)) != 0)
        goto err_out;
-    
+
     ldap_set_option(NULL, LDAP_OPT_PROTOCOL_VERSION, &version);
     ldap_set_option(NULL, LDAP_OPT_NETWORK_TIMEOUT, &local_timelimit);
     ldap_set_option(NULL, LDAP_OPT_X_TLS, &tlsoption);
-    
+
     HNDL_LOCK(ldap_context);
     while (ldap_context->server_info_list[cnt] != NULL) {
        krb5_ldap_server_info *server_info=NULL;
-       
+
        server_info = ldap_context->server_info_list[cnt];
-       
+
        if (server_info->server_status == NOTSET) {
            int conns=0;
-           
+
            /*
             * Check if the server has to perform certificate-based authentication
             */
-           if(ldap_context->service_cert_path != NULL){
+           if (ldap_context->service_cert_path != NULL) {
                /* Find out if the server supports SASL EXTERNAL mechanism */
-               if(has_sasl_external_mech(context, server_info->server_name) == 1){
+               if (has_sasl_external_mech(context, server_info->server_name) == 1) {
                    cnt++;
                    sasl_mech_supported = FALSE;
                    continue; /* Check the next LDAP server */
                }
                sasl_mech_supported = TRUE;
            }
-          
-            krb5_clear_error_message(context);
+
+           krb5_clear_error_message(context);
+
            for (conns=0; conns < ldap_context->max_server_conns; ++conns) {
-             if ((st=krb5_ldap_initialize(ldap_context, server_info)) != 0)
-                 break;
+               if ((st=krb5_ldap_initialize(ldap_context, server_info)) != 0)
+                   break;
            } /* for (conn= ... */
 
-           if (server_info->server_status == ON) 
+           if (server_info->server_status == ON)
                break;  /* server init successful, so break */
        }
        ++cnt;
     }
     HNDL_UNLOCK(ldap_context);
 
- err_out:
+err_out:
     if (sasl_mech_supported == FALSE) {
-        st = KRB5_KDB_ACCESS_ERROR;
-        krb5_set_error_message (context, st,
-                             "Certificate based authentication requested but "
-                             "not supported by LDAP servers");
+       st = KRB5_KDB_ACCESS_ERROR;
+       krb5_set_error_message (context, st,
+                               "Certificate based authentication requested but "
+                               "not supported by LDAP servers");
     }
     return (st);
 }
@@ -268,25 +268,25 @@ krb5_ldap_db_single_init(krb5_ldap_context *ldap_context)
        server_info = ldap_context->server_info_list[cnt];
        if ((server_info->server_status == NOTSET || server_info->server_status == ON)) {
            if (server_info->num_conns < ldap_context->max_server_conns-1) {
-                st = krb5_ldap_initialize(ldap_context, server_info);
-               if (st == LDAP_SUCCESS) 
-                   goto cleanup; 
+               st = krb5_ldap_initialize(ldap_context, server_info);
+               if (st == LDAP_SUCCESS)
+                   goto cleanup;
            }
        }
        ++cnt;
     }
 
     /* If we are here, try to connect to all the servers */
-    
+
     cnt = 0;
     while (ldap_context->server_info_list[cnt] != NULL) {
        server_info = ldap_context->server_info_list[cnt];
        st = krb5_ldap_initialize(ldap_context, server_info);
-       if (st == LDAP_SUCCESS) 
+       if (st == LDAP_SUCCESS)
            goto cleanup;
        ++cnt;
     }
- cleanup:
+cleanup:
     return (st);
 }
 
@@ -304,7 +304,7 @@ krb5_ldap_rebind(ldap_context, ldap_server_handle)
        port = ldap_context->port;
     else
        port = LDAPS_PORT;
-    
+
     if ((handle->ldap_handle=ldap_init(handle->server_info->server_name, port)) == NULL
        || krb5_ldap_bind(ldap_context, handle) != LDAP_SUCCESS)
        return krb5_ldap_request_next_handle_from_pool(ldap_context, ldap_server_handle);
@@ -327,24 +327,24 @@ krb5_error_code krb5_ldap_lib_cleanup()
 
 
 
-krb5_error_code 
-krb5_ldap_close( krb5_context context)
+krb5_error_code
+krb5_ldap_close(krb5_context context)
 {
     kdb5_dal_handle  *dal_handle=NULL;
     krb5_ldap_context *ldap_context=NULL;
 
-    if (context == NULL || 
-       context->db_context == NULL || 
+    if (context == NULL ||
+       context->db_context == NULL ||
        ((kdb5_dal_handle *)context->db_context)->db_context == NULL)
-      return 0;
-  
+       return 0;
+
     dal_handle = (kdb5_dal_handle *) context->db_context;
     ldap_context = (krb5_ldap_context *) dal_handle->db_context;
     dal_handle->db_context = NULL;
 
     if (ldap_context == NULL)
        return 0;
-  
+
     krb5_ldap_free_krbcontainer_params(ldap_context->krbcontainer);
     ldap_context->krbcontainer = NULL;
 
@@ -355,6 +355,3 @@ krb5_ldap_close( krb5_context context)
 
     return 0;
 }
-
-
-
index 1f0462967040d071d4df79e1f0ad4bb679bc6772..d4c6ac832bc90ca853d780b0aadeeff1082caa3d 100644 (file)
@@ -1,14 +1,14 @@
 /*
  * lib/kdb/kdb_ldap/kdb_xdr.c
  *
- * Copyright 1995 by the Massachusetts Institute of Technology. 
+ * Copyright 1995 by the Massachusetts Institute of Technology.
  * All Rights Reserved.
  *
  * Export of this software from the United States of America may
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -22,7 +22,7 @@
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  */
 
 #include <k5-int.h>
@@ -90,7 +90,7 @@ krb5_dbe_lookup_tl_data(context, entry, ret_tl_data)
     krb5_tl_data *tl_data;
 
     for (tl_data = entry->tl_data; tl_data; tl_data = tl_data->tl_data_next) {
-        if (tl_data->tl_data_type == ret_tl_data->tl_data_type) {
+       if (tl_data->tl_data_type == ret_tl_data->tl_data_type) {
            *ret_tl_data = *tl_data;
            return(0);
        }
@@ -115,7 +115,7 @@ krb5_dbe_update_last_pwd_change(context, entry, stamp)
     krb5_octet          buf[4]; /* this is the encoded size of an int32 */
 
     tl_data.tl_data_type = KRB5_TL_LAST_PWD_CHANGE;
-    tl_data.tl_data_length = sizeof(buf); 
+    tl_data.tl_data_length = sizeof(buf);
     krb5_kdb_encode_int32((krb5_int32) stamp, buf);
     tl_data.tl_data_contents = buf;
 
@@ -136,7 +136,7 @@ krb5_dbe_lookup_last_pwd_change(context, entry, stamp)
 
     if ((code = krb5_dbe_lookup_tl_data(context, entry, &tl_data)))
        return(code);
-    
+
     if (tl_data.tl_data_length != 4) {
        *stamp = 0;
        return(0);
@@ -166,7 +166,7 @@ krb5_dbe_update_mod_princ_data(context, entry, mod_date, mod_princ)
     char               * unparse_mod_princ = 0;
     unsigned int       unparse_mod_princ_size;
 
-    if ((retval = krb5_unparse_name(context, mod_princ, 
+    if ((retval = krb5_unparse_name(context, mod_princ,
                                    &unparse_mod_princ)))
        return(retval);
 
@@ -210,7 +210,7 @@ krb5_dbe_lookup_mod_princ_data(context, entry, mod_time, mod_princ)
 
     if ((code = krb5_dbe_lookup_tl_data(context, entry, &tl_data)))
        return(code);
-    
+
     if ((tl_data.tl_data_length < 5) ||
        (tl_data.tl_data_contents[tl_data.tl_data_length-1] != '\0'))
        return(KRB5_KDB_TRUNCATED_RECORD);
@@ -226,4 +226,3 @@ krb5_dbe_lookup_mod_princ_data(context, entry, mod_time, mod_princ)
 
     return(0);
 }
-
index e10c5dbf0ed0841d369acb68a45501f561d1e35d..d925c5f1ac3efbfa117e0f9a4fcb8744aa745a0e 100644 (file)
  *  OP_ABANDON => ldap_abandon
  */
 
-int translate_ldap_error(int err, int op){
+int translate_ldap_error(int err, int op) {
 
     switch (err) {
-       case LDAP_SUCCESS:
-           return 0;
-
-       case LDAP_OPERATIONS_ERROR:
-           /* LDAP_OPERATIONS_ERROR: Indicates an internal error. The server is
-            * unable to respond with a more specific error and is also unable
-            * to properly respond to a request */
-       case LDAP_UNAVAILABLE_CRITICAL_EXTENSION:
-           /* LDAP server was unable to satisfy a request because one or more
-            * critical extensions were not available */
+    case LDAP_SUCCESS:
+       return 0;
+
+    case LDAP_OPERATIONS_ERROR:
+       /* LDAP_OPERATIONS_ERROR: Indicates an internal error. The server is
+        * unable to respond with a more specific error and is also unable
+        * to properly respond to a request */
+    case LDAP_UNAVAILABLE_CRITICAL_EXTENSION:
+       /* LDAP server was unable to satisfy a request because one or more
+        * critical extensions were not available */
        /* This might mean that the schema was not extended ... */
-       case LDAP_UNDEFINED_TYPE:
-           /* The attribute specified in the modify or add operation does not
-            * exist in the LDAP server's schema. */
-           return KRB5_KDB_INTERNAL_ERROR;
-
-
-       case LDAP_INAPPROPRIATE_MATCHING:
-           /* The matching rule specified in the search filter does not match a
-            * rule defined for the attribute's syntax */
-           return KRB5_KDB_UK_RERROR;
-
-       case LDAP_CONSTRAINT_VIOLATION:
-           /* The attribute value specified in a modify, add, or modify DN
-            * operation violates constraints placed on the attribute */
-       case LDAP_TYPE_OR_VALUE_EXISTS:
-           /* The attribute value specified in a modify or add operation
-            * already exists as a value for that attribute */
+    case LDAP_UNDEFINED_TYPE:
+       /* The attribute specified in the modify or add operation does not
+        * exist in the LDAP server's schema. */
+       return KRB5_KDB_INTERNAL_ERROR;
+
+
+    case LDAP_INAPPROPRIATE_MATCHING:
+       /* The matching rule specified in the search filter does not match a
+        * rule defined for the attribute's syntax */
+       return KRB5_KDB_UK_RERROR;
+
+    case LDAP_CONSTRAINT_VIOLATION:
+       /* The attribute value specified in a modify, add, or modify DN
+        * operation violates constraints placed on the attribute */
+    case LDAP_TYPE_OR_VALUE_EXISTS:
+       /* The attribute value specified in a modify or add operation
+        * already exists as a value for that attribute */
+       return KRB5_KDB_UK_SERROR;
+
+    case LDAP_INVALID_SYNTAX:
+       /* The attribute value specified in an add, compare, or modify
+        * operation is an unrecognized or invalid syntax for the attribute */
+       if (op == OP_ADD || op == OP_MOD)
            return KRB5_KDB_UK_SERROR;
-
-       case LDAP_INVALID_SYNTAX:
-           /* The attribute value specified in an add, compare, or modify
-            * operation is an unrecognized or invalid syntax for the attribute */
-           if (op == OP_ADD || op == OP_MOD)
-               return KRB5_KDB_UK_SERROR;
-           else /* OP_CMP */
-               return KRB5_KDB_UK_RERROR;
+       else /* OP_CMP */
+           return KRB5_KDB_UK_RERROR;
 
        /* Ensure that the following don't occur in the DAL-LDAP code.
         * Don't rely on the LDAP server to catch it */
-       case LDAP_SASL_BIND_IN_PROGRESS:
-           /* This is not an error. So, this function should not be called */
-       case LDAP_COMPARE_FALSE:
-       case LDAP_COMPARE_TRUE:
-           /* LDAP_COMPARE_FALSE and LDAP_COMPARE_TRUE are not errors. This
-            * function should not be invoked for them */
-       case LDAP_RESULTS_TOO_LARGE: /* CLDAP */
-       case LDAP_TIMELIMIT_EXCEEDED:
-       case LDAP_SIZELIMIT_EXCEEDED:
-           return KRB5_KDB_SERVER_INTERNAL_ERR;
-
-       case LDAP_INVALID_DN_SYNTAX:
-           /* The syntax of the DN is incorrect */
-           return EINVAL;
-
-       case LDAP_PROTOCOL_ERROR:
-           /* LDAP_PROTOCOL_ERROR: Indicates that the server has received an
-            * invalid or malformed request from the client */
-       case LDAP_CONFIDENTIALITY_REQUIRED:
+    case LDAP_SASL_BIND_IN_PROGRESS:
+       /* This is not an error. So, this function should not be called */
+    case LDAP_COMPARE_FALSE:
+    case LDAP_COMPARE_TRUE:
+       /* LDAP_COMPARE_FALSE and LDAP_COMPARE_TRUE are not errors. This
+        * function should not be invoked for them */
+    case LDAP_RESULTS_TOO_LARGE: /* CLDAP */
+    case LDAP_TIMELIMIT_EXCEEDED:
+    case LDAP_SIZELIMIT_EXCEEDED:
+       return KRB5_KDB_SERVER_INTERNAL_ERR;
+
+    case LDAP_INVALID_DN_SYNTAX:
+       /* The syntax of the DN is incorrect */
+       return EINVAL;
+
+    case LDAP_PROTOCOL_ERROR:
+       /* LDAP_PROTOCOL_ERROR: Indicates that the server has received an
+        * invalid or malformed request from the client */
+    case LDAP_CONFIDENTIALITY_REQUIRED:
 
        /* Bind problems ... */
-       case LDAP_AUTH_METHOD_NOT_SUPPORTED:
-//     case LDAP_STRONG_AUTH_NOT_SUPPORTED: // Is this a bind error ?
-       case LDAP_INAPPROPRIATE_AUTH:
-       case LDAP_INVALID_CREDENTIALS:
-       case LDAP_UNAVAILABLE:
+    case LDAP_AUTH_METHOD_NOT_SUPPORTED:
+/*     case LDAP_STRONG_AUTH_NOT_SUPPORTED: // Is this a bind error ? */
+    case LDAP_INAPPROPRIATE_AUTH:
+    case LDAP_INVALID_CREDENTIALS:
+    case LDAP_UNAVAILABLE:
+       return KRB5_KDB_ACCESS_ERROR;
+
+    case LDAP_STRONG_AUTH_REQUIRED:
+       if (op == OP_BIND) /* the LDAP server accepts only strong authentication. */
            return KRB5_KDB_ACCESS_ERROR;
+       else /* Client requested an operation such that requires strong authentication */
+           return KRB5_KDB_CONSTRAINT_VIOLATION;
 
-       case LDAP_STRONG_AUTH_REQUIRED:
-           if (op == OP_BIND) /* the LDAP server accepts only strong authentication. */
-               return KRB5_KDB_ACCESS_ERROR;
-           else /* Client requested an operation such that requires strong authentication */
-               return KRB5_KDB_CONSTRAINT_VIOLATION;
+    case LDAP_REFERRAL:
+       return KRB5_KDB_NOENTRY;
 
-       case LDAP_REFERRAL:
-           return KRB5_KDB_NOENTRY;
-
-       case LDAP_ADMINLIMIT_EXCEEDED:
-           /* An LDAP server limit set by an administrative authority has been
-            * exceeded */
-           return KRB5_KDB_CONSTRAINT_VIOLATION;
-       case LDAP_UNWILLING_TO_PERFORM:
-           /* The LDAP server cannot process the request because of
-            * server-defined restrictions */
-           return KRB5_KDB_CONSTRAINT_VIOLATION;
+    case LDAP_ADMINLIMIT_EXCEEDED:
+       /* An LDAP server limit set by an administrative authority has been
+        * exceeded */
+       return KRB5_KDB_CONSTRAINT_VIOLATION;
+    case LDAP_UNWILLING_TO_PERFORM:
+       /* The LDAP server cannot process the request because of
+        * server-defined restrictions */
+       return KRB5_KDB_CONSTRAINT_VIOLATION;
 
 
-       case LDAP_NO_SUCH_ATTRIBUTE:
-           /* Indicates that the attribute specified in the modify or compare
-            * operation does not exist in the entry */
-           if (op == OP_MOD)
-               return KRB5_KDB_UK_SERROR;
-           else /* OP_CMP */
-               return KRB5_KDB_TRUNCATED_RECORD;
+    case LDAP_NO_SUCH_ATTRIBUTE:
+       /* Indicates that the attribute specified in the modify or compare
+        * operation does not exist in the entry */
+       if (op == OP_MOD)
+           return KRB5_KDB_UK_SERROR;
+       else /* OP_CMP */
+           return KRB5_KDB_TRUNCATED_RECORD;
 
 
-       case LDAP_ALIAS_DEREF_PROBLEM:
-           /* Either the client does not have access rights to read the aliased
-            * object's name or dereferencing is not allowed */
-       case LDAP_PROXY_AUTHZ_FAILURE: // Is this correct ?
-       case LDAP_INSUFFICIENT_ACCESS:
-           /* Caller does not have sufficient rights to perform the requested
-            * operation */
-           return KRB5_KDB_UNAUTH;
+    case LDAP_ALIAS_DEREF_PROBLEM:
+       /* Either the client does not have access rights to read the aliased
+        * object's name or dereferencing is not allowed */
+    case LDAP_PROXY_AUTHZ_FAILURE: // Is this correct ?
+    case LDAP_INSUFFICIENT_ACCESS:
+       /* Caller does not have sufficient rights to perform the requested
+        * operation */
+       return KRB5_KDB_UNAUTH;
 
-       case LDAP_LOOP_DETECT:
-           /* Client discovered an alias or referral loop */
-           return KRB5_KDB_DB_CORRUPT;
+    case LDAP_LOOP_DETECT:
+       /* Client discovered an alias or referral loop */
+       return KRB5_KDB_DB_CORRUPT;
 
-       default:
+    default:
 
-           if (LDAP_NAME_ERROR (err))
-               return KRB5_KDB_NOENTRY;
+       if (LDAP_NAME_ERROR (err))
+           return KRB5_KDB_NOENTRY;
 
-           if (LDAP_SECURITY_ERROR (err))
-               return KRB5_KDB_UNAUTH;
+       if (LDAP_SECURITY_ERROR (err))
+           return KRB5_KDB_UNAUTH;
 
-           if (LDAP_SERVICE_ERROR (err) || LDAP_API_ERROR (err) || LDAP_X_ERROR (err))
-               return KRB5_KDB_ACCESS_ERROR;
+       if (LDAP_SERVICE_ERROR (err) || LDAP_API_ERROR (err) || LDAP_X_ERROR (err))
+           return KRB5_KDB_ACCESS_ERROR;
 
-           if (LDAP_UPDATE_ERROR(err))
-               return KRB5_KDB_UK_SERROR;
+       if (LDAP_UPDATE_ERROR(err))
+           return KRB5_KDB_UK_SERROR;
 
-           /* LDAP_OTHER */
-           return KRB5_KDB_SERVER_INTERNAL_ERR;
+       /* LDAP_OTHER */
+       return KRB5_KDB_SERVER_INTERNAL_ERR;
     }
 }
index 79535829606e0d8c54c343b29a46fb37538ae181..c159f00145b36130c0b3807c6e0c04ad84ca2cf8 100644 (file)
  * get the master key from the database specific context
  */
 
-krb5_error_code 
+krb5_error_code
 krb5_ldap_get_mkey (context, key)
-     krb5_context               context;  
-     krb5_keyblock              **key;
-  
+    krb5_context               context;
+    krb5_keyblock              **key;
+
 {
     kdb5_dal_handle             *dal_handle=NULL;
     krb5_ldap_context           *ldap_context=NULL;
@@ -49,8 +49,8 @@ krb5_ldap_get_mkey (context, key)
 
     dal_handle = (kdb5_dal_handle *) context->db_context;
     ldap_context = (krb5_ldap_context *) dal_handle->db_context;
-    
-    if ( ldap_context == NULL || ldap_context->lrparams == NULL) 
+
+    if (ldap_context == NULL || ldap_context->lrparams == NULL)
        return KRB5_KDB_DBNOTINITED;
 
     *key = &ldap_context->lrparams->mkey;
@@ -62,7 +62,7 @@ krb5_ldap_get_mkey (context, key)
  * set the master key into the database specific context
  */
 
-krb5_error_code 
+krb5_error_code
 krb5_ldap_set_mkey (context, pwd, key)
     krb5_context                context;
     char                        *pwd;
@@ -77,10 +77,10 @@ krb5_ldap_set_mkey (context, pwd, key)
 
     dal_handle = (kdb5_dal_handle *) context->db_context;
     ldap_context = (krb5_ldap_context *) dal_handle->db_context;
-  
-    if ( ldap_context == NULL || ldap_context->lrparams == NULL)
-        return KRB5_KDB_DBNOTINITED;
-  
+
+    if (ldap_context == NULL || ldap_context->lrparams == NULL)
+       return KRB5_KDB_DBNOTINITED;
+
     r_params = ldap_context->lrparams;
 
     if (r_params->mkey.contents) {
@@ -92,9 +92,9 @@ krb5_ldap_set_mkey (context, pwd, key)
     r_params->mkey.enctype = key->enctype;
     r_params->mkey.length = key->length;
     r_params->mkey.contents = malloc(key->length);
-    if (r_params->mkey.contents == NULL) 
+    if (r_params->mkey.contents == NULL)
        return ENOMEM;
-  
+
     memcpy(r_params->mkey.contents, key->contents, key->length);
     return 0;
 }
index 4cc945f4a8ab08be8ac63fe47cd70409dcf175a3..6f8e73d0e20062ee34721dbba40b8defa22fd136 100644 (file)
 
 /*
  * Update the server info structure. In case of an asynchronous bind,
- * this function is called to check the bind status. A flag 
+ * this function is called to check the bind status. A flag
  * server_info_upate_pending is refered before calling this function.
- * This function sets the server_status to either ON or OFF and 
- * sets the server_info_udpate_pending to OFF. 
- * Do not lock the mutex here. The caller should lock it 
+ * This function sets the server_status to either ON or OFF and
+ * sets the server_info_udpate_pending to OFF.
+ * Do not lock the mutex here. The caller should lock it
  */
 
-static krb5_error_code 
+static krb5_error_code
 krb5_update_server_info(ldap_server_handle, server_info)
     krb5_ldap_server_handle    *ldap_server_handle;
     krb5_ldap_server_info      *server_info;
@@ -53,9 +53,9 @@ krb5_update_server_info(ldap_server_handle, server_info)
 
     if (ldap_server_handle == NULL || server_info == NULL)
        return -1;
-  
+
     while (st == 0) {
-       st = ldap_result(ldap_server_handle->ldap_handle, ldap_server_handle->msgid, 
+       st = ldap_result(ldap_server_handle->ldap_handle, ldap_server_handle->msgid,
                         LDAP_MSG_ALL, &ztime, &result);
        switch (st) {
        case -1:
@@ -66,18 +66,18 @@ krb5_update_server_info(ldap_server_handle, server_info)
        case 0:
            continue;
            break;
-           
+
        case LDAP_RES_BIND:
            if ((st=ldap_result2error(ldap_server_handle->ldap_handle, result, 1)) == LDAP_SUCCESS) {
                server_info->server_status = ON;
            } else {
-/* ?? */       krb5_set_error_message(0, 0, "%s", ldap_err2string(st));
+               /* ?? */        krb5_set_error_message(0, 0, "%s", ldap_err2string(st));
                server_info->server_status = OFF;
                time(&server_info->downtime);
            }
            ldap_msgfree(result);
            break;
-       default: 
+       default:
            ldap_msgfree(result);
            continue;
            break;
@@ -88,9 +88,9 @@ krb5_update_server_info(ldap_server_handle, server_info)
 }
 #endif
 
-/* 
- * Return ldap server handle from the pool. If the pool is exhausted return NULL. 
- * Do not lock the mutex, caller should lock it 
+/*
+ * Return ldap server handle from the pool. If the pool is exhausted return NULL.
+ * Do not lock the mutex, caller should lock it
  */
 
 static krb5_ldap_server_handle *
@@ -100,7 +100,7 @@ krb5_get_ldap_handle(ldap_context)
     krb5_ldap_server_handle    *ldap_server_handle=NULL;
     krb5_ldap_server_info      *ldap_server_info=NULL;
     int                        cnt=0;
-    
+
     while (ldap_context->server_info_list[cnt] != NULL) {
        ldap_server_info = ldap_context->server_info_list[cnt];
        if (ldap_server_info->server_status != OFF) {
@@ -110,7 +110,7 @@ krb5_get_ldap_handle(ldap_context)
                break;
 #ifdef ASYNC_BIND
                if (ldap_server_handle->server_info_update_pending == TRUE) {
-                   krb5_update_server_info(context, ldap_server_handle, 
+                   krb5_update_server_info(context, ldap_server_handle,
                                            ldap_server_info);
                }
 
@@ -127,58 +127,58 @@ krb5_get_ldap_handle(ldap_context)
     return ldap_server_handle;
 }
 
-/* 
- * This is called incase krb5_get_ldap_handle returns NULL. 
+/*
+ * This is called incase krb5_get_ldap_handle returns NULL.
  * Try getting a single connection (handle) and return the same by
  * calling krb5_get_ldap_handle function.
- * Do not lock the mutex here. The caller should lock it 
+ * Do not lock the mutex here. The caller should lock it
  */
 
-static krb5_ldap_server_handle * 
+static krb5_ldap_server_handle *
 krb5_retry_get_ldap_handle(ldap_context, st)
     krb5_ldap_context          *ldap_context;
     krb5_error_code            *st;
 {
-    krb5_ldap_server_handle    *ldap_server_handle=NULL;   
+    krb5_ldap_server_handle    *ldap_server_handle=NULL;
 
-    if ((*st=krb5_ldap_db_single_init(ldap_context)) != 0) 
+    if ((*st=krb5_ldap_db_single_init(ldap_context)) != 0)
        return NULL;
-    
+
     ldap_server_handle = krb5_get_ldap_handle(ldap_context);
     return ldap_server_handle;
 }
 
 /*
- * Put back the ldap server handle to the front of the list of handles of the 
+ * Put back the ldap server handle to the front of the list of handles of the
  * ldap server info structure.
- * Do not lock the mutex here. The caller should lock it. 
+ * Do not lock the mutex here. The caller should lock it.
  */
 
-static krb5_error_code 
+static krb5_error_code
 krb5_put_ldap_handle(ldap_server_handle)
     krb5_ldap_server_handle    *ldap_server_handle;
 {
 
     if (ldap_server_handle == NULL)
        return 0;
-    
+
     ldap_server_handle->next = ldap_server_handle->server_info->ldap_server_handles;
     ldap_server_handle->server_info->ldap_server_handles = ldap_server_handle;
     return 0;
 }
 
-/* 
+/*
  * Add a new ldap server handle structure to the server info structure.
  * This function name can be changed to krb5_insert_ldap_handle.
- * Do not lock the mutex here. The caller should lock it 
+ * Do not lock the mutex here. The caller should lock it
  */
 
-krb5_error_code 
+krb5_error_code
 krb5_update_ldap_handle(ldap_server_handle, server_info)
     krb5_ldap_server_handle    *ldap_server_handle;
     krb5_ldap_server_info      *server_info;
 {
-    
+
     if (ldap_server_handle == NULL || server_info == NULL)
        return 0;
 
@@ -190,7 +190,7 @@ krb5_update_ldap_handle(ldap_server_handle, server_info)
 }
 
 /*
- * Free up all the ldap server handles of the server info. 
+ * Free up all the ldap server handles of the server info.
  * This function is called when the ldap server returns LDAP_SERVER_DOWN.
  */
 
@@ -199,13 +199,13 @@ krb5_ldap_cleanup_handles(ldap_server_info)
     krb5_ldap_server_info      *ldap_server_info;
 {
     krb5_ldap_server_handle    *ldap_server_handle = NULL;
-    
+
     while (ldap_server_info->ldap_server_handles != NULL) {
        ldap_server_handle = ldap_server_info->ldap_server_handles;
        ldap_server_info->ldap_server_handles = ldap_server_handle->next;
        /* ldap_unbind_s(ldap_server_handle); */
        free (ldap_server_handle);
-       ldap_server_handle = NULL; 
+       ldap_server_handle = NULL;
     }
     return 0;
 }
@@ -214,13 +214,13 @@ krb5_ldap_cleanup_handles(ldap_server_info)
  * wrapper function called from outside to get a handle.
  */
 
-krb5_error_code 
+krb5_error_code
 krb5_ldap_request_handle_from_pool(ldap_context, ldap_server_handle)
     krb5_ldap_context          *ldap_context;
     krb5_ldap_server_handle    **ldap_server_handle;
 {
     krb5_error_code            st=0;
-    
+
     *ldap_server_handle = NULL;
 
     HNDL_LOCK(ldap_context);
@@ -231,21 +231,21 @@ krb5_ldap_request_handle_from_pool(ldap_context, ldap_server_handle)
 }
 
 /*
- * wrapper function wrapper called to get the next ldap server handle, when the current 
+ * wrapper function wrapper called to get the next ldap server handle, when the current
  * ldap server handle returns LDAP_SERVER_DOWN.
  */
 
-krb5_error_code 
+krb5_error_code
 krb5_ldap_request_next_handle_from_pool(ldap_context, ldap_server_handle)
     krb5_ldap_context          *ldap_context;
     krb5_ldap_server_handle    **ldap_server_handle;
 {
     krb5_error_code            st=0;
-    
+
     HNDL_LOCK(ldap_context);
     (*ldap_server_handle)->server_info->server_status = OFF;
     time(&(*ldap_server_handle)->server_info->downtime);
-    krb5_put_ldap_handle(*ldap_server_handle);         
+    krb5_put_ldap_handle(*ldap_server_handle);
     krb5_ldap_cleanup_handles((*ldap_server_handle)->server_info);
 
     if (((*ldap_server_handle)=krb5_get_ldap_handle(ldap_context)) == NULL)
@@ -263,7 +263,7 @@ krb5_ldap_put_handle_to_pool(ldap_context, ldap_server_handle)
     krb5_ldap_context          *ldap_context;
     krb5_ldap_server_handle    *ldap_server_handle;
 {
-    
+
     if (ldap_server_handle != NULL) {
        HNDL_LOCK(ldap_context);
        krb5_put_ldap_handle(ldap_server_handle);
index 35e81cd4e226462ab0eadbc69bc5db0cffc1c3db..d784e0ff570dd3a3511e3b128fdaf9635c28f6ea 100644 (file)
@@ -39,39 +39,39 @@ char    *krbcontainerrefattr[] = {"krbContainerReference", NULL};
  *  Free the krb5_ldap_krbcontainer_params
  */
 
-void 
+void
 krb5_ldap_free_krbcontainer_params(krb5_ldap_krbcontainer_params *cparams)
 {
-    if(cparams == NULL)
+    if (cparams == NULL)
        return;
-    
+
     if (cparams->policyreference)
        krb5_xfree(cparams->policyreference);
-    
+
     if (cparams->parent)
        krb5_xfree(cparams->parent);
-    
+
     if (cparams->DN)
        krb5_xfree(cparams->DN);
-    
+
     krb5_xfree(cparams);
-    
+
     return;
 }
 
 /*
  * Read the kerberos container. Kerberos container dn is read from the krb5.conf file.
  * In case of eDirectory, if the dn is not present in the conf file, refer Security Container
- * to fetch the dn information. 
- * 
- * Reading kerberos container includes reading the policyreference attribute and the policy 
+ * to fetch the dn information.
+ *
+ * Reading kerberos container includes reading the policyreference attribute and the policy
  * object to read the attributes associated with it.
  */
 
 krb5_error_code
-krb5_ldap_read_krbcontainer_params( krb5_context       context, 
-                                   krb5_ldap_krbcontainer_params **cparamp)
-    
+krb5_ldap_read_krbcontainer_params(krb5_context        context,
+                                  krb5_ldap_krbcontainer_params **cparamp)
+
 {
     krb5_error_code                 st=0, tempst=0;
     LDAP                            *ld=NULL;
@@ -91,85 +91,85 @@ krb5_ldap_read_krbcontainer_params( krb5_context    context,
     /* read kerberos containter location from [dbmodules] section of krb5.conf file */
     if (ldap_context->conf_section) {
        if ((st=profile_get_string(context->profile, KDB_MODULE_SECTION, ldap_context->conf_section,
-                                  "ldap_kerberos_container_dn", NULL, 
+                                  "ldap_kerberos_container_dn", NULL,
                                   &cparams->DN)) != 0) {
-            krb5_set_error_message(context, st, "Error reading kerberos container location "
-                    "from krb5.conf");
+           krb5_set_error_message(context, st, "Error reading kerberos container location "
+                                  "from krb5.conf");
            goto cleanup;
        }
     }
-    
+
     /* read kerberos containter location from [dbdefaults] section of krb5.conf file */
     if (cparams->DN == NULL) {
-       if ((st=profile_get_string(context->profile, KDB_MODULE_DEF_SECTION, 
-                                  "ldap_kerberos_container_dn", NULL, 
+       if ((st=profile_get_string(context->profile, KDB_MODULE_DEF_SECTION,
+                                  "ldap_kerberos_container_dn", NULL,
                                   NULL, &cparams->DN)) != 0) {
-            krb5_set_error_message(context, st, "Error reading kerberos container location "
-                    "from krb5.conf");
+           krb5_set_error_message(context, st, "Error reading kerberos container location "
+                                  "from krb5.conf");
            goto cleanup;
        }
     }
 
 #ifndef HAVE_EDIRECTORY
 /*
- * In case eDirectory, we can fall back to security container if the kerberos container location 
+ * In case eDirectory, we can fall back to security container if the kerberos container location
  * is missing in the conf file. In openldap we will have to return an error.
  */
     if (cparams->DN == NULL) {
-        st = KRB5_KDB_SERVER_INTERNAL_ERR;
-        krb5_set_error_message(context, st, "Kerberos container location not specified");
-        goto cleanup;
+       st = KRB5_KDB_SERVER_INTERNAL_ERR;
+       krb5_set_error_message(context, st, "Kerberos container location not specified");
+       goto cleanup;
     }
 #endif
 
     if (cparams->DN != NULL) {
-       /* NOTE: krbmaxtktlife, krbmaxrenewableage ... present on Kerberos Container is 
+       /* NOTE: krbmaxtktlife, krbmaxrenewableage ... present on Kerberos Container is
         * not read
         */
        LDAP_SEARCH_1(cparams->DN, LDAP_SCOPE_BASE, "(objectclass=krbContainer)", policyrefattribute, IGNORE_STATUS);
        if (st != LDAP_SUCCESS && st != LDAP_NO_SUCH_OBJECT) {
-            st = set_ldap_error(context, st, OP_SEARCH);
+           st = set_ldap_error(context, st, OP_SEARCH);
            goto cleanup;
        }
-       
+
        if (st == LDAP_NO_SUCH_OBJECT) {
-            st = KRB5_KDB_NOENTRY;
-            goto cleanup;
+           st = KRB5_KDB_NOENTRY;
+           goto cleanup;
        }
     }
-       
+
 #ifdef HAVE_EDIRECTORY
     /*
-     * If the kerberos location in the conf file is missing or invalid, fall back to the 
+     * If the kerberos location in the conf file is missing or invalid, fall back to the
      * security container. If the kerberos location in the security container is also missing
      * then fall back to the default value
      */
     if ((cparams->DN == NULL) || (st == LDAP_NO_SUCH_OBJECT)) {
-       /* 
+       /*
         * kerberos container can be anywhere. locate it by reading the security
         * container to find the location.
         */
        LDAP_SEARCH(SECURITY_CONTAINER, LDAP_SCOPE_BASE, NULL, krbcontainerrefattr);
        if ((ent = ldap_first_entry(ld, result)) != NULL) {
-           if ((st=krb5_ldap_get_string(ld, ent, "krbcontainerreference", 
+           if ((st=krb5_ldap_get_string(ld, ent, "krbcontainerreference",
                                         &(cparams->DN), NULL)) != 0)
                goto cleanup;
            if (cparams->DN == NULL) {
                cparams->DN = strdup(KERBEROS_CONTAINER);
                CHECK_NULL(cparams->DN);
            }
-       } 
+       }
        ldap_msgfree(result);
-       
-       /* NOTE: krbmaxtktlife, krbmaxrenewableage ... attributes present on 
+
+       /* NOTE: krbmaxtktlife, krbmaxrenewableage ... attributes present on
         * Kerberos Container is not read
         */
        LDAP_SEARCH(cparams->DN, LDAP_SCOPE_BASE, "(objectclass=krbContainer)", policyrefattribute);
     }
 #endif
-       
-    if ((ent = ldap_first_entry(ld, result))) {  
-       if ((st=krb5_ldap_get_string(ld, ent, "krbpolicyreference", 
+
+    if ((ent = ldap_first_entry(ld, result))) {
+       if ((st=krb5_ldap_get_string(ld, ent, "krbpolicyreference",
                                     &(cparams->policyreference), NULL)) != 0)
            goto cleanup;
     }
@@ -183,21 +183,21 @@ krb5_ldap_read_krbcontainer_params( krb5_context  context,
        }
        st = LDAP_SUCCESS; /* reset the return status in case it is LDAP_NO_SUCH_OBJECT */
 
-       ent=ldap_first_entry(ld, result);       
+       ent=ldap_first_entry(ld, result);
        if (ent != NULL) {
            krb5_ldap_get_value(ld, ent, "krbmaxtktlife", &(cparams->max_life));
            krb5_ldap_get_value(ld, ent, "krbmaxrenewableage", &(cparams->max_renewable_life));
-           krb5_ldap_get_value(ld, ent, "krbticketflags", &(cparams->tktflags));           
+           krb5_ldap_get_value(ld, ent, "krbticketflags", &(cparams->tktflags));
        }
        ldap_msgfree(result);
     }
-    *cparamp=cparams;    
+    *cparamp=cparams;
 
- cleanup:
-    if(st != 0) {
+cleanup:
+    if (st != 0) {
        krb5_ldap_free_krbcontainer_params(cparams);
        *cparamp=NULL;
     }
-    krb5_ldap_put_handle_to_pool(ldap_context, ldap_server_handle);    
+    krb5_ldap_put_handle_to_pool(ldap_context, ldap_server_handle);
     return st;
 }
index a13d1c7a547aa4cc2240b2e5c8495f543488b090..41cea5ff2a642f935b966c7a84f5a9c7917bc98c 100644 (file)
  */
 krb5_error_code
 krb5_ldap_read_server_params(context, conf_section, srv_type)
-     krb5_context               context;
-     char                       *conf_section;
-     int                        srv_type;
+    krb5_context               context;
+    char                       *conf_section;
+    int                        srv_type;
 {
     char                        *tempval=NULL, *save_ptr=NULL;
-    const char                  *delims="\t\n\f\v\r ,"; 
+    const char                  *delims="\t\n\f\v\r ,";
     krb5_error_code             st=0;
     kdb5_dal_handle             *dal_handle=NULL;
     krb5_ldap_context           *ldap_context=NULL;
@@ -56,16 +56,16 @@ krb5_ldap_read_server_params(context, conf_section, srv_type)
 
     /* copy the conf_section into ldap_context for later use */
     if (conf_section) {
-      ldap_context->conf_section = strdup (conf_section);
-      if (ldap_context->conf_section == NULL) {
-       st = ENOMEM;
-       goto cleanup;
-      }
+       ldap_context->conf_section = strdup (conf_section);
+       if (ldap_context->conf_section == NULL) {
+           st = ENOMEM;
+           goto cleanup;
+       }
     }
 
     /* initialize the mutexs and condition variable */
     /* this portion logically doesn't fit here should be moved appropriately */
-    
+
     /* this mutex is used in ldap reconnection pool */
     if (k5_mutex_init(&(ldap_context->hndl_lock)) != 0) {
        st = KRB5_KDB_SERVER_INTERNAL_ERR;
@@ -79,105 +79,103 @@ krb5_ldap_read_server_params(context, conf_section, srv_type)
      * this parameter defines maximum ldap connections per ldap server
      */
     if (ldap_context->max_server_conns == 0) {
-       if ((st=profile_get_integer(context->profile, KDB_MODULE_SECTION, conf_section, 
-                                   "ldap_conns_per_server", 0, 
+       if ((st=profile_get_integer(context->profile, KDB_MODULE_SECTION, conf_section,
+                                   "ldap_conns_per_server", 0,
                                    (int *) &ldap_context->max_server_conns)) != 0) {
-            krb5_set_error_message (context, st, "Error reading 'ldap_conns_per_server' "
-                    "attribute");
+           krb5_set_error_message (context, st, "Error reading 'ldap_conns_per_server' "
+                                   "attribute");
            goto cleanup;
        }
     }
-    
+
     /* if ldap port is not set read it from database module section of conf file */
     if (ldap_context->port == 0) {
-       if ((st=profile_get_integer(context->profile, KDB_MODULE_SECTION, conf_section, 
-                                   "ldap_ssl_port", 0, 
+       if ((st=profile_get_integer(context->profile, KDB_MODULE_SECTION, conf_section,
+                                   "ldap_ssl_port", 0,
                                    (int *) &ldap_context->port)) != 0) {
-            krb5_set_error_message (context, st, "Error reading 'ldap_ssl_port' attribute");
+           krb5_set_error_message (context, st, "Error reading 'ldap_ssl_port' attribute");
            goto cleanup;
        }
     }
-    
-    /* if the bind dn is not set read it from the database module section of conf file 
-     * this paramter is populated by one of the KDC, ADMIN or PASSWD dn to be used to connect 
+
+    /* if the bind dn is not set read it from the database module section of conf file
+     * this paramter is populated by one of the KDC, ADMIN or PASSWD dn to be used to connect
      * to LDAP server. the srv_type decides which dn to read.
      */
-    if( ldap_context->bind_dn == NULL ) {
-       
+    if (ldap_context->bind_dn == NULL) {
+
        if (srv_type == KRB5_KDB_SRV_TYPE_KDC) {
-           if ((st=profile_get_string(context->profile, KDB_MODULE_SECTION, conf_section, 
+           if ((st=profile_get_string(context->profile, KDB_MODULE_SECTION, conf_section,
                                       "ldap_kdc_dn", NULL, &ldap_context->bind_dn)) != 0) {
-                krb5_set_error_message (context, st, "Error reading 'ldap_kdc_dn' attribute");
+               krb5_set_error_message (context, st, "Error reading 'ldap_kdc_dn' attribute");
                goto cleanup;
            }
-       }
-       else if (srv_type == KRB5_KDB_SRV_TYPE_ADMIN) {
-           if ((st=profile_get_string(context->profile, KDB_MODULE_SECTION, conf_section, 
+       } else if (srv_type == KRB5_KDB_SRV_TYPE_ADMIN) {
+           if ((st=profile_get_string(context->profile, KDB_MODULE_SECTION, conf_section,
                                       "ldap_kadmind_dn", NULL, &ldap_context->bind_dn)) != 0) {
-                krb5_set_error_message (context, st, "Error reading 'ldap_kadmind_dn' attribute");
+               krb5_set_error_message (context, st, "Error reading 'ldap_kadmind_dn' attribute");
                goto cleanup;
            }
-       }
-       else if (srv_type == KRB5_KDB_SRV_TYPE_PASSWD) {
-           if ((st=profile_get_string(context->profile, KDB_MODULE_SECTION, conf_section, 
+       } else if (srv_type == KRB5_KDB_SRV_TYPE_PASSWD) {
+           if ((st=profile_get_string(context->profile, KDB_MODULE_SECTION, conf_section,
                                       "ldap_kpasswdd_dn", NULL, &ldap_context->bind_dn)) != 0) {
-                krb5_set_error_message (context, st, "Error reading 'ldap_kpasswdd_dn' attribute");
+               krb5_set_error_message (context, st, "Error reading 'ldap_kpasswdd_dn' attribute");
                goto cleanup;
            }
        }
     }
 
     /* read service_password_file parameter from database module section of conf file
-     * this file contains stashed passwords of the KDC, ADMIN and PASSWD dns. 
+     * this file contains stashed passwords of the KDC, ADMIN and PASSWD dns.
      */
     if (ldap_context->service_password_file == NULL) {
-       if ((st=profile_get_string(context->profile, KDB_MODULE_SECTION, conf_section, 
-                                  "ldap_service_password_file", NULL, 
+       if ((st=profile_get_string(context->profile, KDB_MODULE_SECTION, conf_section,
+                                  "ldap_service_password_file", NULL,
                                   &ldap_context->service_password_file)) != 0) {
-            krb5_set_error_message (context, st, "Error reading 'ldap_service_password_file' attribute");
+           krb5_set_error_message (context, st, "Error reading 'ldap_service_password_file' attribute");
            goto cleanup;
        }
     }
-      
+
     /* if root certificate file is not set read it from database module section of conf file
      * this is the trusted root certificate of the Directory.
-     */ 
+     */
     if (ldap_context->root_certificate_file == NULL) {
-       if ((st=profile_get_string(context->profile, KDB_MODULE_SECTION, conf_section, 
-                                  "ldap_root_certificate_file", NULL, 
+       if ((st=profile_get_string(context->profile, KDB_MODULE_SECTION, conf_section,
+                                  "ldap_root_certificate_file", NULL,
                                   &ldap_context->root_certificate_file)) != 0) {
-            krb5_set_error_message (context, st, "Error reading 'ldap_root_certificate_file' attribute");
+           krb5_set_error_message (context, st, "Error reading 'ldap_root_certificate_file' attribute");
            goto cleanup;
        }
     }
-      
-    /* if the ldap server parameter is not set read the list of ldap servers:port from the 
-     * database module section of the conf file 
+
+    /* if the ldap server parameter is not set read the list of ldap servers:port from the
+     * database module section of the conf file
      */
-    
+
     if (ldap_context->server_info_list == NULL) {
        unsigned int ele=0;
-       
+
        server_info = &(ldap_context->server_info_list);
-       *server_info = (krb5_ldap_server_info **) calloc (SERV_COUNT+1, 
+       *server_info = (krb5_ldap_server_info **) calloc (SERV_COUNT+1,
                                                          sizeof (krb5_ldap_server_info *));
-       
+
        if (*server_info == NULL) {
            st = ENOMEM;
            goto cleanup;
        }
-       
-       if ((st=profile_get_string(context->profile, KDB_MODULE_SECTION, conf_section, 
+
+       if ((st=profile_get_string(context->profile, KDB_MODULE_SECTION, conf_section,
                                   "ldap_servers", NULL, &tempval)) != 0) {
-            krb5_set_error_message (context, st, "Error reading 'ldap_servers' attribute");
+           krb5_set_error_message (context, st, "Error reading 'ldap_servers' attribute");
            goto cleanup;
        }
-       
+
        if (tempval == NULL) {
-           
-           (*server_info)[ele] = (krb5_ldap_server_info *)calloc(1, 
+
+           (*server_info)[ele] = (krb5_ldap_server_info *)calloc(1,
                                                                  sizeof(krb5_ldap_server_info));
-           
+
            (*server_info)[ele]->server_name = strdup("localhost");
            if ((*server_info)[ele]->server_name == NULL) {
                st = ENOMEM;
@@ -186,10 +184,10 @@ krb5_ldap_read_server_params(context, conf_section, srv_type)
            (*server_info)[ele]->server_status = NOTSET;
        } else {
            char *port=NULL, *server=NULL, *item=NULL;
-           
+
            item = strtok_r(tempval,delims,&save_ptr);
-           while(item != NULL && ele<SERV_COUNT){
-               (*server_info)[ele] = (krb5_ldap_server_info *)calloc(1, 
+           while (item != NULL && ele<SERV_COUNT) {
+               (*server_info)[ele] = (krb5_ldap_server_info *)calloc(1,
                                                                      sizeof(krb5_ldap_server_info));
                if ((*server_info)[ele] == NULL) {
                    st = ENOMEM;
@@ -214,14 +212,14 @@ krb5_ldap_read_server_params(context, conf_section, srv_type)
        }
     }
 
-    /* the same set of all the above parameters can be obtained from the dbdefaults section of 
+    /* the same set of all the above parameters can be obtained from the dbdefaults section of
      * conf file. Here read the missing parameters from [dbdefaults] section */
 
     if (ldap_context->max_server_conns == 0) {
-       if ((st=profile_get_integer(context->profile, KDB_MODULE_DEF_SECTION, 
-                                   "ldap_conns_per_server", NULL, DEFAULT_CONNS_PER_SERVER, 
+       if ((st=profile_get_integer(context->profile, KDB_MODULE_DEF_SECTION,
+                                   "ldap_conns_per_server", NULL, DEFAULT_CONNS_PER_SERVER,
                                    (int *) &ldap_context->max_server_conns)) != 0) {
-            krb5_set_error_message (context, st, "Error reading 'ldap_conns_per_server' attribute");
+           krb5_set_error_message (context, st, "Error reading 'ldap_conns_per_server' attribute");
            goto cleanup;
        }
     }
@@ -231,36 +229,34 @@ krb5_ldap_read_server_params(context, conf_section, srv_type)
        krb5_set_error_message (context, st, "Minimum connections required per server is 2");
        goto cleanup;
     }
-    
+
     if (ldap_context->port == 0) {
-       if ((st=profile_get_integer(context->profile, KDB_MODULE_DEF_SECTION, "ldap_ssl_port", 
+       if ((st=profile_get_integer(context->profile, KDB_MODULE_DEF_SECTION, "ldap_ssl_port",
                                    NULL, LDAPS_PORT, &ldap_context->port)) != 0) {
-            krb5_set_error_message (context, st, "Error reading 'ldap_ssl_port' attribute");
+           krb5_set_error_message (context, st, "Error reading 'ldap_ssl_port' attribute");
            goto cleanup;
        }
     }
 
-    if( ldap_context->bind_dn == NULL ) {
+    if (ldap_context->bind_dn == NULL) {
        if (srv_type == KRB5_KDB_SRV_TYPE_KDC) {
-           if ((st=profile_get_string(context->profile, KDB_MODULE_DEF_SECTION, "ldap_kdc_dn", 
+           if ((st=profile_get_string(context->profile, KDB_MODULE_DEF_SECTION, "ldap_kdc_dn",
                                       NULL, NULL, &ldap_context->bind_dn)) != 0) {
-                krb5_set_error_message (context, st, "Error reading 'ldap_kdc_dn' attribute");
+               krb5_set_error_message (context, st, "Error reading 'ldap_kdc_dn' attribute");
                goto cleanup;
            }
-       }
-       else if (srv_type == KRB5_KDB_SRV_TYPE_ADMIN) {
-           if ((st=profile_get_string(context->profile, KDB_MODULE_DEF_SECTION, 
-                                      "ldap_kadmind_dn", NULL, NULL, 
+       } else if (srv_type == KRB5_KDB_SRV_TYPE_ADMIN) {
+           if ((st=profile_get_string(context->profile, KDB_MODULE_DEF_SECTION,
+                                      "ldap_kadmind_dn", NULL, NULL,
                                       &ldap_context->bind_dn)) != 0) {
-                krb5_set_error_message (context, st, "Error reading 'ldap_kadmind_dn' attribute");
+               krb5_set_error_message (context, st, "Error reading 'ldap_kadmind_dn' attribute");
                goto cleanup;
            }
-       }
-       else if (srv_type == KRB5_KDB_SRV_TYPE_PASSWD) {
-           if ((st=profile_get_string(context->profile, KDB_MODULE_DEF_SECTION, 
-                                      "ldap_kpasswdd_dn", NULL, NULL, 
+       } else if (srv_type == KRB5_KDB_SRV_TYPE_PASSWD) {
+           if ((st=profile_get_string(context->profile, KDB_MODULE_DEF_SECTION,
+                                      "ldap_kpasswdd_dn", NULL, NULL,
                                       &ldap_context->bind_dn)) != 0) {
-                krb5_set_error_message (context, st, "Error reading 'ldap_kpasswdd_dn' attribute");
+               krb5_set_error_message (context, st, "Error reading 'ldap_kpasswdd_dn' attribute");
                goto cleanup;
            }
        }
@@ -268,25 +264,25 @@ krb5_ldap_read_server_params(context, conf_section, srv_type)
 
     /* read service_password_file value */
     if (ldap_context->service_password_file == NULL) {
-       if ((st=profile_get_string(context->profile, KDB_MODULE_DEF_SECTION, 
-                                  "ldap_service_password_file", NULL, NULL, 
+       if ((st=profile_get_string(context->profile, KDB_MODULE_DEF_SECTION,
+                                  "ldap_service_password_file", NULL, NULL,
                                   &ldap_context->service_password_file)) != 0) {
-            krb5_set_error_message (context, st, "Error reading 'ldap_service_passwd_file' attribute");
+           krb5_set_error_message (context, st, "Error reading 'ldap_service_passwd_file' attribute");
            goto cleanup;
        }
     }
-    
+
     /* read root certificate file value */
     if (ldap_context->root_certificate_file == NULL) {
-       if ((st=profile_get_string(context->profile, KDB_MODULE_DEF_SECTION, 
-                                  "ldap_root_certificate_file", NULL, NULL, 
+       if ((st=profile_get_string(context->profile, KDB_MODULE_DEF_SECTION,
+                                  "ldap_root_certificate_file", NULL, NULL,
                                   &ldap_context->root_certificate_file)) != 0) {
-            krb5_set_error_message (context, st, "Error reading 'ldap_root_certificate_file' attribute");
+           krb5_set_error_message (context, st, "Error reading 'ldap_root_certificate_file' attribute");
            goto cleanup;
        }
     }
-    
- cleanup:
+
+cleanup:
     return(st);
 }
 
@@ -303,9 +299,9 @@ krb5_ldap_free_server_params(ldap_context)
 
     if (ldap_context == NULL)
        return 0;
-    
+
     /* free all ldap servers list and the ldap handles associated with the ldap server */
-    if(ldap_context->server_info_list) {
+    if (ldap_context->server_info_list) {
        while (ldap_context->server_info_list[i]) {
            if (ldap_context->server_info_list[i]->server_name) {
                free (ldap_context->server_info_list[i]->server_name);
@@ -328,7 +324,7 @@ krb5_ldap_free_server_params(ldap_context)
        }
        krb5_xfree(ldap_context->server_info_list);
     }
-      
+
     if (ldap_context->conf_section != NULL) {
        krb5_xfree(ldap_context->conf_section);
        ldap_context->conf_section = NULL;
@@ -391,36 +387,36 @@ krb5_ldap_free_server_params(ldap_context)
 
 krb5_error_code
 is_principal_in_realm(ldap_context, searchfor)
-     krb5_ldap_context          *ldap_context;
-     krb5_const_principal       searchfor;
+    krb5_ldap_context          *ldap_context;
+    krb5_const_principal       searchfor;
 {
     int                         defrealmlen=0;
     char                        *defrealm=NULL;
-  
+
 #define FIND_MAX(a,b) ((a) > (b) ? (a) : (b))
 
     defrealmlen = strlen(ldap_context->lrparams->realm_name);
     defrealm = ldap_context->lrparams->realm_name;
-  
+
     /* care should be taken for inter-realm principals as the default realm can exist in the
-     * realm part of the principal name or can also exist in the second portion of the name part. 
-     * However, if the default realm exist in the second part of the principal portion, then the 
-     * first portion of the principal name SHOULD be "krbtgt". All this check is done in the 
+     * realm part of the principal name or can also exist in the second portion of the name part.
+     * However, if the default realm exist in the second part of the principal portion, then the
+     * first portion of the principal name SHOULD be "krbtgt". All this check is done in the
      * immediate block.
      */
-    if (searchfor->length == 2) 
-       if ((strncasecmp(searchfor->data[0].data, "krbtgt", 
-                        FIND_MAX(searchfor->data[0].length, strlen("krbtgt"))) == 0) && 
-           (strncasecmp(searchfor->data[1].data, defrealm, 
-                        FIND_MAX(searchfor->data[1].length, defrealmlen)) == 0)) 
+    if (searchfor->length == 2)
+       if ((strncasecmp(searchfor->data[0].data, "krbtgt",
+                        FIND_MAX(searchfor->data[0].length, strlen("krbtgt"))) == 0) &&
+           (strncasecmp(searchfor->data[1].data, defrealm,
+                        FIND_MAX(searchfor->data[1].length, defrealmlen)) == 0))
            return 0;
-  
+
     /* first check the length, if they are not equal, then they are not same */
     if (strlen(defrealm) != searchfor->realm.length)
        return 1;
-  
+
     /* if the length is equal, check for the contents */
-    if (strncmp(defrealm, searchfor->realm.data, 
+    if (strncmp(defrealm, searchfor->realm.data,
                searchfor->realm.length) != 0)
        return 1;
     /* if we are here, then the realm portions match, return 0 */
@@ -429,8 +425,8 @@ is_principal_in_realm(ldap_context, searchfor)
 
 
 /*
- * Deduce the subtree information from the context. A realm can have atmost 2 subtrees. 
- * 1. the Realm container 
+ * Deduce the subtree information from the context. A realm can have atmost 2 subtrees.
+ * 1. the Realm container
  * 2. the actual subtree associated with the Realm
  *
  * However, there are some conditions to be considered to deduce the actual subtree/s associated
@@ -439,7 +435,7 @@ is_principal_in_realm(ldap_context, searchfor)
  *    the realm has only one subtree i.e [Root], i.e. whole of the tree.
  * 2. If the subtree information of the Realm is missing/absent, then the realm has only one
  *    i.e. the Realm container. NOTE: In call cases Realm container SHOULD be the one among the
- *    subtrees or the only one subtree. 
+ *    subtrees or the only one subtree.
  * 3. The subtree information of the realm is overlapping the realm container of the realm, then
  *    the realm has only one subtree and it is the subtree information associated with the realm.
  */
@@ -455,38 +451,38 @@ krb5_get_subtree_info(ldap_context, subtreearr, ntree)
     subtree = ldap_context->lrparams->subtree;
     realm_cont_dn = ldap_context->lrparams->realmdn;
 
-    /* 
-     * if subtree attribute value is [Root] of the tree which is represented by a "" 
+    /*
+     * if subtree attribute value is [Root] of the tree which is represented by a ""
      * (null) string, set the ntree value as 1 and do not fill the subtreearr value.
      * In eDirectory the [Root] can be represented as a "" (null) string, however this
-     * representation throws a "No such object" error in OpenLDAP. 
+     * representation throws a "No such object" error in OpenLDAP.
      * Representing [Root] of the tree as NULL pointer (i.e. no value) works in both case.
      */
     if (subtree == NULL || strcasecmp(subtree, "") == 0) {
        *ntree = 1;
        return 0;
     }
-       
-    /* 
-     * the subtree attribute value of the realm can be same as the realm container or can 
-     * even overlap. If the check is successful, then the subtree attribute value alone is 
+
+    /*
+     * the subtree attribute value of the realm can be same as the realm container or can
+     * even overlap. If the check is successful, then the subtree attribute value alone is
      * copied to the subtreearr array and the ntree value is set to 1.
      */
     lendiff = strlen(realm_cont_dn) - strlen(subtree);
     if (lendiff >= 0 && (strcasecmp(realm_cont_dn+lendiff, subtree)==0)) {
        subtreearr[0] = strdup(subtree);
-       if (subtreearr[0] == NULL) 
+       if (subtreearr[0] == NULL)
            return ENOMEM;
        *ntree = 1;
        return 0;
-    } 
-       
+    }
+
     /*
      * if the subtree attribute value of the realm and the realm container are different,
      * then both of the values are copied to subtreearr and ntree value is set to 2.
      */
     subtreearr[0] = strdup(realm_cont_dn);
-    if (subtreearr[0] == NULL) 
+    if (subtreearr[0] == NULL)
        return ENOMEM;
     subtreearr[1] = strdup(subtree);
     if (subtreearr[1] == NULL) {
@@ -500,7 +496,7 @@ krb5_get_subtree_info(ldap_context, subtreearr, ntree)
 
 /*
  * This function appends the content with a type into the tl_data structure. Based on the type
- * the length of the content is either pre-defined or computed from the content. 
+ * the length of the content is either pre-defined or computed from the content.
  * Returns 0 in case of success and 1 if the type associated with the content is undefined.
  */
 
@@ -513,116 +509,115 @@ store_tl_data(tl_data, tl_type, value)
     unsigned int                currlen=0, tldatalen=0;
     char                        *curr=NULL;
     void                        *reallocptr=NULL;
-  
+
     tl_data->tl_data_type = KDB_TL_USER_INFO;
-    switch(tl_type)
-    {
+    switch (tl_type) {
     case KDB_TL_PRINCCOUNT:
     case KDB_TL_PRINCTYPE:
     case KDB_TL_MASK:
     {
-       int *iptr = (int *)value;
-       int ivalue = *iptr;
-       
-       currlen = tl_data->tl_data_length;
-       tl_data->tl_data_length += 1 + 2 + 2;
+       int *iptr = (int *)value;
+       int ivalue = *iptr;
+
+       currlen = tl_data->tl_data_length;
+       tl_data->tl_data_length += 1 + 2 + 2;
        /* allocate required memory */
-       reallocptr = tl_data->tl_data_contents;
-       tl_data->tl_data_contents = realloc(tl_data->tl_data_contents, 
-                                           tl_data->tl_data_length);
-       if (tl_data->tl_data_contents == NULL) {
-           if (reallocptr)
-               free (reallocptr);
-           return ENOMEM;
-       }
-       curr = (char *) (tl_data->tl_data_contents + currlen);
-       
+       reallocptr = tl_data->tl_data_contents;
+       tl_data->tl_data_contents = realloc(tl_data->tl_data_contents,
+                                           tl_data->tl_data_length);
+       if (tl_data->tl_data_contents == NULL) {
+           if (reallocptr)
+               free (reallocptr);
+           return ENOMEM;
+       }
+       curr = (char *) (tl_data->tl_data_contents + currlen);
+
        /* store the tl_type value */
-       memset(curr, tl_type, 1);
-       curr += 1;
+       memset(curr, tl_type, 1);
+       curr += 1;
        /* store the content length */
-       tldatalen = 2;
-       STORE16_INT(curr, tldatalen);
-       curr += 2;
+       tldatalen = 2;
+       STORE16_INT(curr, tldatalen);
+       curr += 2;
        /* store the content */
-       STORE16_INT(curr, ivalue);      
-       curr += 2;
+       STORE16_INT(curr, ivalue);
+       curr += 2;
        break;
     }
 
     case KDB_TL_USERDN:
     case KDB_TL_TKTPOLICYDN:
     {
-       char *cptr = (char *)value;
-       
-       currlen = tl_data->tl_data_length;
-       tl_data->tl_data_length += 1 + 2 + strlen(cptr);
-       /* allocate required memory */  
-       reallocptr = tl_data->tl_data_contents;
-       tl_data->tl_data_contents = realloc(tl_data->tl_data_contents, 
-                                           tl_data->tl_data_length);
-       if (tl_data->tl_data_contents == NULL) {
-           if (reallocptr)
-               free (reallocptr);
-           return ENOMEM;
-       }
-       curr = (char *) (tl_data->tl_data_contents + currlen);
-       
+       char *cptr = (char *)value;
+
+       currlen = tl_data->tl_data_length;
+       tl_data->tl_data_length += 1 + 2 + strlen(cptr);
+       /* allocate required memory */
+       reallocptr = tl_data->tl_data_contents;
+       tl_data->tl_data_contents = realloc(tl_data->tl_data_contents,
+                                           tl_data->tl_data_length);
+       if (tl_data->tl_data_contents == NULL) {
+           if (reallocptr)
+               free (reallocptr);
+           return ENOMEM;
+       }
+       curr = (char *) (tl_data->tl_data_contents + currlen);
+
        /* store the tl_type value */
-       memset(curr, tl_type, 1);
-       curr += 1;
+       memset(curr, tl_type, 1);
+       curr += 1;
        /* store the content length */
-       tldatalen = strlen(cptr);
-       STORE16_INT(curr, tldatalen);
-       curr += 2;
+       tldatalen = strlen(cptr);
+       STORE16_INT(curr, tldatalen);
+       curr += 2;
        /* store the content */
-       memcpy(curr, cptr, tldatalen);
-       curr += tldatalen;
-       break;
+       memcpy(curr, cptr, tldatalen);
+       curr += tldatalen;
+       break;
     }
 
     case KDB_TL_KEYINFO:
     {
-       struct berval *key = (struct berval *)value;
-       
-       currlen = tl_data->tl_data_length;
-       tl_data->tl_data_length += 1 + 2 + key->bv_len;
+       struct berval *key = (struct berval *)value;
+
+       currlen = tl_data->tl_data_length;
+       tl_data->tl_data_length += 1 + 2 + key->bv_len;
        /* allocate required memory */
-       reallocptr = tl_data->tl_data_contents;
-       tl_data->tl_data_contents = realloc(tl_data->tl_data_contents, 
-                                           tl_data->tl_data_length);
-       if (tl_data->tl_data_contents == NULL) {
-           if (reallocptr)
-               free (reallocptr);
-           return ENOMEM;
-       }
-       curr = (char *) (tl_data->tl_data_contents + currlen);
-       
+       reallocptr = tl_data->tl_data_contents;
+       tl_data->tl_data_contents = realloc(tl_data->tl_data_contents,
+                                           tl_data->tl_data_length);
+       if (tl_data->tl_data_contents == NULL) {
+           if (reallocptr)
+               free (reallocptr);
+           return ENOMEM;
+       }
+       curr = (char *) (tl_data->tl_data_contents + currlen);
+
        /* store the tl_type value */
-       memset(curr, tl_type, 1);
-       curr += 1;
+       memset(curr, tl_type, 1);
+       curr += 1;
        /* store the content length */
-       tldatalen = key->bv_len;
-       STORE16_INT(curr, tldatalen);
-       curr += 2;
+       tldatalen = key->bv_len;
+       STORE16_INT(curr, tldatalen);
+       curr += 2;
        /* store the content */
-       memcpy(curr, key->bv_val, key->bv_len);
-       curr += tldatalen;
-       break;
+       memcpy(curr, key->bv_val, key->bv_len);
+       curr += tldatalen;
+       break;
     }
-    
+
     default:
        return 1;
-    
+
     }
     return 0;
 }
 
 /*
- * This function scans the tl_data structure to get the value of a type defined by the tl_type 
- * (second parameter). The tl_data structure has all the data in the tl_data_contents member. 
+ * This function scans the tl_data structure to get the value of a type defined by the tl_type
+ * (second parameter). The tl_data structure has all the data in the tl_data_contents member.
  * The format of the tl_data_contents is as follows.
- * The first byte defines the type of the content that follows. The next 2 bytes define the 
+ * The first byte defines the type of the content that follows. The next 2 bytes define the
  * size n (in terms of bytes) of the content that follows. The next n bytes define the content
  * itself.
  */
@@ -638,22 +633,22 @@ decode_tl_data(tl_data, tl_type, data)
     unsigned char               *curr=NULL;
     int                         *intptr=NULL;
     long                        *longptr=NULL;
-    char                        *DN=NULL;  
+    char                        *DN=NULL;
     krb5_boolean                keyfound=FALSE;
     KEY                         *secretkey = NULL;
 
     *data = NULL;
 
     curr = tl_data->tl_data_contents;
-    while(curr < (tl_data->tl_data_contents + tl_data->tl_data_length)) {
+    while (curr < (tl_data->tl_data_contents + tl_data->tl_data_length)) {
 
        /* get the type of the content */
        subtype = (int) curr[0];
        /* forward by 1 byte*/
        curr += 1;
-    
+
        if (subtype == tl_type) {
-           switch(subtype) {
+           switch (subtype) {
 
            case KDB_TL_PRINCCOUNT:
            case KDB_TL_PRINCTYPE:
@@ -664,16 +659,16 @@ decode_tl_data(tl_data, tl_type, data)
                curr += 2;
                /* get the actual content */
                if (sublen == 2) {
-                 /* intptr = malloc(sublen);     */
+                   /* intptr = malloc(sublen);   */
                    intptr = malloc(sizeof(krb5_int32));
-                   if (intptr == NULL) 
+                   if (intptr == NULL)
                        return ENOMEM;
                    memset(intptr, 0, sublen);
                    UNSTORE16_INT(curr, (*intptr));
                    *data = intptr;
-               } else { 
-                   longptr = malloc(sublen);     
-                   if (longptr == NULL) 
+               } else {
+                   longptr = malloc(sublen);
+                   if (longptr == NULL)
                        return ENOMEM;
                    memset(longptr, 0, sublen);
                    UNSTORE32_INT(curr, (*longptr));
@@ -712,18 +707,18 @@ decode_tl_data(tl_data, tl_type, data)
                        return ENOMEM;
                    secretkey->nkey = 0;
                    secretkey->keys = NULL;
-                   secretkey->keys = realloc(secretkey->keys, 
-                                             sizeof(*(secretkey->keys)) * (limit));      
+                   secretkey->keys = realloc(secretkey->keys,
+                                             sizeof(*(secretkey->keys)) * (limit));
                    if (secretkey->keys == NULL)
                        return ENOMEM;
                    memset(secretkey->keys, 0, sizeof (*(secretkey->keys)) * (limit));
                }
-               if ( i == limit-1) {
+               if (i == limit-1) {
                    limit *= 2;
-                   secretkey->keys = realloc(secretkey->keys, 
+                   secretkey->keys = realloc(secretkey->keys,
                                              sizeof(*(secretkey->keys)) * (limit));
                    if (secretkey->keys == NULL)
-                        return ENOMEM;
+                       return ENOMEM;
                    memset(secretkey->keys+i, 0, sizeof (*(secretkey->keys)) * (limit-i));
                }
 
@@ -751,13 +746,13 @@ decode_tl_data(tl_data, tl_type, data)
     if (tl_type == KDB_TL_KEYINFO) {
        if (keyfound)
            return 0;
-       else 
+       else
            return EINVAL;
     }
     return EINVAL;
 }
 
-/* 
+/*
  * wrapper routines for decode_tl_data
  */
 static krb5_error_code
@@ -771,23 +766,23 @@ krb5_get_int_from_tl_data(context, entries, type, intval)
     krb5_tl_data                tl_data;
     void                        *voidptr=NULL;
     int                         *intptr=NULL;
-    
+
     tl_data.tl_data_type = KDB_TL_USER_INFO;
     if (((st=krb5_dbe_lookup_tl_data(context, entries, &tl_data)) != 0) || tl_data.tl_data_length == 0)
        goto cleanup;
-    
+
     if (decode_tl_data(&tl_data, type, &voidptr) == 0) {
        intptr = (int *) voidptr;
        *intval = *intptr;
        free(intptr);
     }
 
- cleanup:
+cleanup:
     return st;
 }
 
 /*
- * get the mask representing the attributes set on the directory object (user, policy ...) 
+ * get the mask representing the attributes set on the directory object (user, policy ...)
  */
 krb5_error_code
 krb5_get_attributes_mask(context, entries, mask)
@@ -825,16 +820,16 @@ krb5_get_secretkeys(context, entries, secretkey)
     krb5_error_code             st=0;
     krb5_tl_data                tl_data;
     void                        *voidptr=NULL;
-    
+
     tl_data.tl_data_type = KDB_TL_USER_INFO;
     if (((st=krb5_dbe_lookup_tl_data(context, entries, &tl_data)) != 0) || tl_data.tl_data_length == 0)
        goto cleanup;
-    
+
     if (decode_tl_data(&tl_data, KDB_TL_KEYINFO, &voidptr) == 0) {
        *secretkey = (KEY *) voidptr;
     }
 
- cleanup:
+cleanup:
     return st;
 }
 
@@ -848,7 +843,7 @@ krb5_get_str_from_tl_data(context, entries, type, strval)
     krb5_error_code             st=0;
     krb5_tl_data                tl_data;
     void                        *voidptr=NULL;
-    
+
     if (type != KDB_TL_USERDN && type != KDB_TL_CONTAINERDN && type != KDB_TL_TKTPOLICYDN) {
        st = EINVAL;
        goto cleanup;
@@ -857,12 +852,12 @@ krb5_get_str_from_tl_data(context, entries, type, strval)
     tl_data.tl_data_type = KDB_TL_USER_INFO;
     if (((st=krb5_dbe_lookup_tl_data(context, entries, &tl_data)) != 0) || tl_data.tl_data_length == 0)
        goto cleanup;
-    
+
     if (decode_tl_data(&tl_data, type, &voidptr) == 0) {
        *strval = (char *) voidptr;
     }
 
- cleanup:
+cleanup:
     return st;
 }
 
@@ -896,10 +891,10 @@ krb5_get_policydn(context, entries, policydn)
     return krb5_get_str_from_tl_data(context, entries, KDB_TL_TKTPOLICYDN, policydn);
 }
 /*
- * This function reads the attribute values (if the attribute is non-null) from the dn. 
+ * This function reads the attribute values (if the attribute is non-null) from the dn.
  * The read attribute values is compared aganist the attrvalues passed to the function
  * and a bit mask is set for all the matching attributes (attributes existing in both list).
- * The bit to be set is selected such that the index of the attribute in the attrvalues 
+ * The bit to be set is selected such that the index of the attribute in the attrvalues
  * parameter is the position of the bit.
  * For ex: the first element in the attrvalues is present in both list shall set the LSB of the
  * bit mask.
@@ -917,16 +912,16 @@ checkattributevalue (ld, dn, attribute, attrvalues, mask)
     int                         *mask;
 {
     int                         st=0, one=1;
-    char                        **values=NULL, *attributes[2] = {NULL}; 
+    char                        **values=NULL, *attributes[2] = {NULL};
     LDAPMessage                 *result=NULL, *entry=NULL;
-  
+
     if (strlen(dn) == 0)
-      return LDAP_NO_SUCH_OBJECT;
+       return LDAP_NO_SUCH_OBJECT;
 
     attributes[0] = attribute;
 
     /* read the attribute values from the dn */
-    if((st = ldap_search_ext_s( ld,
+    if ((st = ldap_search_ext_s(ld,
                                dn,
                                LDAP_SCOPE_BASE,
                                0,
@@ -937,11 +932,11 @@ checkattributevalue (ld, dn, attribute, attrvalues, mask)
                                &timelimit,
                                LDAP_NO_LIMIT,
                                &result)) != LDAP_SUCCESS) {
-        st = set_ldap_error(0, st, OP_SEARCH);
+       st = set_ldap_error(0, st, OP_SEARCH);
        return st;
     }
-  
-    /* 
+
+    /*
      * If the attribute/attrvalues is NULL, then check for the existence of the object alone
      */
     if (attribute == NULL || attrvalues == NULL)
@@ -950,17 +945,17 @@ checkattributevalue (ld, dn, attribute, attrvalues, mask)
     /* reset the bit mask */
     *mask = 0;
 
-    if((entry=ldap_first_entry(ld, result)) != NULL) {
+    if ((entry=ldap_first_entry(ld, result)) != NULL) {
        /* read the attribute values */
-       if((values=ldap_get_values(ld, entry, attribute)) != NULL) {
+       if ((values=ldap_get_values(ld, entry, attribute)) != NULL) {
            int i,j;
-           
-           /* compare the read attribute values with the attrvalues array and set the 
-            * appropriate bit mask 
+
+           /* compare the read attribute values with the attrvalues array and set the
+            * appropriate bit mask
             */
-           for(j=0; attrvalues[j]; ++j) {
-               for(i=0; values[i]; ++i) {
-                   if(strcasecmp(values[i], attrvalues[j]) == 0) {
+           for (j=0; attrvalues[j]; ++j) {
+               for (i=0; values[i]; ++i) {
+                   if (strcasecmp(values[i], attrvalues[j]) == 0) {
                        *mask |= (one<<j);
                        break;
                    }
@@ -969,20 +964,20 @@ checkattributevalue (ld, dn, attribute, attrvalues, mask)
            ldap_value_free(values);
        }
     }
-    
- cleanup:
+
+cleanup:
     ldap_msgfree(result);
     return st;
 }
 
 
 /*
- * This function updates a single attribute with a single value of a specified dn. 
+ * This function updates a single attribute with a single value of a specified dn.
  * This function is mainly used to update krbRealmReferences, krbKdcServers, krbAdminServers...
  * when KDC, ADMIN, PASSWD servers are associated with some realms or vice versa.
  */
 
-krb5_error_code 
+krb5_error_code
 updateAttribute (ld, dn, attribute, value)
     LDAP                        *ld;
     char                        *dn;
@@ -991,7 +986,7 @@ updateAttribute (ld, dn, attribute, value)
 {
     int                         st=0;
     LDAPMod                     modAttr, *mods[2]={NULL};
-    char                        *values[2]={NULL}; 
+    char                        *values[2]={NULL};
 
     values[0] = value;
 
@@ -1001,11 +996,11 @@ updateAttribute (ld, dn, attribute, value)
     modAttr.mod_op = LDAP_MOD_ADD;
     modAttr.mod_values = values;
     mods[0] = &modAttr;
-  
+
     /* ldap modify operation */
     st = ldap_modify_s(ld, dn, mods);
 
-    /* if the {attr,attrval} combination is already present return a success 
+    /* if the {attr,attrval} combination is already present return a success
      * LDAP_ALREADY_EXISTS is for single-valued attribute
      * LDAP_TYPE_OR_VALUE_EXISTS is for multi-valued attribute
      */
@@ -1013,19 +1008,19 @@ updateAttribute (ld, dn, attribute, value)
        st = 0;
 
     if (st != 0) {
-        st = set_ldap_error (0, st, OP_MOD);
+       st = set_ldap_error (0, st, OP_MOD);
     }
-    
+
     return st;
 }
-   
+
 /*
- * This function deletes a single attribute with a single value of a specified dn. 
+ * This function deletes a single attribute with a single value of a specified dn.
  * This function is mainly used to delete krbRealmReferences, krbKdcServers, krbAdminServers...
  * when KDC, ADMIN, PASSWD servers are disassociated with some realms or vice versa.
  */
 
-krb5_error_code 
+krb5_error_code
 deleteAttribute (ld, dn, attribute, value)
     LDAP                        *ld;
     char                        *dn;
@@ -1034,7 +1029,7 @@ deleteAttribute (ld, dn, attribute, value)
 {
     krb5_error_code             st=0;
     LDAPMod                     modAttr, *mods[2]={NULL};
-    char                        *values[2]={NULL}; 
+    char                        *values[2]={NULL};
 
     values[0] = value;
 
@@ -1044,24 +1039,24 @@ deleteAttribute (ld, dn, attribute, value)
     modAttr.mod_op = LDAP_MOD_DELETE;
     modAttr.mod_values = values;
     mods[0] = &modAttr;
-  
+
     /* ldap modify operation */
     st = ldap_modify_s(ld, dn, mods);
-    
+
     /* if either the attribute or the attribute value is missing return a success */
     if (st == LDAP_NO_SUCH_ATTRIBUTE || st == LDAP_UNDEFINED_TYPE)
        st = 0;
-   
+
     if (st != 0) {
        st = set_ldap_error (0, st, OP_MOD);
     }
-    
+
     return st;
 }
 
 
 /*
- * This function takes in 2 string arrays, compares them to remove the matching entries. 
+ * This function takes in 2 string arrays, compares them to remove the matching entries.
  * The first array is the original list and the second array is the modified list. Removing
  * the matching entries will result in a reduced array, where the left over first array elements
  * are the deleted entries and the left over second array elements are the added entries.
@@ -1078,33 +1073,33 @@ disjoint_members(src, dest)
     /* validate the input parameters */
     if (src == NULL || dest == NULL)
        return 0;
-    
+
     /* compute the first array length */
-    for (i=0;src[i]; ++i) 
+    for (i=0;src[i]; ++i)
        ;
-    
+
     /* return if the length is 0 */
-    if (i==0)  
+    if (i==0)
        return 0;
 
     /* index of the last element and also the length of the array */
     slen = i-1;
 
     /* compute the second array length */
-    for (i=0;dest[i]; ++i) 
+    for (i=0;dest[i]; ++i)
        ;
 
     /* return if the length is 0 */
     if (i==0)
        return 0;
-  
+
     /* index of the last element and also the length of the array */
     dlen = i-1;
-  
+
     /* check for the similar elements and delete them from both the arrays */
-    for(i=0; src[i]; ++i) {
+    for (i=0; src[i]; ++i) {
 
-       for(j=0; dest[j]; ++j) {
+       for (j=0; dest[j]; ++j) {
 
            /* if the element are same */
            if (strcasecmp(src[i], dest[j]) == 0) {
@@ -1122,19 +1117,19 @@ disjoint_members(src, dest)
                }
                /* reduce the array length by 1 */
                slen -= 1;
-       
+
                /* repeat the same processing for the second array too */
                if (j != dlen) {
                    free(dest[j]);
                    dest[j] = dest[dlen];
                    dest[dlen] = NULL;
-               } else { 
+               } else {
                    free(dest[j]);
                    dest[j] = NULL;
                }
                dlen -=1;
 
-               /* the source array is reduced by 1, so reduce the index variable used for 
+               /* the source array is reduced by 1, so reduce the index variable used for
                 * source array by 1. No need to adjust the second array index variable as
                 * it is reset while entering the inner loop
                 */
@@ -1152,7 +1147,7 @@ disjoint_members(src, dest)
  * for later use.
  */
 
-krb5_error_code 
+krb5_error_code
 copy_arrays(src, dest, count)
     char                        **src;
     char                        ***dest;
@@ -1163,8 +1158,8 @@ copy_arrays(src, dest, count)
 
     /* validate the input parameters */
     if (src == NULL || dest == NULL)
-      return 0;
-    
+       return 0;
+
     /* allocate memory for the dest array */
     *dest = (char **) calloc((unsigned) count+1, sizeof(char *));
     if (*dest == NULL) {
@@ -1181,11 +1176,11 @@ copy_arrays(src, dest, count)
        }
     }
 
- cleanup:
+cleanup:
     /* in case of error free up everything and return */
     if (st != 0) {
        if (*dest != NULL) {
-           for(i=0; (*dest)[i]; ++i) {
+           for (i=0; (*dest)[i]; ++i) {
                free ((*dest)[i]);
                (*dest)[i] = NULL;
            }
@@ -1218,7 +1213,7 @@ getepochtime(strtime, epochtime)
  * The retval is 0 if the attribute is missing.
  */
 
-krb5_error_code 
+krb5_error_code
 krb5_ldap_get_value(ld, ent, attribute, retval)
     LDAP                        *ld;
     LDAPMessage                 *ent;
@@ -1239,11 +1234,11 @@ krb5_ldap_get_value(ld, ent, attribute, retval)
 }
 
 /*
- * krb5_ldap_get_string() - Returns the first string of the attribute. Intended to 
+ * krb5_ldap_get_string() - Returns the first string of the attribute. Intended to
  *
  *
  */
-krb5_error_code 
+krb5_error_code
 krb5_ldap_get_string(ld, ent, attribute, retstr, attr_present)
     LDAP                        *ld;
     LDAPMessage                 *ent;
@@ -1256,7 +1251,7 @@ krb5_ldap_get_string(ld, ent, attribute, retstr, attr_present)
 
     *retstr = NULL;
     if (attr_present != NULL)
-      *attr_present = FALSE;
+       *attr_present = FALSE;
 
     values=ldap_get_values(ld, ent, attribute);
     if (values != NULL) {
@@ -1272,7 +1267,7 @@ krb5_ldap_get_string(ld, ent, attribute, retstr, attr_present)
     return st;
 }
 
-krb5_error_code 
+krb5_error_code
 krb5_ldap_get_time(ld, ent, attribute, rettime, attr_present)
     LDAP                        *ld;
     LDAPMessage                 *ent;
@@ -1299,24 +1294,24 @@ krb5_ldap_get_time(ld, ent, attribute, rettime, attr_present)
 
 /*
  * Function to allocate, set the values of LDAPMod structure. The LDAPMod structure is then
- * added to the array at the ind 
+ * added to the array at the ind
  */
 
-krb5_error_code 
+krb5_error_code
 krb5_add_member(mods, count)
-     LDAPMod          ***mods;
-     int              *count;
+    LDAPMod          ***mods;
+    int              *count;
 {
     int i=0;
     LDAPMod **lmods=NULL;
-    
+
     if ((*mods) != NULL) {
-      for (;(*mods)[i] != NULL; ++i)
-       ;
-    }  
+       for (;(*mods)[i] != NULL; ++i)
+           ;
+    }
     lmods = (LDAPMod **) realloc((*mods), (2+i) * sizeof(LDAPMod *));
     if (lmods == NULL)
-      return ENOMEM;
+       return ENOMEM;
 
     *mods = lmods;
     (*mods)[i+1] = NULL;
@@ -1328,77 +1323,77 @@ krb5_add_member(mods, count)
 }
 
 krb5_error_code
-krb5_add_str_mem_ldap_mod(mods, attribute, op, values) 
-     LDAPMod  ***mods;
-     char     *attribute;
-     int      op;
-     char     **values;
+krb5_add_str_mem_ldap_mod(mods, attribute, op, values)
+    LDAPMod  ***mods;
+    char     *attribute;
+    int      op;
+    char     **values;
 
 {
     int i=0, j=0;
     krb5_error_code   st=0;
 
     if ((st=krb5_add_member(mods, &i)) != 0)
-      return st;
-    
+       return st;
+
     (*mods)[i]->mod_type = strdup(attribute);
     if ((*mods)[i]->mod_type == NULL)
-      return ENOMEM;
+       return ENOMEM;
     (*mods)[i]->mod_op = op;
 
     if (values != NULL) {
-      for (j=0; values[j] != NULL; ++j)
-       ;
-      (*mods)[i]->mod_values = malloc (sizeof(char *) * (j+1));  
-      if ((*mods)[i]->mod_values == NULL)
-         return ENOMEM;
-      
-      for (j=0; values[j] != NULL; ++j) {
-       (*mods)[i]->mod_values[j] = strdup(values[j]);      
-       if ((*mods)[i]->mod_values[j] == NULL)
+       for (j=0; values[j] != NULL; ++j)
+           ;
+       (*mods)[i]->mod_values = malloc (sizeof(char *) * (j+1));
+       if ((*mods)[i]->mod_values == NULL)
            return ENOMEM;
-      }
-      (*mods)[i]->mod_values[j] = NULL;
+
+       for (j=0; values[j] != NULL; ++j) {
+           (*mods)[i]->mod_values[j] = strdup(values[j]);
+           if ((*mods)[i]->mod_values[j] == NULL)
+               return ENOMEM;
+       }
+       (*mods)[i]->mod_values[j] = NULL;
     }
     return 0;
 }
 
 krb5_error_code
-krb5_add_ber_mem_ldap_mod(mods, attribute, op, ber_values) 
-     LDAPMod  ***mods;
-     char     *attribute;
-     int      op;
-     struct berval **ber_values;
+krb5_add_ber_mem_ldap_mod(mods, attribute, op, ber_values)
+    LDAPMod  ***mods;
+    char     *attribute;
+    int      op;
+    struct berval **ber_values;
 
 {
     int i=0, j=0;
     krb5_error_code   st=0;
 
     if ((st=krb5_add_member(mods, &i)) != 0)
-      return st;
-    
+       return st;
+
     (*mods)[i]->mod_type = strdup(attribute);
     if ((*mods)[i]->mod_type == NULL)
-      return ENOMEM;
+       return ENOMEM;
     (*mods)[i]->mod_op = op;
 
     for (j=0; ber_values[j] != NULL; ++j)
-      ;
-    (*mods)[i]->mod_bvalues = malloc (sizeof(struct berval *) * (j+1));  
+       ;
+    (*mods)[i]->mod_bvalues = malloc (sizeof(struct berval *) * (j+1));
     if ((*mods)[i]->mod_bvalues == NULL)
        return ENOMEM;
-    
+
     for (j=0; ber_values[j] != NULL; ++j) {
        (*mods)[i]->mod_bvalues[j] = calloc(1, sizeof(struct berval));
        if ((*mods)[i]->mod_bvalues[j] == NULL)
            return ENOMEM;
 
-       (*mods)[i]->mod_bvalues[j]->bv_len = ber_values[j]->bv_len;      
+       (*mods)[i]->mod_bvalues[j]->bv_len = ber_values[j]->bv_len;
        (*mods)[i]->mod_bvalues[j]->bv_val = malloc((*mods)[i]->mod_bvalues[j]->bv_len);
        if ((*mods)[i]->mod_bvalues[j]->bv_val == NULL)
            return ENOMEM;
 
-       memcpy((*mods)[i]->mod_bvalues[j]->bv_val, ber_values[j]->bv_val, 
+       memcpy((*mods)[i]->mod_bvalues[j]->bv_val, ber_values[j]->bv_val,
               ber_values[j]->bv_len);
     }
     (*mods)[i]->mod_bvalues[j] = NULL;
@@ -1414,29 +1409,29 @@ format_d (int val)
 }
 
 krb5_error_code
-krb5_add_int_arr_mem_ldap_mod(mods, attribute, op, value) 
-     LDAPMod  ***mods;
-     char     *attribute;
-     int      op;
-     int      *value;
+krb5_add_int_arr_mem_ldap_mod(mods, attribute, op, value)
+    LDAPMod  ***mods;
+    char     *attribute;
+    int      op;
+    int      *value;
 
 {
     int i=0, j=0;
     krb5_error_code   st=0;
 
     if ((st=krb5_add_member(mods, &i)) != 0)
-      return st;
+       return st;
 
     (*mods)[i]->mod_type = strdup(attribute);
     if ((*mods)[i]->mod_type == NULL)
-      return ENOMEM;
+       return ENOMEM;
     (*mods)[i]->mod_op = op;
 
     for (j=0; value[j] != -1; ++j)
-      ;
+       ;
+
+    (*mods)[i]->mod_values = malloc(sizeof(char *) * (j+1));
 
-    (*mods)[i]->mod_values = malloc(sizeof(char *) * (j+1));  
-    
     for (j=0; value[j] != -1; ++j) {
        if (((*mods)[i]->mod_values[j] = format_d(value[j])) == NULL)
            return ENOMEM;
@@ -1446,22 +1441,22 @@ krb5_add_int_arr_mem_ldap_mod(mods, attribute, op, value)
 }
 
 krb5_error_code
-krb5_add_int_mem_ldap_mod(mods, attribute, op, value) 
-     LDAPMod  ***mods;
-     char     *attribute;
-     int      op;
-     int      value;
+krb5_add_int_mem_ldap_mod(mods, attribute, op, value)
+    LDAPMod  ***mods;
+    char     *attribute;
+    int      op;
+    int      value;
 
 {
     int i=0;
     krb5_error_code      st=0;
 
     if ((st=krb5_add_member(mods, &i)) != 0)
-      return st;
-    
+       return st;
+
     (*mods)[i]->mod_type = strdup(attribute);
     if ((*mods)[i]->mod_type == NULL)
-      return ENOMEM;
+       return ENOMEM;
 
     (*mods)[i]->mod_op = op;
     (*mods)[i]->mod_values = calloc (2, sizeof(char *));
@@ -1471,50 +1466,50 @@ krb5_add_int_mem_ldap_mod(mods, attribute, op, value)
 }
 
 krb5_error_code
-krb5_ldap_set_option( krb5_context kcontext, int option, void *value )
+krb5_ldap_set_option(krb5_context kcontext, int option, void *value)
 {
     krb5_error_code status = KRB5_PLUGIN_OP_NOTSUPP;
-    krb5_set_error_message( kcontext, status, "LDAP %s", error_message( status ) );
+    krb5_set_error_message(kcontext, status, "LDAP %s", error_message(status));
     return status;
 }
 
 krb5_error_code
-krb5_ldap_lock( krb5_context kcontext, int mode )
+krb5_ldap_lock(krb5_context kcontext, int mode)
 {
     krb5_error_code status = KRB5_PLUGIN_OP_NOTSUPP;
-    krb5_set_error_message( kcontext, status, "LDAP %s", error_message( status ) );
+    krb5_set_error_message(kcontext, status, "LDAP %s", error_message(status));
     return status;
 }
 
 krb5_error_code
-krb5_ldap_unlock( krb5_context kcontext )
+krb5_ldap_unlock(krb5_context kcontext)
 {
     krb5_error_code status = KRB5_PLUGIN_OP_NOTSUPP;
-    krb5_set_error_message( kcontext, status, "LDAP %s", error_message( status ) );
+    krb5_set_error_message(kcontext, status, "LDAP %s", error_message(status));
     return status;
 }
 
 krb5_error_code
-krb5_ldap_supported_realms( krb5_context kcontext, char **realms )
+krb5_ldap_supported_realms(krb5_context kcontext, char **realms)
 {
     krb5_error_code status = KRB5_PLUGIN_OP_NOTSUPP;
-    krb5_set_error_message( kcontext, status, "LDAP %s", error_message( status ) );
+    krb5_set_error_message(kcontext, status, "LDAP %s", error_message(status));
     return status;
 }
 
 krb5_error_code
-krb5_ldap_free_supported_realms( krb5_context kcontext, char **realms )
+krb5_ldap_free_supported_realms(krb5_context kcontext, char **realms)
 {
     krb5_error_code status = KRB5_PLUGIN_OP_NOTSUPP;
-    krb5_set_error_message( kcontext, status, "LDAP %s", error_message( status ) );
+    krb5_set_error_message(kcontext, status, "LDAP %s", error_message(status));
     return status;
 }
 
 krb5_error_code
-krb5_ldap_errcode_2_string( krb5_context kcontext, long err_code )
+krb5_ldap_errcode_2_string(krb5_context kcontext, long err_code)
 {
     krb5_error_code status = KRB5_PLUGIN_OP_NOTSUPP;
-    krb5_set_error_message( kcontext, status, "LDAP %s", error_message( status ) );
+    krb5_set_error_message(kcontext, status, "LDAP %s", error_message(status));
     return status;
 }
 
index 15dcd8dc78c8c3224ed383524c9b9f245c853bae..b646fe8e11e1bb43d183a46e05dc2c0e321038e6 100644 (file)
 struct timeval timelimit = {300, 0};  /* 5 minutes */
 char     *principal_attributes[] = { "krbprincipalname",
                                     "objectclass",
-                                    "krbsecretkey", 
-                                    "krbmaxrenewableage", 
-                                    "krbmaxticketlife", 
+                                    "krbsecretkey",
+                                    "krbmaxrenewableage",
+                                    "krbmaxticketlife",
                                     "krbticketflags",
-                                    "krbprincipalexpiration", 
+                                    "krbprincipalexpiration",
                                     "krbpolicyreference",
                                     "krbUpEnabled",
                                     "krbpwdpolicyreference",
@@ -50,16 +50,16 @@ char     *principal_attributes[] = { "krbprincipalname",
                                     "loginexpirationtime",
                                     "logindisabled",
 #endif
-                                    "loginexpirationtime",     
+                                    "loginexpirationtime",
                                     "logindisabled",
                                     "modifiersname",
                                     "modifytimestamp",
                                     NULL };
 
-static char *attributes_set[] = { "krbmaxrenewableage", 
-                                 "krbmaxticketlife", 
+static char *attributes_set[] = { "krbmaxrenewableage",
+                                 "krbmaxticketlife",
                                  "krbticketflags",
-                                 "krbprincipalexpiration", 
+                                 "krbprincipalexpiration",
                                  "krbpolicyreference",
                                  "krbUpEnabled",
                                  "krbpwdpolicyreference",
@@ -69,7 +69,7 @@ static char *attributes_set[] = { "krbmaxrenewableage",
 
 void
 krb5_dbe_free_contents(context, entry)
-    krb5_context        context; 
+    krb5_context        context;
     krb5_db_entry      *entry;
 {
     krb5_tl_data       *tl_data_next=NULL;
@@ -91,8 +91,8 @@ krb5_dbe_free_contents(context, entry)
            for (j = 0; j < entry->key_data[i].key_data_ver; j++) {
                if (entry->key_data[i].key_data_length[j]) {
                    if (entry->key_data[i].key_data_contents[j]) {
-                       memset(entry->key_data[i].key_data_contents[j], 
-                              0, 
+                       memset(entry->key_data[i].key_data_contents[j],
+                              0,
                               (unsigned) entry->key_data[i].key_data_length[j]);
                        free (entry->key_data[i].key_data_contents[j]);
                    }
@@ -119,7 +119,7 @@ krb5_ldap_free_principal(kcontext , entries, nentries)
     for (i = 0; i < nentries; i++)
        krb5_dbe_free_contents(kcontext, &entries[i]);
     return 0;
-} 
+}
 
 
 krb5_error_code
@@ -146,12 +146,12 @@ krb5_ldap_iterate(context, match_expr, func, func_arg)
 
     memset(&entry, 0, sizeof(krb5_db_entry));
     SETUP_CONTEXT();
-  
+
     realm = ldap_context->lrparams->realm_name;
     if (realm == NULL) {
        realm = context->default_realm;
        if (realm == NULL) {
-            st = EINVAL;
+           st = EINVAL;
            krb5_set_error_message(context, st, "Default realm not set");
            goto cleanup;
        }
@@ -169,11 +169,11 @@ krb5_ldap_iterate(context, match_expr, func, func_arg)
     GET_HANDLE();
 
     for (tree=0; tree<ntree; ++tree) {
-      
+
        LDAP_SEARCH(subtree[tree], ldap_context->lrparams->search_scope, filter, krbprincipal_attr);
-       for(ent=ldap_first_entry(ld, result); ent != NULL; ent=ldap_next_entry(ld, ent)) {
+       for (ent=ldap_first_entry(ld, result); ent != NULL; ent=ldap_next_entry(ld, ent)) {
            if ((values=ldap_get_values(ld, ent, "krbprincipalname")) != NULL) {
-               for(i=0; values[i] != NULL; ++i) {
+               for (i=0; values[i] != NULL; ++i) {
                    if (krb5_ldap_parse_principal_name(values[i], &princ_name) != 0)
                        continue;
                    if (krb5_parse_name(context, princ_name, &principal) != 0)
@@ -183,23 +183,23 @@ krb5_ldap_iterate(context, match_expr, func, func_arg)
                        (*func)(func_arg, &entry);
                    }
                    krb5_free_principal(context, principal);
-                   if  (princ_name)
+                   if (princ_name)
                        free(princ_name);
                }
                ldap_value_free(values);
            }
-       } /* end of for(ent= ... */
+       } /* end of for (ent= ... */
        ldap_msgfree(result);
-    } /* end of for(tree= ... */
-  
- cleanup:
+    } /* end of for (tree= ... */
+
+cleanup:
     if (filter)
        free (filter);
-  
-    for ( ;ntree; --ntree)
+
+    for (;ntree; --ntree)
        if (subtree[ntree-1])
            free (subtree[ntree-1]);
-    
+
     krb5_ldap_put_handle_to_pool(ldap_context, ldap_server_handle);
     return st;
 }
@@ -218,7 +218,7 @@ krb5_ldap_delete_principal(context, searchfor, nentries)
     LDAPMod                   **mods=NULL;
     LDAP                      *ld=NULL;
     int                      j=0, ptype=KDB_USER_PRINCIPAL, pcount=0, attrsetmask=0;
-    krb5_error_code           st=0; 
+    krb5_error_code           st=0;
     krb5_boolean              singleentry=FALSE;
     KEY                       *secretkey=NULL;
     kdb5_dal_handle           *dal_handle=NULL;
@@ -241,9 +241,9 @@ krb5_ldap_delete_principal(context, searchfor, nentries)
        ((st=krb5_get_princ_count(context, &entries, &(pcount))) != 0) ||
        ((st=krb5_get_userdn(context, &entries, &(DN))) != 0) ||
        ((st=krb5_get_policydn(context, &entries, &policydn)) != 0) ||
-       ((st=krb5_get_secretkeys(context, &entries, &secretkey)) != 0)) 
+       ((st=krb5_get_secretkeys(context, &entries, &secretkey)) != 0))
        goto cleanup;
-    
+
     if (DN == NULL) {
        st = EINVAL;
        krb5_set_error_message(context, st, "DN information missing");
@@ -254,16 +254,16 @@ krb5_ldap_delete_principal(context, searchfor, nentries)
 
     if (ptype == KDB_USER_PRINCIPAL) {
 
-       if(((st=krb5_unparse_name(context, searchfor, &user)) != 0) 
-          || ((st=krb5_ldap_unparse_principal_name(user)) != 0))
-           goto cleanup; 
-       
+       if (((st=krb5_unparse_name(context, searchfor, &user)) != 0)
+           || ((st=krb5_ldap_unparse_principal_name(user)) != 0))
+           goto cleanup;
+
        memset(strval, 0, sizeof(strval));
        strval[0] = user;
-       if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbprincipalname", LDAP_MOD_DELETE, 
+       if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbprincipalname", LDAP_MOD_DELETE,
                                          strval)) != 0)
            goto cleanup;
-       
+
        singleentry = (pcount == 1) ? TRUE: FALSE;
        if (singleentry == FALSE) {
            if (secretkey != NULL) {
@@ -272,13 +272,13 @@ krb5_ldap_delete_principal(context, searchfor, nentries)
                    goto cleanup;
            }
        } else {
-           /* 
+           /*
             * If the Kerberos user principal to be deleted happens to be the last one associated
-            * with the directory user object, then it is time to delete the other kerberos 
+            * with the directory user object, then it is time to delete the other kerberos
             * specific attributes like krbmaxticketlife, i.e, unkerberize the directory user.
-            * From the attrsetmask value, identify the attributes set on the directory user 
+            * From the attrsetmask value, identify the attributes set on the directory user
             * object and delete them.
-            * NOTE: krbsecretkey attribute has per principal entries. There can be chances that the 
+            * NOTE: krbsecretkey attribute has per principal entries. There can be chances that the
             * other principals' keys are exisiting/left-over. So delete all the values.
             */
            while (attrsetmask) {
@@ -290,10 +290,9 @@ krb5_ldap_delete_principal(context, searchfor, nentries)
                attrsetmask >>= 1;
                ++j;
            }
-           if(policydn != NULL)
-           {
-                   if ((st = krb5_ldap_change_count(context, policydn,2 )))
-                           goto cleanup;
+           if (policydn != NULL) {
+               if ((st = krb5_ldap_change_count(context, policydn,2)))
+                   goto cleanup;
 
            }
 
@@ -305,7 +304,7 @@ krb5_ldap_delete_principal(context, searchfor, nentries)
                if ((st=checkattributevalue(ld, DN, "objectclass", attrvalues, &amask)) != 0)
                    goto cleanup;
                memset(strval, 0, sizeof(strval));
-               for(p=1, q=0; p<=4; p<<=1, ++q) 
+               for (p=1, q=0; p<=4; p<<=1, ++q)
                    if (p & amask)
                        strval[r++] = attrvalues[q];
                strval[r] = NULL;
@@ -317,23 +316,22 @@ krb5_ldap_delete_principal(context, searchfor, nentries)
            }
        }
        st=ldap_modify_s(ld, DN, mods);
-        if (st != LDAP_SUCCESS) {
+       if (st != LDAP_SUCCESS) {
            st = set_ldap_error(context, st, OP_MOD);
            goto cleanup;
-        }
-    }
-    else if (ptype == KDB_SERVICE_PRINCIPAL) {
+       }
+    } else if (ptype == KDB_SERVICE_PRINCIPAL) {
        st = ldap_delete_s(ld, DN);
        if (st != LDAP_SUCCESS) {
            st = set_ldap_error (context, st, OP_DEL);
            goto cleanup;
-        }
+       }
     }
-    
- cleanup:
+
+cleanup:
     if (user)
        free (user);
-    
+
     if (DN)
        free (DN);
 
@@ -364,45 +362,38 @@ krb5_ldap_delete_principal(context, searchfor, nentries)
  *          in the principal name component.
  *
  * Arguments:
- *       user_name     (input/output)      Principal name 
- * 
+ *       user_name     (input/output)      Principal name
+ *
  */
 
 krb5_error_code
 krb5_ldap_unparse_principal_name(char *user_name)
 {
     char *tmp_princ_name=NULL, *princ_name=NULL, *tmp=NULL;
-    int l=0; 
+    int l=0;
     krb5_error_code st=0;
 
-    if(strstr(user_name, "\\@"))
-    {
+    if (strstr(user_name, "\\@")) {
 
        tmp_princ_name = strdup(user_name);
-       if( !tmp_princ_name )
-       {
+       if (!tmp_princ_name) {
            st = ENOMEM;
            goto cleanup;
        }
        tmp = tmp_princ_name;
 
        princ_name = (char *) malloc (strlen(user_name));
-       if( !princ_name )
-       {
+       if (!princ_name) {
            st = ENOMEM;
            goto cleanup;
        }
        memset(princ_name, 0, strlen(user_name));
 
        l = 0;
-       while(*tmp_princ_name)
-       {
-           if((*tmp_princ_name == '\\') && (*(tmp_princ_name+1) == '@'))
-           {
+       while (*tmp_princ_name) {
+           if ((*tmp_princ_name == '\\') && (*(tmp_princ_name+1) == '@')) {
                tmp_princ_name += 1;
-           }
-           else
-           {
+           } else {
                *(princ_name + l) = *tmp_princ_name++;
                l++;
            }
@@ -412,7 +403,7 @@ krb5_ldap_unparse_principal_name(char *user_name)
        sprintf(user_name, "%s", princ_name);
     }
 
- cleanup:
+cleanup:
     if (tmp) {
        free(tmp);
        tmp = NULL;
@@ -430,13 +421,13 @@ krb5_ldap_unparse_principal_name(char *user_name)
 /*
  * Function: krb5_ldap_parse_principal_name
  *
- * Purpose: Inserts '\\' before every occurence of '@' 
+ * Purpose: Inserts '\\' before every occurence of '@'
  *          in the principal name component.
  *
  * Arguments:
  *       i_princ_name     (input)      Principal name without '\\'
  *       o_princ_name     (output)     Principal name with '\\'
- * 
+ *
  * Note: The caller has to free the memory allocated for o_princ_name.
  */
 
@@ -451,39 +442,32 @@ krb5_ldap_parse_principal_name(i_princ_name, o_princ_name)
 
     at_rlm_name = strrchr(i_princ_name, '@');
 
-    if(!at_rlm_name)
-    {
+    if (!at_rlm_name) {
        *o_princ_name = strdup(i_princ_name);
-       if( !o_princ_name )
-       {
+       if (!o_princ_name) {
            st = ENOMEM;
            goto cleanup;
        }
-    }
-    else
-    {
+    } else {
        tmp_princ_name_len = at_rlm_name - i_princ_name;
 
        tmp_princ_name = (char *) malloc ((unsigned) tmp_princ_name_len + 1);
-       if( !tmp_princ_name )
-       {
+       if (!tmp_princ_name) {
            st = ENOMEM;
            goto cleanup;
        }
        memset(tmp_princ_name, 0, (unsigned) tmp_princ_name_len + 1);
-       memcpy( tmp_princ_name, i_princ_name, (unsigned) tmp_princ_name_len);
+       memcpy(tmp_princ_name, i_princ_name, (unsigned) tmp_princ_name_len);
 
        l = 0;
-       while(tmp_princ_name[l])
-       {
-           if(tmp_princ_name[l++] == '@')
+       while (tmp_princ_name[l]) {
+           if (tmp_princ_name[l++] == '@')
                at_count++;
        }
 
        princ_name_len = strlen(i_princ_name) + at_count + 1;
        princ_name = (char *) malloc ((unsigned) princ_name_len);
-       if( !princ_name )
-       {
+       if (!princ_name) {
            st = ENOMEM;
            goto cleanup;
        }
@@ -491,9 +475,8 @@ krb5_ldap_parse_principal_name(i_princ_name, o_princ_name)
 
        l = 0;
        m = 0;
-       while(tmp_princ_name[l])
-       {
-           if(tmp_princ_name[l] == '@'){
+       while (tmp_princ_name[l]) {
+           if (tmp_princ_name[l] == '@') {
                princ_name[m++]='\\';
            }
            princ_name[m++]=tmp_princ_name[l++];
@@ -503,7 +486,7 @@ krb5_ldap_parse_principal_name(i_princ_name, o_princ_name)
        *o_princ_name = princ_name;
     }
 
- cleanup:
+cleanup:
 
     if (tmp_princ_name) {
        free(tmp_princ_name);
index 52c113cd5f37a37d57ac9792137ed4817d0beab7..d54453cc19ce509ec072351abd284d277f54cb22 100644 (file)
@@ -39,7 +39,7 @@
 
 extern char* principal_attributes[];
 extern char* max_pwd_life_attr[];
-#if !defined( LDAP_OPT_RESULT_CODE) && defined(LDAP_OPT_ERROR_NUMBER)
+#if !defined(LDAP_OPT_RESULT_CODE) && defined(LDAP_OPT_ERROR_NUMBER)
 #define LDAP_OPT_RESULT_CODE LDAP_OPT_ERROR_NUMBER
 #endif
 
@@ -50,7 +50,7 @@ static krb5_error_code
 krb5_read_tkt_policyreference(krb5_context, krb5_ldap_context *, krb5_db_entry *, char *);
 
 static char *
-getstringtime(krb5_timestamp );
+getstringtime(krb5_timestamp);
 
 /*
  * look up a principal in the directory.
@@ -84,10 +84,10 @@ krb5_ldap_get_principal(context, searchfor, entries, nentries, more)
 
     /* set initial values */
     *nentries = 0;
-    *more = 0; 
+    *more = 0;
     memset(entries, 0, sizeof(*entries));
-    
-    if (searchfor == NULL) 
+
+    if (searchfor == NULL)
        return EINVAL;
 
     dal_handle = (kdb5_dal_handle *) context->db_context;
@@ -99,14 +99,14 @@ krb5_ldap_get_principal(context, searchfor, entries, nentries, more)
        *more = 0;
        krb5_set_error_message (context, st, "Principal does not belong to realm");
        goto cleanup;
-    }    
-    
+    }
+
     if ((st=krb5_unparse_name(context, searchfor, &user)) != 0)
-       goto cleanup; 
+       goto cleanup;
 
     if ((st=krb5_ldap_unparse_principal_name(user)) != 0)
-       goto cleanup; 
-   
+       goto cleanup;
+
     princlen = strlen(FILTER) + strlen(user) + 2 + 1;      /* 2 for closing brackets */
     if ((filter=malloc(princlen)) == NULL) {
        st = ENOMEM;
@@ -122,12 +122,12 @@ krb5_ldap_get_principal(context, searchfor, entries, nentries, more)
 
        LDAP_SEARCH(subtree[tree], ldap_context->lrparams->search_scope, filter, principal_attributes);
        for (ent=ldap_first_entry(ld, result); ent != NULL && *nentries == 0; ent=ldap_next_entry(ld, ent)) {
-           
+
            /* get the associated directory user information */
            if ((values=ldap_get_values(ld, ent, "krbprincipalname")) != NULL) {
                int i=0, pcount=0, ptype=KDB_USER_PRINCIPAL;
-               
-               /* a wild-card in a principal name can return a list of kerberos principals. 
+
+               /* a wild-card in a principal name can return a list of kerberos principals.
                 * Make sure that the correct principal is returned.
                 * NOTE: a principalname k* in ldap server will return all the principals starting with a k
                 */
@@ -139,32 +139,32 @@ krb5_ldap_get_principal(context, searchfor, entries, nentries, more)
                    }
                }
                ldap_value_free(values);
-               
+
                if (*nentries == 0) /* no matching principal found */
                    continue;
 
                if ((DN = ldap_get_dn(ld, ent)) == NULL) {
-                    ldap_get_option (ld, LDAP_OPT_RESULT_CODE, &st);
+                   ldap_get_option (ld, LDAP_OPT_RESULT_CODE, &st);
                    st = set_ldap_error (context, st, 0);
                    goto cleanup;
                }
-               
-               if ((values=ldap_get_values(ld, ent, "objectclass")) != NULL) {     
-                   for(i=0; values[i] != NULL; ++i)
+
+               if ((values=ldap_get_values(ld, ent, "objectclass")) != NULL) {
+                   for (i=0; values[i] != NULL; ++i)
                        if (strcasecmp(values[i], "krbprincipal") == 0) {
                            ptype = KDB_SERVICE_PRINCIPAL;
                            break;
                        }
                    ldap_value_free(values);
                }
-                 
+
                /* add principalcount, DN and principaltype user information to tl_data */
                if (((st=store_tl_data(&userinfo_tl_data, KDB_TL_PRINCCOUNT, &pcount)) != 0) ||
                    ((st=store_tl_data(&userinfo_tl_data, KDB_TL_USERDN, DN)) != 0) ||
                    ((st=store_tl_data(&userinfo_tl_data, KDB_TL_PRINCTYPE, &ptype)) != 0))
                    goto cleanup;
            }
-   
+
            /* populate entries->princ with searchfor value */
            if ((st=krb5_copy_principal(context, searchfor, &(entries->princ))) != 0)
                goto cleanup;
@@ -174,7 +174,7 @@ krb5_ldap_get_principal(context, searchfor, entries, nentries, more)
            /* KRBMAXTICKETLIFE */
            if (krb5_ldap_get_value(ld, ent, "krbmaxticketlife", &(entries->max_life)) == 0)
                mask |= KDB_MAX_LIFE_ATTR;
-           
+
            /* KRBMAXRENEWABLEAGE */
            if (krb5_ldap_get_value(ld, ent, "krbmaxrenewableage", &(entries->max_renewable_life)) == 0)
                mask |= KDB_MAX_RLIFE_ATTR;
@@ -184,14 +184,14 @@ krb5_ldap_get_principal(context, searchfor, entries, nentries, more)
                mask |= KDB_TKT_FLAGS_ATTR;
 
            /* PRINCIPAL EXPIRATION TIME */
-           if ((st=krb5_ldap_get_time(ld, ent, "krbprincipalexpiration", &(entries->expiration), 
+           if ((st=krb5_ldap_get_time(ld, ent, "krbprincipalexpiration", &(entries->expiration),
                                       &attr_present)) != 0)
                goto cleanup;
            if (attr_present == TRUE)
                mask |= KDB_PRINC_EXPIRE_TIME_ATTR;
-           
+
            /* PASSWORD EXPIRATION TIME */
-           if ((st=krb5_ldap_get_time(ld, ent, "krbpasswordexpiration", &(entries->pw_expiration), 
+           if ((st=krb5_ldap_get_time(ld, ent, "krbpasswordexpiration", &(entries->pw_expiration),
                                       &attr_present)) != 0)
                goto cleanup;
            if (attr_present == TRUE)
@@ -200,12 +200,12 @@ krb5_ldap_get_principal(context, searchfor, entries, nentries, more)
            /* KRBPOLICYREFERENCE */
 
            if ((st=krb5_ldap_get_string(ld, ent, "krbpolicyreference", &policydn, &attr_present)) != 0)
-                   goto cleanup;
+               goto cleanup;
 
-           if(attr_present == TRUE){
-                   if ((st=store_tl_data(&userinfo_tl_data, KDB_TL_TKTPOLICYDN, policydn)) != 0)
-                           goto cleanup;
-                   mask |= KDB_POL_REF_ATTR;
+           if (attr_present == TRUE) {
+               if ((st=store_tl_data(&userinfo_tl_data, KDB_TL_TKTPOLICYDN, policydn)) != 0)
+                   goto cleanup;
+               mask |= KDB_POL_REF_ATTR;
            }
 
            /* KRBPWDPOLICYREFERENCE */
@@ -215,19 +215,19 @@ krb5_ldap_get_principal(context, searchfor, entries, nentries, more)
                krb5_tl_data  kadm_tl_data;
 
                mask |= KDB_PWD_POL_REF_ATTR;
-               if((st = krb5_update_tl_kadm_data(pwdpolicydn, &kadm_tl_data)) != 0){
+               if ((st = krb5_update_tl_kadm_data(pwdpolicydn, &kadm_tl_data)) != 0) {
                    goto cleanup;
                }
                krb5_dbe_update_tl_data(context, entries, &kadm_tl_data);
            }
 
            /* KRBSECRETKEY */
-           if((bvalues=ldap_get_values_len(ld, ent, "krbsecretkey")) != NULL) {
+           if ((bvalues=ldap_get_values_len(ld, ent, "krbsecretkey")) != NULL) {
                mask |= KDB_SECRET_KEY;
                if ((st=krb5_decode_krbsecretkey(context, entries, bvalues, &userinfo_tl_data)) != 0)
                    goto cleanup;
            }
-           
+
            /* MODIFY TIMESTAMP */
            if ((st=krb5_ldap_get_time(ld, ent, "modifytimestamp", &modtime, &attr_present)) != 0)
                goto cleanup;
@@ -248,17 +248,17 @@ krb5_ldap_get_principal(context, searchfor, entries, nentries, more)
                goto cleanup;
            if ((st=krb5_dbe_update_tl_data(context, entries, &userinfo_tl_data)) != 0)
                goto cleanup;
-           
+
 #ifdef HAVE_EDIRECTORY
            {
                krb5_timestamp              expiretime=0;
                char                        *is_login_disabled=NULL;
 
                /* LOGIN EXPIRATION TIME */
-               if ((st=krb5_ldap_get_time(ld, ent, "loginexpirationtime", &expiretime, 
+               if ((st=krb5_ldap_get_time(ld, ent, "loginexpirationtime", &expiretime,
                                           &attr_present)) != 0)
                    goto cleanup;
-               
+
                if (attr_present == TRUE) {
                    if ((mask & KDB_PRINC_EXPIRE_TIME_ATTR) == 1) {
                        if (expiretime < entries->expiration)
@@ -267,13 +267,13 @@ krb5_ldap_get_principal(context, searchfor, entries, nentries, more)
                        entries->expiration = expiretime;
                    }
                }
-           
-               /* LOGIN DISABLED */        
+
+               /* LOGIN DISABLED */
                if ((st=krb5_ldap_get_string(ld, ent, "logindisabled", &is_login_disabled, &attr_present)) != 0)
                    goto cleanup;
                if (attr_present == TRUE) {
                    if (strcasecmp(is_login_disabled,"TRUE")== 0)
-                       entries->attributes |= KRB5_KDB_DISALLOW_ALL_TIX;       
+                       entries->attributes |= KRB5_KDB_DISALLOW_ALL_TIX;
                    free (is_login_disabled);
                }
            }
@@ -281,27 +281,27 @@ krb5_ldap_get_principal(context, searchfor, entries, nentries, more)
        }
        ldap_msgfree(result);
        result = NULL;
-    } /* for(tree=0 ... */
-    
+    } /* for (tree=0 ... */
+
     /* once done, put back the ldap handle */
     krb5_ldap_put_handle_to_pool(ldap_context, ldap_server_handle);
     ldap_server_handle = NULL;
-    
+
     /* if principal not found */
     if (*nentries == 0)
        goto cleanup;
-    
+
     if ((st=krb5_read_tkt_policyreference(context, ldap_context, entries, policydn)) !=0)
        goto cleanup;
-    
+
     if (pwdpolicydn) {
        osa_policy_ent_t   pwdpol;
        int                cnt=0;
        krb5_timestamp     last_pw_changed;
-       krb5_ui_4          pw_max_life; 
+       krb5_ui_4          pw_max_life;
 
        memset(&pwdpol, 0, sizeof(pwdpol));
-       
+
        if ((st=krb5_ldap_get_password_policy(context, pwdpolicydn, &pwdpol, &cnt)) != 0)
            goto cleanup;
        pw_max_life = pwdpol->pw_max_life;
@@ -311,42 +311,42 @@ krb5_ldap_get_principal(context, searchfor, entries, nentries, more)
            if ((st=krb5_dbe_lookup_last_pwd_change(context, entries, &last_pw_changed)) != 0)
                goto cleanup;
 
-           if ((mask & KDB_PWD_EXPIRE_TIME_ATTR) == 1) { 
+           if ((mask & KDB_PWD_EXPIRE_TIME_ATTR) == 1) {
                if ((last_pw_changed + pw_max_life) < entries->pw_expiration)
                    entries->pw_expiration = last_pw_changed + pw_max_life;
            } else
                entries->pw_expiration = last_pw_changed + pw_max_life;
        }
     }
-    
- cleanup:
+
+cleanup:
     ldap_msgfree(result);
-    
+
     if (*nentries == 0 || st != 0)
        krb5_dbe_free_contents(context, entries);
 
-    if (filter) 
+    if (filter)
        free (filter);
 
     if (DN)
        ldap_memfree (DN);
 
     for (; ntrees; --ntrees)
-       if (subtree[ntrees-1]) 
+       if (subtree[ntrees-1])
            free (subtree[ntrees-1]);
 
     if (userinfo_tl_data.tl_data_contents)
        free(userinfo_tl_data.tl_data_contents);
-    
-    if (ldap_server_handle)    
-       krb5_ldap_put_handle_to_pool(ldap_context, ldap_server_handle);
+
+    if (ldap_server_handle)
+       krb5_ldap_put_handle_to_pool(ldap_context, ldap_server_handle);
 
     if (user)
        free(user);
-    
+
     if (modname)
        free(modname);
-    
+
     if (parsed_mod_name)
        krb5_free_principal(context, parsed_mod_name);
 
@@ -367,7 +367,7 @@ typedef struct _xargs_t {
     char           *tktpolicydn;
 }xargs_t;
 
-static void 
+static void
 free_xargs(xargs)
     xargs_t xargs;
 {
@@ -379,7 +379,7 @@ free_xargs(xargs)
        free (xargs.tktpolicydn);
 }
 
-static krb5_error_code 
+static krb5_error_code
 process_db_args(context, db_args, xargs)
     krb5_context   context;
     char           **db_args;
@@ -391,22 +391,21 @@ process_db_args(context, db_args, xargs)
     char *arg=NULL,       *arg_val=NULL;
     unsigned int          arg_val_len=0;
     krb5_boolean          uflag=FALSE, cflag=FALSE;
-    
-    if (db_args)
-    {
+
+    if (db_args) {
        for (i=0; db_args[i]; ++i) {
            arg = strtok_r(db_args[i], "=", &arg_val);
-           if(strcmp(arg, USERDN_ARG) == 0) {
+           if (strcmp(arg, USERDN_ARG) == 0) {
                if (cflag == TRUE) {
                    st = EINVAL;
-                    krb5_set_error_message(context, st, "'containerdn' and 'userdn' can not both "
-                            "be specified");
+                   krb5_set_error_message(context, st, "'containerdn' and 'userdn' can not both "
+                                          "be specified");
                    goto cleanup;
                }
                if (xargs->dn != NULL || xargs->containerdn != NULL) {
                    st = EINVAL;
-                    snprintf(errbuf, sizeof(errbuf), "%s option not supported", arg);
-                    krb5_set_error_message(context, st, "%s", errbuf);
+                   snprintf(errbuf, sizeof(errbuf), "%s option not supported", arg);
+                   krb5_set_error_message(context, st, "%s", errbuf);
                    goto cleanup;
                }
                if (strcmp(arg_val, "") == 0 || arg_val == NULL) {
@@ -428,14 +427,14 @@ process_db_args(context, db_args, xargs)
            } else if (strcmp(arg, CONTAINERDN_ARG) == 0) {
                if (uflag == TRUE) {
                    st = EINVAL;
-                    krb5_set_error_message(context, st, "'containerdn' and 'userdn' can not both "
-                            "be specified");
+                   krb5_set_error_message(context, st, "'containerdn' and 'userdn' can not both "
+                                          "be specified");
                    goto cleanup;
                }
                if (xargs->dn != NULL || xargs->containerdn != NULL) {
                    st = EINVAL;
-                    snprintf(errbuf, sizeof(errbuf), "%s option not supported", arg);
-                    krb5_set_error_message(context, st, "%s", errbuf);
+                   snprintf(errbuf, sizeof(errbuf), "%s option not supported", arg);
+                   krb5_set_error_message(context, st, "%s", errbuf);
                    goto cleanup;
                }
                if (strcmp(arg_val, "") == 0 || arg_val == NULL) {
@@ -468,7 +467,7 @@ process_db_args(context, db_args, xargs)
                    goto cleanup;
                }
                memcpy(xargs->tktpolicydn, arg_val, arg_val_len);
-               
+
            } else {
                st = EINVAL;
                snprintf(errbuf, sizeof(errbuf), "unknown option: %s", arg);
@@ -477,7 +476,7 @@ process_db_args(context, db_args, xargs)
            }
        }
     }
- cleanup:
+cleanup:
     return st;
 }
 
@@ -502,7 +501,7 @@ krb5_ldap_put_principal(context, entries, nentries, db_args)
     KEY                         *oldkeys=NULL;
     kdb5_dal_handle             *dal_handle=NULL;
     krb5_ldap_context           *ldap_context=NULL;
-    krb5_ldap_server_handle     *ldap_server_handle=NULL;    
+    krb5_ldap_server_handle     *ldap_server_handle=NULL;
     osa_princ_ent_rec          princ_ent;
     xargs_t                     xargs={0};
     char                        *oldpolicydn = NULL;
@@ -513,17 +512,17 @@ krb5_ldap_put_principal(context, entries, nentries, db_args)
     SETUP_CONTEXT();
     if (ldap_context->lrparams == NULL || ldap_context->krbcontainer == NULL)
        return EINVAL;
-    
+
     /* get ldap handle */
     GET_HANDLE();
-    
+
     for (i=0; i < *nentries; ++i, ++entries) {
        if (is_principal_in_realm(ldap_context, entries->princ) != 0) {
-            st = EINVAL;
-            krb5_set_error_message(context, st, "Principal does not belong to the default realm");
+           st = EINVAL;
+           krb5_set_error_message(context, st, "Principal does not belong to the default realm");
            goto cleanup;
        }
-    
+
        /* get the principal information to act on */
        if (entries->princ) {
            if (((st=krb5_unparse_name(context,entries->princ, &user)) !=0) ||
@@ -534,9 +533,9 @@ krb5_ldap_put_principal(context, entries, nentries, db_args)
        xargs.ptype = KDB_SERVICE_PRINCIPAL;
        if (((st=krb5_get_princ_type(context, entries, &(xargs.ptype))) != 0) ||
            ((st=krb5_get_userdn(context, entries, &(xargs.dn))) != 0) ||
-           ((st=krb5_get_secretkeys(context, entries, &oldkeys)) != 0)) 
+           ((st=krb5_get_secretkeys(context, entries, &oldkeys)) != 0))
            goto cleanup;
-    
+
        if ((st=process_db_args(context, db_args, &xargs)) != 0)
            goto cleanup;
 
@@ -546,20 +545,20 @@ krb5_ldap_put_principal(context, entries, nentries, db_args)
                krb5_set_error_message(context, st, "User DN is missing");
                goto cleanup;
            }
-       
-           /* get the subtree information */ 
-           if (entries->princ->length == 2 && entries->princ->data[0].length == strlen("krbtgt") && 
+
+           /* get the subtree information */
+           if (entries->princ->length == 2 && entries->princ->data[0].length == strlen("krbtgt") &&
                strncmp(entries->princ->data[0].data, "krbtgt", entries->princ->data[0].length) == 0) {
                /* if the principal is a inter-realm principal, always created in the realm container */
                subtree = strdup(ldap_context->lrparams->realmdn);
            } else if (xargs.containerdn) {
                if ((st=checkattributevalue(ld, xargs.containerdn, NULL, NULL, NULL)) != 0) {
-                    if (st == KRB5_KDB_NOENTRY || st == KRB5_KDB_CONSTRAINT_VIOLATION) {
+                   if (st == KRB5_KDB_NOENTRY || st == KRB5_KDB_CONSTRAINT_VIOLATION) {
                        int ost = st;
-                        st = EINVAL;
-                        sprintf(errbuf, "'%s' not found: ", xargs.containerdn);
-                        prepend_err_str(context, errbuf, st, ost);
-                    }
+                       st = EINVAL;
+                       sprintf(errbuf, "'%s' not found: ", xargs.containerdn);
+                       prepend_err_str(context, errbuf, st, ost);
+                   }
                    goto cleanup;
                }
                subtree = strdup(xargs.containerdn);
@@ -570,25 +569,25 @@ krb5_ldap_put_principal(context, entries, nentries, db_args)
            }
            CHECK_NULL(subtree);
 
-           xargs.dn = malloc(strlen("krbprincipalname=") + strlen(user) + strlen(",") + 
+           xargs.dn = malloc(strlen("krbprincipalname=") + strlen(user) + strlen(",") +
                              strlen(subtree) + 1);
            CHECK_NULL(xargs.dn);
            sprintf(xargs.dn, "krbprincipalname=%s,%s", user, subtree);
 
        }
-    
+
        if (xargs.dn_from_kbd == TRUE) {
            /* make sure the DN falls in the subtree */
            int              tre=0, dnlen=0, subtreelen=0, ntrees=0;
            char             *subtreelist[2]={NULL};
            krb5_boolean     outofsubtree=TRUE;
-           
+
            /* get the current subtree list */
            if ((st = krb5_get_subtree_info(ldap_context, subtreelist, &ntrees)) != 0)
                goto cleanup;
-           
-           for( tre=0; tre<ntrees; ++tre ) {
-               if( subtreelist[tre] == NULL || strlen(subtreelist[tre]) == 0 ) {  
+
+           for (tre=0; tre<ntrees; ++tre) {
+               if (subtreelist[tre] == NULL || strlen(subtreelist[tre]) == 0) {
                    outofsubtree = FALSE;
                    break;
                } else {
@@ -600,27 +599,27 @@ krb5_ldap_put_principal(context, entries, nentries, db_args)
                    }
                }
            }
-               
-           for( tre=0; tre < ntrees; ++tre ) { 
-               free( subtreelist[tre] );
+
+           for (tre=0; tre < ntrees; ++tre) {
+               free(subtreelist[tre]);
            }
-               
-           if( outofsubtree == TRUE ) {
+
+           if (outofsubtree == TRUE) {
                st = EINVAL;
                krb5_set_error_message(context, st, "DN is out of the realm subtree");
                goto cleanup;
            }
        }
-    
+
        /* check if the DN exists */
        {
            char  *attributes[]={"krbpolicyreference", NULL};
-       
+
            LDAP_SEARCH_1(xargs.dn, LDAP_SCOPE_BASE, 0, attributes,IGNORE_STATUS);
            if (st == LDAP_NO_SUCH_OBJECT) {
                dnfound = FALSE;
                st = LDAP_SUCCESS;
-           } else if (st == LDAP_SUCCESS) { 
+           } else if (st == LDAP_SUCCESS) {
                ent = ldap_first_entry(ld, result);
                if (ent != NULL) {
                    if ((values=ldap_get_values(ld, ent, "krbpolicyreference")) != NULL) {
@@ -634,7 +633,7 @@ krb5_ldap_put_principal(context, entries, nentries, db_args)
                goto cleanup;
            }
        }
-    
+
        if (dnfound == FALSE) {             /* create a new object */
            if (xargs.ptype == KDB_USER_PRINCIPAL) {
                memset(strval, 0, sizeof(strval));
@@ -647,8 +646,8 @@ krb5_ldap_put_principal(context, entries, nentries, db_args)
                    goto cleanup;
                values = ldap_explode_dn(xargs.dn, 1);
                if (values == NULL) {
-                    st = EINVAL;
-                    krb5_set_error_message(context, st, "Invalid DN");
+                   st = EINVAL;
+                   krb5_set_error_message(context, st, "Invalid DN");
                    goto cleanup;
                }
                memset(strval, 0, sizeof(strval));
@@ -663,7 +662,7 @@ krb5_ldap_put_principal(context, entries, nentries, db_args)
                    goto cleanup;
                }
                ldap_value_free(values);
-           } else { 
+           } else {
                memset(strval, 0, sizeof(strval));
                strval[0] = "krbprincipal";
                strval[1] = "krbprincipalaux";
@@ -675,13 +674,13 @@ krb5_ldap_put_principal(context, entries, nentries, db_args)
        } else { /* update the objectclass attribute if any of these is missing */
            char *attrvalues[] = {"krbprincipalaux", "krbpolicyaux", "krbpwdpolicyrefaux", NULL};
            int p, q, r=0, amask=0;
-       
+
            if ((st=checkattributevalue(ld, xargs.dn, "objectclass", attrvalues, &amask)) != 0) {
-                st = KRB5_KDB_UK_RERROR;
+               st = KRB5_KDB_UK_RERROR;
                goto cleanup;
            }
            memset(strval, 0, sizeof(strval));
-           for(p=1, q=0; p<=4; p<<=1, ++q) {
+           for (p=1, q=0; p<=4; p<<=1, ++q) {
                if ((p & amask) == 0)
                    strval[r++] = attrvalues[q];
            }
@@ -690,24 +689,24 @@ krb5_ldap_put_principal(context, entries, nentries, db_args)
                    goto cleanup;
            }
        }
-    
-       if (entries->mask & KDB_MAX_LIFE) {    
+
+       if (entries->mask & KDB_MAX_LIFE) {
            if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbmaxticketlife", LDAP_MOD_REPLACE, entries->max_life)) != 0)
                goto cleanup;
        }
-    
+
        if (entries->mask & KDB_MAX_RLIFE) {
            if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbmaxrenewableage", LDAP_MOD_REPLACE,
                                              entries->max_renewable_life)) != 0)
                goto cleanup;
        }
-    
+
        if (entries->mask & KDB_ATTRIBUTES) {
            if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbticketflags", LDAP_MOD_REPLACE,
                                              entries->attributes)) != 0)
                goto cleanup;
        }
-    
+
        if (entries->mask & KDB_PRINCIPAL) {
            memset(strval, 0, sizeof(strval));
            strval[0] = user;
@@ -725,32 +724,32 @@ krb5_ldap_put_principal(context, entries, nentries, db_args)
            }
            free (strval[0]);
        }
-    
+
        if (entries->mask & KDB_PW_EXPIRATION) {
            memset(strval, 0, sizeof(strval));
            if ((strval[0]=getstringtime(entries->pw_expiration)) == NULL)
                goto cleanup;
            if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbpasswordexpiration",
-                                             LDAP_MOD_REPLACE, 
+                                             LDAP_MOD_REPLACE,
                                              strval)) != 0) {
                free (strval[0]);
                goto cleanup;
            }
            free (strval[0]);
        }
-    
+
        if (entries->mask & KDB_POLICY) {
-           for(tl_data=entries->tl_data; tl_data; tl_data=tl_data->tl_data_next) {
+           for (tl_data=entries->tl_data; tl_data; tl_data=tl_data->tl_data_next) {
                if (tl_data->tl_data_type == KRB5_TL_KADM_DATA) {
                    memset(&princ_ent, 0, sizeof(princ_ent));
                    /* FIX ME: I guess the princ_ent should be freed after this call */
-                   if((st = krb5_lookup_tl_kadm_data(tl_data, &princ_ent)) != 0) {
+                   if ((st = krb5_lookup_tl_kadm_data(tl_data, &princ_ent)) != 0) {
                        goto cleanup;
                    }
                }
            }
-       
-           if(princ_ent.aux_attributes & KDB_POLICY) { 
+
+           if (princ_ent.aux_attributes & KDB_POLICY) {
                memset(strval, 0, sizeof(strval));
                strval[0] = princ_ent.policy;
                if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbpwdpolicyreference", LDAP_MOD_REPLACE, strval)) != 0)
@@ -761,20 +760,20 @@ krb5_ldap_put_principal(context, entries, nentries, db_args)
                goto cleanup;
            }
        }
-    
+
        if (entries->mask & KDB_POLICY_CLR) {
            memset(strval, 0, sizeof(strval));
            if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbpwdpolicyreference", LDAP_MOD_DELETE, strval)) != 0)
                goto cleanup;
        }
-    
+
        if (entries->mask & KDB_KEY_DATA || entries->mask & KDB_KVNO) {
            int kcount=0, zero=0, salttype=0, totalkeys=0;
            char *currpos=NULL, *krbsecretkey=NULL;
-       
+
            /* delete the old keys */
            if (oldkeys) {
-               if ((st=krb5_add_ber_mem_ldap_mod(&mods, "krbsecretkey", LDAP_MOD_DELETE | LDAP_MOD_BVALUES, 
+               if ((st=krb5_add_ber_mem_ldap_mod(&mods, "krbsecretkey", LDAP_MOD_DELETE | LDAP_MOD_BVALUES,
                                                  oldkeys->keys)) != 0)
                    goto cleanup;
            }
@@ -789,7 +788,7 @@ krb5_ldap_put_principal(context, entries, nentries, db_args)
            for (kcount=0; kcount < entries->n_key_data; ++kcount)
                keys[kcount] = entries->key_data+kcount;
            totalkeys = entries->n_key_data;
-      
+
            kcount = 0;
            while (totalkeys) {
                int                    noofkeys=0, currkvno=0, currkvno_org=0, rlen=0;
@@ -800,11 +799,11 @@ krb5_ldap_put_principal(context, entries, nentries, db_args)
                memset(krbsecretkey, 0, MAX_KEY_LENGTH);
                currpos = krbsecretkey;
                rlen = MAX_KEY_LENGTH;
-       
+
                STORE16_INT(currpos, plen); /* principal len */
                currpos +=2;
                rlen -=2;
-       
+
                for (l=0; l < entries->n_key_data; ++l)
                    if (keys[l] != NULL) {
                        currkvno = keys[l]->key_data_kvno;
@@ -815,88 +814,88 @@ krb5_ldap_put_principal(context, entries, nentries, db_args)
                STORE16_INT(currpos, currkvno); /* principal key version */
                currpos +=2;
                rlen -=2;
-       
+
                memset(currpos, 0, 2); /* master key version */
                currpos +=2;
                rlen -=2;
-       
+
                if ((st=krb5_dbe_lookup_last_pwd_change(context, entries, &last_pw_changed)) != 0)
                    goto cleanup;
                STORE32_INT(currpos, last_pw_changed); /* last pwd change */
                currpos += 4;
                rlen -=4;
-           
+
                for (noofkeys=0; l < entries->n_key_data; ++l)
                    if (keys[l] && keys[l]->key_data_kvno == currkvno_org)
                        ++noofkeys;
-       
+
                STORE16_INT(currpos, noofkeys); /* number of keys */
                currpos +=2;
                rlen -=2;
-       
+
                /* key type, key length, salt type and salt type */
                for (l=0; l<entries->n_key_data; ++l) {
-                   if ( keys[l] && keys[l]->key_data_kvno == currkvno_org) {
+                   if (keys[l] && keys[l]->key_data_kvno == currkvno_org) {
                        STORE16_INT(currpos, keys[l]->key_data_type[0]);
                        currpos +=2;
-                       rlen -=2;
+                       rlen -=2;
                        STORE16_INT(currpos, keys[l]->key_data_length[0]);
                        currpos +=2;
-                       rlen -=2;
-           
-                       STORE16_INT(currpos, keys[l]->key_data_type[1]); 
+                       rlen -=2;
+
+                       STORE16_INT(currpos, keys[l]->key_data_type[1]);
                        currpos +=2;
-                       rlen -=2;
+                       rlen -=2;
                        salttype = keys[l]->key_data_type[1];
                        if (salttype==KRB5_KDB_SALTTYPE_NOREALM || salttype==KRB5_KDB_SALTTYPE_ONLYREALM) {
-                           STORE16_INT(currpos, zero);       
+                           STORE16_INT(currpos, zero);
                        } else {
                            STORE16_INT(currpos, keys[l]->key_data_length[1]);
                        }
                        currpos +=2;
-                       rlen -=2;
-                   } 
+                       rlen -=2;
+                   }
+               }
+               if (plen > rlen) {
+                   st = EINVAL;
+                   snprintf(errbuf, sizeof(errbuf), "Insufficient buffer while storing the key of principal %s", user);
+                   krb5_set_error_message(context, st, "%s", errbuf);
+                   goto cleanup;
                }
-                if (plen > rlen) {
-                    st = EINVAL;
-                    snprintf(errbuf, sizeof(errbuf), "Insufficient buffer while storing the key of principal %s", user);
-                    krb5_set_error_message(context, st, "%s", errbuf);
-                    goto cleanup;
-                }
                memcpy(currpos, user, (unsigned int)plen);   /* principal name */
                currpos +=plen;
                rlen -=plen;
-       
+
                /* key value, salt value */
-               for(l=0; l<entries->n_key_data; ++l) {
+               for (l=0; l<entries->n_key_data; ++l) {
                    if (keys[l] && keys[l]->key_data_kvno == currkvno_org) {
                        if (keys[l]->key_data_length[0]) {
-                            if (keys[l]->key_data_length[0] > rlen) {
-                                st = EINVAL;
-                                snprintf(errbuf, sizeof(errbuf), "Insufficient buffer while storing the key of principal %s", user);
-                                krb5_set_error_message(context, st, "%s", errbuf);
-                                goto cleanup;
-                            }
+                           if (keys[l]->key_data_length[0] > rlen) {
+                               st = EINVAL;
+                               snprintf(errbuf, sizeof(errbuf), "Insufficient buffer while storing the key of principal %s", user);
+                               krb5_set_error_message(context, st, "%s", errbuf);
+                               goto cleanup;
+                           }
                            memcpy(currpos, keys[l]->key_data_contents[0], keys[l]->key_data_length[0]);
                            currpos += keys[l]->key_data_length[0];
-                            rlen -= keys[l]->key_data_length[0];
-                       }
-           
+                           rlen -= keys[l]->key_data_length[0];
+                       }
+
                        salttype = keys[l]->key_data_type[1];
-                       if (keys[l]->key_data_length[1] && (!(salttype==KRB5_KDB_SALTTYPE_NOREALM 
+                       if (keys[l]->key_data_length[1] && (!(salttype==KRB5_KDB_SALTTYPE_NOREALM
                                                              || salttype==KRB5_KDB_SALTTYPE_ONLYREALM))) {
-                            if (keys[l]->key_data_length[1] > rlen) {
-                                st = EINVAL;
-                                snprintf(errbuf, sizeof(errbuf), "Insufficient buffer while storing the key of principal %s", user);
-                                krb5_set_error_message(context, st, "%s", errbuf);
-                                goto cleanup;
-                            }
+                           if (keys[l]->key_data_length[1] > rlen) {
+                               st = EINVAL;
+                               snprintf(errbuf, sizeof(errbuf), "Insufficient buffer while storing the key of principal %s", user);
+                               krb5_set_error_message(context, st, "%s", errbuf);
+                               goto cleanup;
+                           }
                            memcpy(currpos, keys[l]->key_data_contents[1], keys[l]->key_data_length[1]);
                            currpos += keys[l]->key_data_length[1];
-                            rlen -= keys[l]->key_data_length[1];
+                           rlen -= keys[l]->key_data_length[1];
                        }
                        keys[l] = NULL;
-                   } 
+                   }
                }
                bersecretkey[kcount] = malloc (sizeof (struct berval));
                CHECK_NULL(bersecretkey[kcount]);
@@ -904,125 +903,123 @@ krb5_ldap_put_principal(context, entries, nentries, db_args)
                bersecretkey[kcount++]->bv_val = krbsecretkey;
                totalkeys = totalkeys - noofkeys;
            }
-           if ((st=krb5_add_ber_mem_ldap_mod(&mods, "krbsecretkey", 
+           if ((st=krb5_add_ber_mem_ldap_mod(&mods, "krbsecretkey",
                                              LDAP_MOD_ADD | LDAP_MOD_BVALUES, bersecretkey)) != 0)
                goto cleanup;
 
-                if (!(entries->mask & KDB_PRINCIPAL)){
-                       memset(strval, 0, sizeof(strval));
-                       if ((strval[0]=getstringtime(entries->pw_expiration)) == NULL)
-                               goto cleanup;
-                       if ((st=krb5_add_str_mem_ldap_mod(&mods,
-                                                  "krbpasswordexpiration",
-                                                  LDAP_MOD_REPLACE, strval)) != 0) {
-                    free (strval[0]);
-                    goto cleanup;
-                }
+           if (!(entries->mask & KDB_PRINCIPAL)) {
+               memset(strval, 0, sizeof(strval));
+               if ((strval[0]=getstringtime(entries->pw_expiration)) == NULL)
+                   goto cleanup;
+               if ((st=krb5_add_str_mem_ldap_mod(&mods,
+                                                 "krbpasswordexpiration",
+                                                 LDAP_MOD_REPLACE, strval)) != 0) {
+                   free (strval[0]);
+                   goto cleanup;
+               }
                free (strval[0]);
            }
        } /* Modify Key data ends here */
 
        /* Directory specific attribute */
        if (xargs.tktpolicydn != NULL) {
-               int tmask=0, tkttree = 0, subtreednlen = 0, ntre = 0, tktdnlen = 0;
+           int tmask=0, tkttree = 0, subtreednlen = 0, ntre = 0, tktdnlen = 0;
 
-               char *subtreednlist[2]={NULL};
-               krb5_boolean dnoutofsubtree=TRUE;
+           char *subtreednlist[2]={NULL};
+           krb5_boolean dnoutofsubtree=TRUE;
 
-               if ((st=krb5_get_policydn(context, entries, &oldpolicydn)) != 0)
-                       goto cleanup;
-               
-               if (strlen(xargs.tktpolicydn) != 0) {
-                       st = checkattributevalue(ld, xargs.tktpolicydn, "objectclass", policyclass, &tmask);
-                       CHECK_CLASS_VALIDITY(st, tmask, "ticket policy object value: ");
-
-                       memset(strval, 0, sizeof(strval));
-                       strval[0] = xargs.tktpolicydn;
-                       if ((st = krb5_get_subtree_info(ldap_context, subtreednlist, &ntre)) != 0)
-                               goto cleanup;
+           if ((st=krb5_get_policydn(context, entries, &oldpolicydn)) != 0)
+               goto cleanup;
 
-                       for( tkttree=0; tkttree<ntre; ++tkttree ) {
-                               if( subtreednlist[tkttree] == NULL || strlen(subtreednlist[tkttree]) == 0 ) {
-                                       dnoutofsubtree = FALSE;
-                                       break;
-                               } else {
-                                       tktdnlen = strlen (xargs.tktpolicydn);
-                                       subtreednlen = strlen(subtreednlist[tkttree]);
-                                       
-                                       if ((tktdnlen > subtreednlen) && (strcasecmp((xargs.tktpolicydn + tktdnlen - subtreednlen), subtreednlist[tkttree]) == 0)) {
-                                               dnoutofsubtree = FALSE;
-                                               break;
-                                       }
-                               }
-                       }
-                       for( tkttree=0; tkttree < ntre; ++tkttree ) {
-                               free( subtreednlist[tkttree] );
-                       }
-                       if( dnoutofsubtree == TRUE ) {
-                               st = EINVAL;
-                               prepend_err_str(context,"Ticket Policy DN is out of the realm subtree",st,st);
-                               goto cleanup;
-                       }
+           if (strlen(xargs.tktpolicydn) != 0) {
+               st = checkattributevalue(ld, xargs.tktpolicydn, "objectclass", policyclass, &tmask);
+               CHECK_CLASS_VALIDITY(st, tmask, "ticket policy object value: ");
 
-                       if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbpolicyreference", LDAP_MOD_REPLACE, strval)) != 0)
-                               goto cleanup;
-                       if(oldpolicydn != NULL){        
-                               if(strncmp(xargs.tktpolicydn,oldpolicydn,strlen(xargs.tktpolicydn)) != 0)
-                               {
-                                       if ((st = krb5_ldap_change_count(context, oldpolicydn,2 )))
-                                               goto cleanup;
-                               }
+               memset(strval, 0, sizeof(strval));
+               strval[0] = xargs.tktpolicydn;
+               if ((st = krb5_get_subtree_info(ldap_context, subtreednlist, &ntre)) != 0)
+                   goto cleanup;
+
+               for (tkttree=0; tkttree<ntre; ++tkttree) {
+                   if (subtreednlist[tkttree] == NULL || strlen(subtreednlist[tkttree]) == 0) {
+                       dnoutofsubtree = FALSE;
+                       break;
+                   } else {
+                       tktdnlen = strlen (xargs.tktpolicydn);
+                       subtreednlen = strlen(subtreednlist[tkttree]);
+
+                       if ((tktdnlen > subtreednlen) && (strcasecmp((xargs.tktpolicydn + tktdnlen - subtreednlen), subtreednlist[tkttree]) == 0)) {
+                           dnoutofsubtree = FALSE;
+                           break;
                        }
+                   }
+               }
+               for (tkttree=0; tkttree < ntre; ++tkttree) {
+                   free(subtreednlist[tkttree]);
+               }
+               if (dnoutofsubtree == TRUE) {
+                   st = EINVAL;
+                   prepend_err_str(context,"Ticket Policy DN is out of the realm subtree",st,st);
+                   goto cleanup;
+               }
 
-                       if ((st = krb5_ldap_change_count(context, xargs.tktpolicydn,1 )))
-                               goto cleanup;
+               if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbpolicyreference", LDAP_MOD_REPLACE, strval)) != 0)
+                   goto cleanup;
+               if (oldpolicydn != NULL) {
+                   if (strncmp(xargs.tktpolicydn,oldpolicydn,strlen(xargs.tktpolicydn)) != 0) {
+                       if ((st = krb5_ldap_change_count(context, oldpolicydn,2)))
+                           goto cleanup;
+                   }
+               }
+
+               if ((st = krb5_ldap_change_count(context, xargs.tktpolicydn,1)))
+                   goto cleanup;
+           } else {
+               /* if xargs.tktpolicydn is a empty string, then delete already existing krbpolicyreference attr */
+               if (tktpolicy_set == FALSE) {      /* if the attribute is not present then abort */
+                   st = EINVAL;
+                   prepend_err_str(context,"'ticketpolicydn' empty",st,st);
+                   goto cleanup;
                } else {
-                       /* if xargs.tktpolicydn is a empty string, then delete already existing krbpolicyreference attr */
-                       if (tktpolicy_set == FALSE) {      /* if the attribute is not present then abort */
-                               st = EINVAL;
-                               prepend_err_str(context,"'ticketpolicydn' empty",st,st);
-                               goto cleanup;
-                       } else {
-                               memset(strval, 0, sizeof(strval));
-                               if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbpolicyreference", LDAP_MOD_DELETE, strval)) != 0)
-                                       goto cleanup;
-                       }
+                   memset(strval, 0, sizeof(strval));
+                   if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbpolicyreference", LDAP_MOD_DELETE, strval)) != 0)
+                       goto cleanup;
                }
-              
+           }
+
        }
        if (dnfound == TRUE) {
-            if (mods == NULL) {
-                goto cleanup;
-            }
+           if (mods == NULL) {
+               goto cleanup;
+           }
            st=ldap_modify_s(ld, xargs.dn, mods);
-            if (st != LDAP_SUCCESS) {
-                sprintf(errbuf, "User modification failed: %s", ldap_err2string(st));
-                st = translate_ldap_error (st, OP_MOD);
-                krb5_set_error_message(context, st, "%s", errbuf);
-                goto cleanup;
-            }
-        }
-       else {
-           st=ldap_add_s(ld, xargs.dn, mods);  
            if (st != LDAP_SUCCESS) {
-                   sprintf(errbuf, "Principal add failed: %s", ldap_err2string(st));
-                   st = translate_ldap_error (st, OP_ADD);
-                   krb5_set_error_message(context, st, "%s", errbuf);
-                   goto cleanup;
+               sprintf(errbuf, "User modification failed: %s", ldap_err2string(st));
+               st = translate_ldap_error (st, OP_MOD);
+               krb5_set_error_message(context, st, "%s", errbuf);
+               goto cleanup;
+           }
+       } else {
+           st=ldap_add_s(ld, xargs.dn, mods);
+           if (st != LDAP_SUCCESS) {
+               sprintf(errbuf, "Principal add failed: %s", ldap_err2string(st));
+               st = translate_ldap_error (st, OP_ADD);
+               krb5_set_error_message(context, st, "%s", errbuf);
+               goto cleanup;
            }
        }
 
     }
-    
- cleanup:
-    if (user) 
+
+cleanup:
+    if (user)
        free(user);
-    
+
     free_xargs(xargs);
 
     if (subtree)
        free (subtree);
-    
+
     if (bersecretkey) {
        for (l=0; bersecretkey[l]; ++l) {
            if (bersecretkey[l]->bv_val)
@@ -1031,10 +1028,10 @@ krb5_ldap_put_principal(context, entries, nentries, db_args)
        }
        free (bersecretkey);
     }
-    
+
     if (keys)
        free (keys);
-    
+
     if (oldkeys) {
        for (l=0; l < oldkeys->nkey; ++l) {
            if (oldkeys->keys[l]->bv_val)
@@ -1060,7 +1057,7 @@ krb5_read_tkt_policyreference(context, ldap_context, entries, policydn)
     krb5_error_code             st=0;
     unsigned int                mask=0, omask=0;
     int                         tkt_mask=(KDB_MAX_LIFE_ATTR | KDB_MAX_RLIFE_ATTR | KDB_TKT_FLAGS_ATTR);
-    krb5_ldap_policy_params     *tktpoldnparam=NULL;    
+    krb5_ldap_policy_params     *tktpoldnparam=NULL;
 
     if ((st=krb5_get_attributes_mask(context, entries, &mask)) != 0)
        goto cleanup;
@@ -1069,47 +1066,47 @@ krb5_read_tkt_policyreference(context, ldap_context, entries, policydn)
        if (policydn != NULL) {
            st = krb5_ldap_read_policy(context, policydn, &tktpoldnparam, &omask);
            if (st && st != KRB5_KDB_NOENTRY) {
-                prepend_err_str(context, "Error reading ticket policy. ", st, st);
+               prepend_err_str(context, "Error reading ticket policy. ", st, st);
                goto cleanup;
-            }
-           
+           }
+
            st = 0; /* reset the return status */
        }
-       
+
        if ((mask & KDB_MAX_LIFE_ATTR) == 0) {
            if ((omask & KDB_MAX_LIFE_ATTR) ==  KDB_MAX_LIFE_ATTR)
                entries->max_life = tktpoldnparam->maxtktlife;
            else if (ldap_context->lrparams->max_life)
                entries->max_life = ldap_context->lrparams->max_life;
-           else if(ldap_context->krbcontainer->max_life)
+           else if (ldap_context->krbcontainer->max_life)
                entries->max_life = ldap_context->krbcontainer->max_life;
            else
-               entries->max_life = KRB5_KDB_MAX_LIFE; 
+               entries->max_life = KRB5_KDB_MAX_LIFE;
        }
-       
+
        if ((mask & KDB_MAX_RLIFE_ATTR) == 0) {
            if ((omask & KDB_MAX_RLIFE_ATTR) == KDB_MAX_RLIFE_ATTR)
                entries->max_renewable_life = tktpoldnparam->maxrenewlife;
            else if (ldap_context->lrparams->max_renewable_life)
                entries->max_renewable_life = ldap_context->lrparams->max_renewable_life;
-           else if(ldap_context->krbcontainer->max_renewable_life)
+           else if (ldap_context->krbcontainer->max_renewable_life)
                entries->max_renewable_life = ldap_context->krbcontainer->max_renewable_life;
            else
                entries->max_renewable_life = KRB5_KDB_MAX_RLIFE;
        }
-       
+
        if ((mask & KDB_TKT_FLAGS_ATTR) == 0) {
            if ((omask & KDB_TKT_FLAGS_ATTR) == KDB_TKT_FLAGS_ATTR)
                entries->attributes = tktpoldnparam->tktflags;
            else if (ldap_context->lrparams->tktflags)
                entries->attributes |= ldap_context->lrparams->tktflags;
-           else if(ldap_context->krbcontainer->tktflags)
+           else if (ldap_context->krbcontainer->tktflags)
                entries->attributes |= ldap_context->krbcontainer->tktflags;
        }
        krb5_ldap_free_policy(context, tktpoldnparam);
     }
-    
- cleanup:
+
+cleanup:
     return st;
 }
 
@@ -1126,62 +1123,62 @@ krb5_decode_krbsecretkey(context, entries, bvalues, userinfo_tl_data)
     krb5_key_data               *key_data=NULL;
     krb5_error_code             st=0;
     krb5_timestamp              last_pw_changed=0;
-    
+
     if ((st=krb5_unparse_name(context, entries->princ, &user)) != 0)
-        goto cleanup;
-    
-    for(i=0; bvalues[i] != NULL; ++i) {
+       goto cleanup;
+
+    for (i=0; bvalues[i] != NULL; ++i) {
+
+       ptr = (char *) bvalues[i]->bv_val;
 
-       ptr = (char *) bvalues[i]->bv_val;            
-                   
        /* check the consistency of the key */
-                       
-       if(bvalues[i]->bv_len < KEYHEADER)  /* key smaller than the header size */
-           continue;         
-       
+
+       if (bvalues[i]->bv_len < KEYHEADER)  /* key smaller than the header size */
+           continue;
+
        plen = PRINCIPALLEN(ptr);
        if (NOOFKEYS(ptr) == 0)
            continue;
-       
+
        keylen = KEYHEADER + (8 * NOOFKEYS(ptr));
-       if (bvalues[i]->bv_len < keylen) /* key or salt header info corrupted*/ 
+       if (bvalues[i]->bv_len < keylen) /* key or salt header info corrupted*/
            continue;
-       
+
        keylen += plen;
-       if (bvalues[i]->bv_len < keylen) /* principal info corrupted */ 
+       if (bvalues[i]->bv_len < keylen) /* principal info corrupted */
            continue;
-                   
-       for(k=0; k<NOOFKEYS(ptr); ++k)
+
+       for (k=0; k<NOOFKEYS(ptr); ++k)
            keylen += KEYLENGTH(ptr, k) + SALTLENGTH(ptr, k);
-                   
+
        if (bvalues[i]->bv_len < keylen) /* key or salt values corrupted */
            continue;
 
        pname = PRINCIPALNAME(ptr);   /* set pname to principalName field */
-       
+
        /* key doesn't belong to the principal */
        if (strncmp(user, pname, (unsigned) plen) != 0)
            continue;
 
        /* Number of Principal Keys */
        noofkeys += NOOFKEYS(ptr);
-                   
+
        if ((st=store_tl_data(userinfo_tl_data, KDB_TL_KEYINFO, bvalues[i])) != 0)
            goto cleanup;
-                   
+
        pkeyver = PKEYVER(ptr);             /* Principal Key Version */
        mkeyver = MKEYVER(ptr);             /* Master Key Version */
 
        if (ist_pkeyver == 0 || pkeyver >= ist_pkeyver) {
            ist_pkeyver = pkeyver;
-           /* last password changed */      
+           /* last password changed */
            last_pw_changed = 0;
            last_pw_changed += (ptr[6] & 0xFF) << 24;
            last_pw_changed += (ptr[7] & 0xFF) << 16;
            last_pw_changed += (ptr[8] & 0xFF) << 8;
            last_pw_changed += (ptr[9] & 0xFF) << 0;
-           
-           if ((st=krb5_dbe_update_last_pwd_change(context, entries, 
+
+           if ((st=krb5_dbe_update_last_pwd_change(context, entries,
                                                    last_pw_changed)) != 0)
                goto cleanup;
        }
@@ -1195,23 +1192,23 @@ krb5_decode_krbsecretkey(context, entries, bvalues, userinfo_tl_data)
 
        currentkey = KEYBODY(ptr);
        for (k=0; j<noofkeys; ++k, ++j) {
-                       
-           key_data[j].key_data_ver = 1; 
+
+           key_data[j].key_data_ver = 1;
            key_data[j].key_data_kvno = pkeyver;
-                       
+
            key_data[j].key_data_type[0] = KEYTYPE(ptr,k); /* get  key type */
            key_data[j].key_data_length[0] = KEYLENGTH(ptr,k); /* get key length */
            key_data[j].key_data_type[1] = SALTTYPE(ptr,k); /* get salt type */
            key_data[j].key_data_length[1] = SALTLENGTH(ptr,k); /* get salt length */
-                       
+
            key_data[j].key_data_contents[0] = malloc(key_data[j].key_data_length[0]);
            if (key_data[j].key_data_contents[0] == NULL) {
                st = ENOMEM;
                goto cleanup;
            }
-           memcpy(key_data[j].key_data_contents[0], currentkey, 
+           memcpy(key_data[j].key_data_contents[0], currentkey,
                   key_data[j].key_data_length[0]);
-                       
+
            currentsalt = currentkey + key_data[j].key_data_length[0];
            if (key_data[j].key_data_length[1] != 0) {
 
@@ -1221,16 +1218,16 @@ krb5_decode_krbsecretkey(context, entries, bvalues, userinfo_tl_data)
                    st = ENOMEM;
                    goto cleanup;
                }
-               memcpy(key_data[j].key_data_contents[1], currentsalt, 
+               memcpy(key_data[j].key_data_contents[1], currentsalt,
                       key_data[j].key_data_length[1]);
 
            } else if (key_data[j].key_data_type[1] == KRB5_KDB_SALTTYPE_NOREALM ||
                       key_data[j].key_data_type[1] == KRB5_KDB_SALTTYPE_ONLYREALM) {
                char *def_realm = NULL;
                krb5_data norealmval;
-                           
-               key_data[j].key_data_ver = 2;               
-               switch(key_data[j].key_data_type[1]) {
+
+               key_data[j].key_data_ver = 2;
+               switch (key_data[j].key_data_type[1]) {
                case KRB5_KDB_SALTTYPE_ONLYREALM:
                    def_realm = entries->princ->realm.data;
                    key_data[j].key_data_length[1] = strlen (def_realm);
@@ -1239,13 +1236,13 @@ krb5_decode_krbsecretkey(context, entries, bvalues, userinfo_tl_data)
                        st = ENOMEM;
                        goto cleanup;
                    }
-                   memcpy(key_data[j].key_data_contents[1], 
+                   memcpy(key_data[j].key_data_contents[1],
                           def_realm, key_data[j].key_data_length[1]);
                    break;
-                     
+
                case KRB5_KDB_SALTTYPE_NOREALM:
                    memset(&norealmval, 0, sizeof(krb5_data));
-                   if ((st = krb5_principal2salt_norealm(context, entries->princ, 
+                   if ((st = krb5_principal2salt_norealm(context, entries->princ,
                                                          &norealmval)) != 0) {
                        goto cleanup;
                    }
@@ -1256,7 +1253,7 @@ krb5_decode_krbsecretkey(context, entries, bvalues, userinfo_tl_data)
                }
            } else if (key_data[j].key_data_type[1] == KRB5_KDB_SALTTYPE_V4) {
                key_data[j].key_data_contents[1] = NULL;
-               key_data[j].key_data_ver = 2;               
+               key_data[j].key_data_ver = 2;
            } else {
                key_data[j].key_data_contents[1] = NULL;
            }
@@ -1266,8 +1263,8 @@ krb5_decode_krbsecretkey(context, entries, bvalues, userinfo_tl_data)
        entries->key_data = key_data;
     }
 
- cleanup:
-    ldap_value_free_len(bvalues);          
+cleanup:
+    ldap_value_free_len(bvalues);
     free (user);
     return st;
 }
@@ -1279,14 +1276,14 @@ getstringtime(epochtime)
     struct tm           tme;
     char                *strtime=NULL;
     time_t             posixtime = epochtime;
-    
+
     strtime = calloc (50, 1);
     if (strtime == NULL)
        return NULL;
-    
+
     if (gmtime_r(&posixtime, &tme) == NULL)
        return NULL;
-    
+
     strftime(strtime, 50, "%Y%m%d%H%M%SZ", &tme);
     return strtime;
 }
index 2cbb444e7ce016bc3500017931c8b12930cfa02a..074f2475239ffebf06c357b6f79b8b21c0278683 100644 (file)
 #include "ldap_err.h"
 
 static char *password_policy_attributes[] = { "krbmaxpwdlife", "krbminpwdlife", "krbpwdmindiffchars",
-                                             "krbpwdminlength", "krbpwdhistorylength", "krbpwdpolicyrefcount", 
+                                             "krbpwdminlength", "krbpwdhistorylength", "krbpwdpolicyrefcount",
                                              NULL };
 
 /*
- * Function to create password policy object. 
+ * Function to create password policy object.
  */
 
 krb5_error_code
@@ -58,7 +58,7 @@ krb5_ldap_create_password_policy (context, policy)
     krb5_clear_error_message(context);
 
     /* validate the input parameters */
-    if (policy == NULL || policy->name == NULL) 
+    if (policy == NULL || policy->name == NULL)
        return EINVAL;
 
     SETUP_CONTEXT();
@@ -67,21 +67,21 @@ krb5_ldap_create_password_policy (context, policy)
     /* get the first component of the dn to set the cn attribute */
     rdns = ldap_explode_dn(policy->name, 1);
     if (rdns == NULL) {
-        st = EINVAL;
-        krb5_set_error_message(context, st, "Invalid password policy DN syntax");
+       st = EINVAL;
+       krb5_set_error_message(context, st, "Invalid password policy DN syntax");
        goto cleanup;
     }
-    
+
     strval[0] = rdns[0];
     if ((st=krb5_add_str_mem_ldap_mod(&mods, "cn", LDAP_MOD_ADD, strval)) != 0)
-      goto cleanup;
-    
+       goto cleanup;
+
     strval[0] = "krbPwdPolicy";
     if ((st=krb5_add_str_mem_ldap_mod(&mods, "objectclass", LDAP_MOD_ADD, strval)) != 0)
-      goto cleanup;
-    
-    if (((st=krb5_add_int_mem_ldap_mod(&mods, "krbmaxpwdlife", LDAP_MOD_ADD, 
-                                      (signed) policy->pw_max_life)) != 0) 
+       goto cleanup;
+
+    if (((st=krb5_add_int_mem_ldap_mod(&mods, "krbmaxpwdlife", LDAP_MOD_ADD,
+                                      (signed) policy->pw_max_life)) != 0)
        || ((st=krb5_add_int_mem_ldap_mod(&mods, "krbminpwdlife", LDAP_MOD_ADD,
                                          (signed) policy->pw_min_life)) != 0)
        || ((st=krb5_add_int_mem_ldap_mod(&mods, "krbpwdmindiffchars", LDAP_MOD_ADD,
@@ -96,11 +96,11 @@ krb5_ldap_create_password_policy (context, policy)
 
     /* password policy object creation */
     if ((st=ldap_add_s(ld, policy->name, mods)) != LDAP_SUCCESS) {
-        st = set_ldap_error (context, st, OP_ADD);
+       st = set_ldap_error (context, st, OP_ADD);
        goto cleanup;
     }
-    
- cleanup:
+
+cleanup:
     if (rdns)
        ldap_value_free(rdns);
 
@@ -129,7 +129,7 @@ krb5_ldap_put_password_policy (context, policy)
     krb5_clear_error_message(context);
 
     /* validate the input parameters */
-    if (policy == NULL || policy->name == NULL) 
+    if (policy == NULL || policy->name == NULL)
        return EINVAL;
 
     SETUP_CONTEXT();
@@ -148,20 +148,20 @@ krb5_ldap_put_password_policy (context, policy)
        || ((st=krb5_add_int_mem_ldap_mod(&mods, "krbpwdpolicyrefcount", LDAP_MOD_REPLACE,
                                          (signed) policy->policy_refcnt)) != 0))
        goto cleanup;
-    
+
     /* modify the password policy object. */
     if ((st=ldap_modify_s(ld, policy->name, mods)) != LDAP_SUCCESS) {
-        st = set_ldap_error (context, st, OP_MOD);
+       st = set_ldap_error (context, st, OP_MOD);
        goto cleanup;
     }
-    
- cleanup:
+
+cleanup:
     ldap_mods_free(mods, 1);
-    krb5_ldap_put_handle_to_pool(ldap_context, ldap_server_handle);    
+    krb5_ldap_put_handle_to_pool(ldap_context, ldap_server_handle);
     return(st);
 }
 
-krb5_error_code 
+krb5_error_code
 krb5_ldap_get_password_policy (context, name, policy, cnt)
     krb5_context                context;
     char                        *name;
@@ -170,7 +170,7 @@ krb5_ldap_get_password_policy (context, name, policy, cnt)
 {
     krb5_error_code             st=0, tempst=0;
     LDAP                       *ld=NULL;
-    LDAPMessage                 *result=NULL,*ent=NULL;  
+    LDAPMessage                 *result=NULL,*ent=NULL;
     kdb5_dal_handle             *dal_handle=NULL;
     krb5_ldap_context           *ldap_context=NULL;
     krb5_ldap_server_handle     *ldap_server_handle=NULL;
@@ -179,17 +179,17 @@ krb5_ldap_get_password_policy (context, name, policy, cnt)
     krb5_clear_error_message(context);
 
     /* validate the input parameters */
-    if(name == NULL)
+    if (name == NULL)
        return EINVAL;
-    
+
     SETUP_CONTEXT();
     GET_HANDLE();
 
     *cnt = 0;
     *(policy) = (osa_policy_ent_t) malloc(sizeof(osa_policy_ent_rec));
     if (*policy == NULL) {
-        st = ENOMEM;
-        goto cleanup;
+       st = ENOMEM;
+       goto cleanup;
     }
     memset(*policy, 0, sizeof(osa_policy_ent_rec));
 
@@ -235,15 +235,15 @@ krb5_ldap_delete_password_policy (context, policy)
     krb5_clear_error_message(context);
 
     /* validate the input parameters */
-    if(policy == NULL)
-        return EINVAL;
+    if (policy == NULL)
+       return EINVAL;
 
     SETUP_CONTEXT();
     GET_HANDLE();
 
-    if((st=ldap_delete_s(ld, policy)) != LDAP_SUCCESS) {
-        st = set_ldap_error (context, st, OP_DEL);
-        goto cleanup;
+    if ((st=ldap_delete_s(ld, policy)) != LDAP_SUCCESS) {
+       st = set_ldap_error (context, st, OP_DEL);
+       goto cleanup;
     }
 
 cleanup:
@@ -252,10 +252,10 @@ cleanup:
 }
 
 krb5_error_code
-krb5_ldap_iterate_password_policy(context, match_expr, func, func_arg) 
+krb5_ldap_iterate_password_policy(context, match_expr, func, func_arg)
     krb5_context                context;
     char                        *match_expr;
-    void                        (*func) (krb5_pointer, osa_policy_ent_t );
+    void                        (*func) (krb5_pointer, osa_policy_ent_t);
     krb5_pointer                func_arg;
 {
     osa_policy_ent_rec          *entry=NULL;
@@ -279,7 +279,7 @@ krb5_ldap_iterate_password_policy(context, match_expr, func, func_arg)
     memset(entry, 0, sizeof(osa_policy_ent_rec));
 
     LDAP_SEARCH(NULL, LDAP_SCOPE_SUBTREE, "(objectclass=krbpwdpolicy)", attrs);
-    for(ent=ldap_first_entry(ld, result); ent != NULL; ent=ldap_next_entry(ld, ent)) {
+    for (ent=ldap_first_entry(ld, result); ent != NULL; ent=ldap_next_entry(ld, ent)) {
        if ((policy_dn=ldap_get_dn(ld, ent)) == NULL)
            continue;
        entry->name = policy_dn;
@@ -287,21 +287,21 @@ krb5_ldap_iterate_password_policy(context, match_expr, func, func_arg)
        ldap_memfree(policy_dn);
     }
     ldap_msgfree(result);
-     
- cleanup:
+
+cleanup:
     if (entry)
        free (entry);
-    
+
     krb5_ldap_put_handle_to_pool(ldap_context, ldap_server_handle);
     return st;
 }
 
-void 
+void
 krb5_ldap_free_password_policy (context, entry)
     krb5_context                context;
     osa_policy_ent_t            entry;
 {
-    if(entry)
-        free(entry);
+    if (entry)
+       free(entry);
     return;
 }
index d2ed2d9e55d35d4b3af90a1cba0ce1e682fc69d2..438df718f9ac492c4720347cc7f954cd83f25d13 100644 (file)
 #define END_OF_LIST -1
 char  *realm_attributes[] = {"krbSearchScope","krbSubTree",
                             "krbMaxTicketLife", "krbMaxRenewableAge",
-                            "krbTicketFlags", "krbDefaultEncType", 
-                            "krbDefaultSaltType", "krbUpEnabled", 
-                            "krbPolicyReference", "krbSupportedEncTypes", 
-                            "krbSupportedSaltTypes", "krbLdapServers", 
-                            "krbKdcServers",  "krbAdmServers", 
+                            "krbTicketFlags", "krbDefaultEncType",
+                            "krbDefaultSaltType", "krbUpEnabled",
+                            "krbPolicyReference", "krbSupportedEncTypes",
+                            "krbSupportedSaltTypes", "krbLdapServers",
+                            "krbKdcServers",  "krbAdmServers",
                             "krbPwdServers", NULL};
 
 
 char  *policy_attributes[] = { "krbMaxTicketLife",
-                               "krbMaxRenewableAge",
-                               "krbTicketFlags",
-                               NULL };
+                              "krbMaxRenewableAge",
+                              "krbTicketFlags",
+                              NULL };
 
 
 
@@ -55,16 +55,16 @@ char  *policyclass[] =     { "krbPolicy", NULL };
 char  *kdcclass[] =        { "krbKdcService", NULL };
 char  *adminclass[] =      { "krbAdmService", NULL };
 char  *pwdclass[] =        { "krbPwdService", NULL };
-char  *subtreeclass[] =    { "Organization", "OrganizationalUnit", "Domain", 
+char  *subtreeclass[] =    { "Organization", "OrganizationalUnit", "Domain",
                             "Country", "Locality", NULL };
 
 int supportedenctypes[] = { ENCTYPE_DES_CBC_CRC, ENCTYPE_DES_CBC_MD4, ENCTYPE_DES_CBC_MD5,
-                            ENCTYPE_DES3_CBC_SHA1, ENCTYPE_AES128_CTS_HMAC_SHA1_96,
-                            ENCTYPE_AES256_CTS_HMAC_SHA1_96, ENCTYPE_ARCFOUR_HMAC, -1};
+                           ENCTYPE_DES3_CBC_SHA1, ENCTYPE_AES128_CTS_HMAC_SHA1_96,
+                           ENCTYPE_AES256_CTS_HMAC_SHA1_96, ENCTYPE_ARCFOUR_HMAC, -1};
 
 int supportedsalttypes[] = { KRB5_KDB_SALTTYPE_NORMAL, KRB5_KDB_SALTTYPE_V4,
-                             KRB5_KDB_SALTTYPE_NOREALM, KRB5_KDB_SALTTYPE_ONLYREALM,
-                             KRB5_KDB_SALTTYPE_SPECIAL, -1};
+                            KRB5_KDB_SALTTYPE_NOREALM, KRB5_KDB_SALTTYPE_ONLYREALM,
+                            KRB5_KDB_SALTTYPE_SPECIAL, -1};
 
 
 char  *krbContainerRefclass[] = { "krbContainerRefAux", NULL};
@@ -75,10 +75,10 @@ ignore_duplicates(int_list)
     int         *int_list;
 {
     int  i=0, j=0, scount=0;
-    
+
     for (i=0; int_list[i] != END_OF_LIST; scount=i++)
        ;
-    
+
     for (i=0; i <= scount; ++i) {
        if (i > 0 && int_list[i] == int_list[i-1]) {
            for (j=i; j<=scount; ++j)
@@ -99,12 +99,12 @@ ignore_duplicates(int_list)
  * Function to remove all special characters from a string (rfc2254).
  * Use whenever exact matching is to be done ...
  */
-static char * 
+static char *
 ldap_filter_correct (unsigned char *in, unsigned int len)
 {
     int i, count;
     char *out, *ptr;
-    
+
     for (i = 0, count = 0; i < len; i++)
        switch (in[i]) {
        case '*':
@@ -114,7 +114,7 @@ ldap_filter_correct (unsigned char *in, unsigned int len)
        case '\0':
            count ++;
        }
-    
+
     out = (char *)malloc((len + (count * 2) + 1) * sizeof (char));
     assert (out != NULL);
     memset(out, 0, len + (count * 2) + 1);
@@ -182,7 +182,7 @@ static int principal_in_realm_2(krb5_principal principal, char *realm) {
 
 /*
  * Lists the realms in the Directory.
- */ 
+ */
 
 krb5_error_code
 krb5_ldap_list_realm(context, realms)
@@ -191,9 +191,9 @@ krb5_ldap_list_realm(context, realms)
 {
     char                        **values = NULL;
     unsigned int                i = 0, count = 0;
-    krb5_error_code             st = 0, tempst = 0; 
+    krb5_error_code             st = 0, tempst = 0;
     LDAP                        *ld = NULL;
-    LDAPMessage                 *result = NULL, *ent = NULL;  
+    LDAPMessage                 *result = NULL, *ent = NULL;
     kdb5_dal_handle             *dal_handle = NULL;
     krb5_ldap_context           *ldap_context = NULL;
     krb5_ldap_server_handle     *ldap_server_handle = NULL;
@@ -202,7 +202,7 @@ krb5_ldap_list_realm(context, realms)
 
     /* get the kerberos container DN information */
     if (ldap_context->krbcontainer == NULL) {
-       if ((st = krb5_ldap_read_krbcontainer_params(context, 
+       if ((st = krb5_ldap_read_krbcontainer_params(context,
                                                     &(ldap_context->krbcontainer))) != 0)
            goto cleanup;
     }
@@ -221,7 +221,7 @@ krb5_ldap_list_realm(context, realms)
     *realms = NULL;
 
     count = ldap_count_entries (ld, result);
-    if(count == -1){
+    if (count == -1) {
        ldap_get_option(ld, LDAP_OPT_ERROR_NUMBER, &st);
        st = set_ldap_error (context, st, OP_SEARCH);
        goto cleanup;
@@ -244,7 +244,7 @@ krb5_ldap_list_realm(context, realms)
     } /* for (ent= ... */
     ldap_msgfree(result);
 
- cleanup:
+cleanup:
 
     /* some error, free up all the memory */
     if (st != 0) {
@@ -266,7 +266,7 @@ krb5_ldap_list_realm(context, realms)
 
 /*
  * Delete the realm along with the principals belonging to the realm in the Directory.
- */ 
+ */
 
 krb5_error_code
 krb5_ldap_delete_realm (context, lrealm)
@@ -315,7 +315,7 @@ krb5_ldap_delete_realm (context, lrealm)
        lcontext.lrparams = rparam;
        if ((st=krb5_get_subtree_info(&lcontext, subtrees, &ntree)) != 0)
            goto cleanup;
-       
+
        for (l=0; l < ntree; ++l) {
            LDAP_SEARCH(subtrees[l], rparam->search_scope, filter, attr);
            result_arr[l] = result;
@@ -323,20 +323,20 @@ krb5_ldap_delete_realm (context, lrealm)
     }
 
     /* NOTE: Here all the principals should be cached and the ldap handle should be freed,
-     * as a DAL-LDAP interface is called right down here. Caching might be constrained by 
+     * as a DAL-LDAP interface is called right down here. Caching might be constrained by
      * availability of the memory. The caching is not done, however there would be limit
      * on the minimum number of handles for a server and it is 2. As the DAL-LDAP is not
      * thread-safe this should suffice.
      */
     for (j=0; (result=result_arr[j]) != NULL; ++j) {
-       for(ent = ldap_first_entry (ld, result); ent != NULL;
-           ent = ldap_next_entry (ld, ent)) {
+       for (ent = ldap_first_entry (ld, result); ent != NULL;
+            ent = ldap_next_entry (ld, ent)) {
            if ((values = ldap_get_values(ld, ent, "krbPrincipalName")) != NULL) {
                for (i = 0; values[i] != NULL; ++i) {
                    krb5_parse_name(context, values[i], &principal);
                    if (principal_in_realm_2(principal, lrealm) == 0) {
                        int nent = 0;
-                       if ((st=krb5_ldap_delete_principal(context, principal, 
+                       if ((st=krb5_ldap_delete_principal(context, principal,
                                                           &nent)) != LDAP_SUCCESS)
                            goto cleanup;
                    }
@@ -351,12 +351,12 @@ krb5_ldap_delete_realm (context, lrealm)
     /* Delete the realm object */
     if ((st=ldap_delete_s(ld, ldap_context->lrparams->realmdn)) != LDAP_SUCCESS) {
        int ost = st;
-        st = translate_ldap_error (st, OP_DEL);
-        krb5_set_error_message (context, st, "Realm Delete FAILED: %s",
+       st = translate_ldap_error (st, OP_DEL);
+       krb5_set_error_message (context, st, "Realm Delete FAILED: %s",
                                ldap_err2string(ost));
     }
 
- cleanup:
+cleanup:
     for (l=0; l < ntree; ++l) {
        if (subtrees[l])
            free (subtrees[l]);
@@ -379,7 +379,7 @@ static int compare (const void *i, const void *j) {
 
 /*
  * Modify the realm attributes in the Directory.
- */ 
+ */
 
 krb5_error_code
 krb5_ldap_modify_realm(context, rparams, mask)
@@ -390,7 +390,7 @@ krb5_ldap_modify_realm(context, rparams, mask)
     LDAP                  *ld=NULL;
     krb5_error_code       st=0;
     char                  *strval[5]={NULL};
-#ifdef HAVE_EDIRECTORY    
+#ifdef HAVE_EDIRECTORY
     char                  **values=NULL;
     char                  **oldkdcservers=NULL, **oldadminservers=NULL, **oldpasswdservers=NULL;
     LDAPMessage           *result=NULL, *ent=NULL;
@@ -405,12 +405,12 @@ krb5_ldap_modify_realm(context, rparams, mask)
 
     if (mask == 0)
        return 0;
-    
+
     if (rparams == NULL) {
        st = EINVAL;
        return st;
     }
-  
+
     SETUP_CONTEXT ();
 
     /* Check validity of arguments */
@@ -454,12 +454,12 @@ krb5_ldap_modify_realm(context, rparams, mask)
      */
     {
        if ((mask & LDAP_REALM_SUPPENCTYPE) && rparams->suppenctypes) {
-           for (i = 0; rparams->suppenctypes [i] != END_OF_LIST; i++){
+           for (i = 0; rparams->suppenctypes [i] != END_OF_LIST; i++) {
            }
            qsort ((void *)rparams->suppenctypes, (unsigned) i, sizeof(krb5_int32), compare);
        }
        if ((mask & LDAP_REALM_SUPPSALTTYPE) && rparams->suppsalttypes) {
-           for (i = 0; rparams->suppenctypes [i] != END_OF_LIST; i++){
+           for (i = 0; rparams->suppenctypes [i] != END_OF_LIST; i++) {
            }
            qsort ((void *)rparams->suppsalttypes, (unsigned) i, sizeof(krb5_int32), compare);
        }
@@ -474,53 +474,53 @@ krb5_ldap_modify_realm(context, rparams, mask)
        }
        memset(strval, 0, sizeof(strval));
        strval[0] = rparams->subtree;
-       if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbsubtree", LDAP_MOD_REPLACE, 
+       if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbsubtree", LDAP_MOD_REPLACE,
                                          strval)) != 0)
            goto cleanup;
     }
 
     /* SEARCHSCOPE ATTRIBUTE */
-    if (mask & LDAP_REALM_SEARCHSCOPE) {            
-       if((st=krb5_add_int_mem_ldap_mod(&mods, "krbsearchscope", LDAP_MOD_REPLACE,
-                                        (rparams->search_scope == LDAP_SCOPE_ONELEVEL 
-                                         || rparams->search_scope == LDAP_SCOPE_SUBTREE) ? 
-                                        rparams->search_scope : LDAP_SCOPE_SUBTREE)) != 0)
+    if (mask & LDAP_REALM_SEARCHSCOPE) {
+       if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbsearchscope", LDAP_MOD_REPLACE,
+                                         (rparams->search_scope == LDAP_SCOPE_ONELEVEL
+                                          || rparams->search_scope == LDAP_SCOPE_SUBTREE) ?
+                                         rparams->search_scope : LDAP_SCOPE_SUBTREE)) != 0)
            goto cleanup;
     }
+
     if (mask & LDAP_REALM_MAXRENEWLIFE) {
 
-           if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbMaxRenewableAge", LDAP_MOD_REPLACE,
-                                           rparams->max_renewable_life)) != 0)
-                   goto cleanup;
+       if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbMaxRenewableAge", LDAP_MOD_REPLACE,
+                                         rparams->max_renewable_life)) != 0)
+           goto cleanup;
     }
 
     /* krbMaxTicketLife ATTRIBUTE */
 
     if (mask & LDAP_REALM_MAXTICKETLIFE) {
 
-           if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbMaxTicketLife", LDAP_MOD_REPLACE,
-                                           rparams->max_life)) != 0)
-                   goto cleanup;
+       if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbMaxTicketLife", LDAP_MOD_REPLACE,
+                                         rparams->max_life)) != 0)
+           goto cleanup;
     }
 
     /* krbTicketFlags ATTRIBUTE */
 
     if (mask & LDAP_REALM_KRBTICKETFLAGS) {
 
-           if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbTicketFlags", LDAP_MOD_REPLACE,
-                                           rparams->tktflags)) != 0)
-                   goto cleanup;
+       if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbTicketFlags", LDAP_MOD_REPLACE,
+                                         rparams->tktflags)) != 0)
+           goto cleanup;
     }
 
+
     /* DEFENCTYPE ATTRIBUTE */
     if (mask & LDAP_REALM_DEFENCTYPE) {
        /* check if the entered enctype is valid */
        if (krb5_c_valid_enctype(rparams->defenctype)) {
 
            /* check if the defenctype exists in the suppenctypes list */
-           for(i = 0; rparams->suppenctypes[i] != END_OF_LIST; ++i)
+           for (i = 0; rparams->suppenctypes[i] != END_OF_LIST; ++i)
                if (rparams->defenctype == rparams->suppenctypes[i])
                    break;
 
@@ -531,8 +531,8 @@ krb5_ldap_modify_realm(context, rparams, mask)
                goto cleanup;
            }
 
-           if((st=krb5_add_int_mem_ldap_mod(&mods, "krbdefaultenctype", LDAP_MOD_REPLACE,
-                                            rparams->defenctype)) != 0)
+           if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbdefaultenctype", LDAP_MOD_REPLACE,
+                                             rparams->defenctype)) != 0)
                goto cleanup;
        } else {
            st = EINVAL;
@@ -544,10 +544,10 @@ krb5_ldap_modify_realm(context, rparams, mask)
     /* DEFSALTTYPE ATTRIBUTE */
     if (mask & LDAP_REALM_DEFSALTTYPE) {
        /* check if the entered salttype is valid */
-       if (rparams->defsalttype>=0 && rparams->defsalttype<6) {    
+       if (rparams->defsalttype>=0 && rparams->defsalttype<6) {
 
            /* check if the defsalttype exists in the suppsalttypes list */
-           for(i = 0; rparams->suppsalttypes[i] != END_OF_LIST; ++i)
+           for (i = 0; rparams->suppsalttypes[i] != END_OF_LIST; ++i)
                if (rparams->defsalttype == rparams->suppsalttypes[i])
                    break;
 
@@ -558,8 +558,8 @@ krb5_ldap_modify_realm(context, rparams, mask)
                goto cleanup;
            }
 
-           if((st=krb5_add_int_mem_ldap_mod(&mods, "krbdefaultsalttype",
-                                            LDAP_MOD_REPLACE, rparams->defsalttype)) != 0)
+           if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbdefaultsalttype",
+                                             LDAP_MOD_REPLACE, rparams->defsalttype)) != 0)
                goto cleanup;
 
        } else {
@@ -577,7 +577,7 @@ krb5_ldap_modify_realm(context, rparams, mask)
            /* check if the salttypes entered is valid */
            if (!(rparams->suppsalttypes[i]>=0 && rparams->suppsalttypes[i]<6)) {
                st = EINVAL;
-                krb5_set_error_message (context, st, "salttype %d not valid", rparams->suppsalttypes[i]);
+               krb5_set_error_message (context, st, "salttype %d not valid", rparams->suppsalttypes[i]);
                goto cleanup;
            }
 
@@ -590,34 +590,34 @@ krb5_ldap_modify_realm(context, rparams, mask)
 
        if (flag == FALSE) { /* Default salt type is not supported */
            st = EINVAL;
-            krb5_set_error_message (context, st, "Default salttype not in the supported list");
+           krb5_set_error_message (context, st, "Default salttype not in the supported list");
            goto cleanup;
        }
        ignore_duplicates(rparams->suppsalttypes);
-    
-       if((st=krb5_add_int_arr_mem_ldap_mod(&mods, "krbsupportedsalttypes",
-                                            LDAP_MOD_REPLACE, rparams->suppsalttypes)) != 0)
-            goto cleanup;
+
+       if ((st=krb5_add_int_arr_mem_ldap_mod(&mods, "krbsupportedsalttypes",
+                                             LDAP_MOD_REPLACE, rparams->suppsalttypes)) != 0)
+           goto cleanup;
     }
-  
+
     /* SUPPENCTYPE ATTRIBUTE */
-    if (mask & LDAP_REALM_SUPPENCTYPE) {     
+    if (mask & LDAP_REALM_SUPPENCTYPE) {
        krb5_boolean flag=FALSE;
 
-       for(i=0; rparams->suppenctypes[i] != END_OF_LIST; ++i) {
+       for (i=0; rparams->suppenctypes[i] != END_OF_LIST; ++i) {
 
            /* check if the enctypes entered is valid */
            if (krb5_c_valid_enctype(rparams->suppenctypes[i]) == 0) {
                st = EINVAL;
-                krb5_set_error_message (context, st, "Enctype %d not valid", rparams->suppenctypes[i]);
+               krb5_set_error_message (context, st, "Enctype %d not valid", rparams->suppenctypes[i]);
                goto cleanup;
            }
 
            /* Ensure that the default encryption type is supported */
            if ((oldmask & LDAP_REALM_DEFENCTYPE ||
-                 mask & LDAP_REALM_DEFENCTYPE) &&
+                mask & LDAP_REALM_DEFENCTYPE) &&
                rparams->defenctype == rparams->suppenctypes[i])
-             flag = TRUE;
+               flag = TRUE;
        }
 
        if (flag == FALSE) { /* Default encryption type is not supported */
@@ -627,9 +627,9 @@ krb5_ldap_modify_realm(context, rparams, mask)
        }
        ignore_duplicates(rparams->suppenctypes);
 
-       if((st=krb5_add_int_arr_mem_ldap_mod(&mods, "krbsupportedenctypes",
-                                            LDAP_MOD_REPLACE, rparams->suppenctypes)) != 0)
-            goto cleanup;
+       if ((st=krb5_add_int_arr_mem_ldap_mod(&mods, "krbsupportedenctypes",
+                                             LDAP_MOD_REPLACE, rparams->suppenctypes)) != 0)
+           goto cleanup;
     }
 
 #ifdef HAVE_EDIRECTORY
@@ -684,7 +684,7 @@ krb5_ldap_modify_realm(context, rparams, mask)
     if (mask & LDAP_REALM_KDCSERVERS || mask & LDAP_REALM_ADMINSERVERS ||
        mask & LDAP_REALM_PASSWDSERVERS) {
        char *servers[] = {"krbKdcServers", "krbAdmServers", "krbPwdServers", NULL};
-    
+
        if ((st= ldap_search_s(ld,
                               rparams->realmdn,
                               LDAP_SCOPE_BASE,
@@ -692,10 +692,10 @@ krb5_ldap_modify_realm(context, rparams, mask)
                               servers,
                               0,
                               &result)) != LDAP_SUCCESS) {
-            st = set_ldap_error (context, st, OP_SEARCH);
+           st = set_ldap_error (context, st, OP_SEARCH);
            goto cleanup;
        }
-    
+
        ent = ldap_first_entry(ld, result);
        if (ent) {
            if ((values=ldap_get_values(ld, ent, "krbKdcServers")) != NULL) {
@@ -725,7 +725,7 @@ krb5_ldap_modify_realm(context, rparams, mask)
 
     /* Realm modify opearation */
     if ((st=ldap_modify_s(ld, rparams->realmdn, mods)) != LDAP_SUCCESS) {
-        st = set_ldap_error (context, st, OP_MOD);
+       st = set_ldap_error (context, st, OP_MOD);
        goto cleanup;
     }
 
@@ -739,109 +739,103 @@ krb5_ldap_modify_realm(context, rparams, mask)
        count = ldap_count_values(rparams->kdcservers);
        if ((st=copy_arrays(rparams->kdcservers, &newkdcservers, count)) != 0)
            goto cleanup;
-       
+
        /* find the deletions and additions to the server list */
        if (oldkdcservers && newkdcservers)
            disjoint_members(oldkdcservers, newkdcservers);
-       
+
        /* delete the krbRealmReferences attribute from the servers that are dis-associated. */
        if (oldkdcservers)
            for (i=0; oldkdcservers[i]; ++i)
-               if ((st=deleteAttribute(ld, oldkdcservers[i], "krbRealmReferences", 
-                                       rparams->realmdn)) != 0)
-               {
+               if ((st=deleteAttribute(ld, oldkdcservers[i], "krbRealmReferences",
+                                       rparams->realmdn)) != 0) {
                    sprintf (errbuf, "Error removing 'krbRealmReferences' from %s: ",
                             oldkdcservers[i]);
-                    prepend_err_str (context, errbuf, st, st);
+                   prepend_err_str (context, errbuf, st, st);
                    goto cleanup;
                }
-    
+
        /* add the krbRealmReferences attribute from the servers that are associated. */
        if (newkdcservers)
            for (i=0; newkdcservers[i]; ++i)
-               if ((st=updateAttribute(ld, newkdcservers[i], "krbRealmReferences", 
-                                       rparams->realmdn)) != 0)
-               {
+               if ((st=updateAttribute(ld, newkdcservers[i], "krbRealmReferences",
+                                       rparams->realmdn)) != 0) {
                    sprintf (errbuf, "Error adding 'krbRealmReferences' to %s: ",
                             newkdcservers[i]);
-                    prepend_err_str (context, errbuf, st, st);
+                   prepend_err_str (context, errbuf, st, st);
                    goto cleanup;
                }
 
        if (newkdcservers)
            ldap_value_free(newkdcservers);
     }
-  
+
     if (mask & LDAP_REALM_ADMINSERVERS) {
        char **newadminservers=NULL;
 
        count = ldap_count_values(rparams->adminservers);
        if ((st=copy_arrays(rparams->adminservers, &newadminservers, count)) != 0)
            goto cleanup;
-       
-        /* find the deletions and additions to the server list */
+
+       /* find the deletions and additions to the server list */
        if (oldadminservers && newadminservers)
            disjoint_members(oldadminservers, newadminservers);
-    
-        /* delete the krbRealmReferences attribute from the servers that are dis-associated. */
+
+       /* delete the krbRealmReferences attribute from the servers that are dis-associated. */
        if (oldadminservers)
            for (i=0; oldadminservers[i]; ++i)
-               if ((st=deleteAttribute(ld, oldadminservers[i], "krbRealmReferences", 
-                                       rparams->realmdn)) != 0)
-               {
+               if ((st=deleteAttribute(ld, oldadminservers[i], "krbRealmReferences",
+                                       rparams->realmdn)) != 0) {
                    sprintf(errbuf, "Error removing 'krbRealmReferences' from "
-                            "%s: ", oldadminservers[i]);
-                    prepend_err_str (context, errbuf, st, st);
+                           "%s: ", oldadminservers[i]);
+                   prepend_err_str (context, errbuf, st, st);
                    goto cleanup;
                }
 
-        /* add the krbRealmReferences attribute from the servers that are associated. */
-       if (newadminservers)  
+       /* add the krbRealmReferences attribute from the servers that are associated. */
+       if (newadminservers)
            for (i=0; newadminservers[i]; ++i)
-               if ((st=updateAttribute(ld, newadminservers[i], "krbRealmReferences", 
-                                       rparams->realmdn)) != 0)
-               {
+               if ((st=updateAttribute(ld, newadminservers[i], "krbRealmReferences",
+                                       rparams->realmdn)) != 0) {
                    sprintf(errbuf, "Error adding 'krbRealmReferences' to %s: ",
-                            newadminservers[i]);
-                    prepend_err_str (context, errbuf, st, st);
+                           newadminservers[i]);
+                   prepend_err_str (context, errbuf, st, st);
                    goto cleanup;
                }
        if (newadminservers)
            ldap_value_free(newadminservers);
     }
-  
+
     if (mask & LDAP_REALM_PASSWDSERVERS) {
        char **newpasswdservers=NULL;
-      
+
        count = ldap_count_values(rparams->passwdservers);
        if ((st=copy_arrays(rparams->passwdservers, &newpasswdservers, count)) != 0)
            goto cleanup;
 
-        /* find the deletions and additions to the server list */
+       /* find the deletions and additions to the server list */
        if (oldpasswdservers && newpasswdservers)
            disjoint_members(oldpasswdservers, newpasswdservers);
 
-        /* delete the krbRealmReferences attribute from the servers that are dis-associated. */   
+       /* delete the krbRealmReferences attribute from the servers that are dis-associated. */
        if (oldpasswdservers)
            for (i=0; oldpasswdservers[i]; ++i)
-               if ((st=deleteAttribute(ld, oldpasswdservers[i], "krbRealmReferences", 
-                                       rparams->realmdn)) != 0)
-               {
+               if ((st=deleteAttribute(ld, oldpasswdservers[i], "krbRealmReferences",
+                                       rparams->realmdn)) != 0) {
                    sprintf(errbuf, "Error removing 'krbRealmReferences' from "
-                            "%s: ", oldpasswdservers[i]);
-                    prepend_err_str (context, errbuf, st, st);
+                           "%s: ", oldpasswdservers[i]);
+                   prepend_err_str (context, errbuf, st, st);
                    goto cleanup;
                }
 
-        /* add the krbRealmReferences attribute from the servers that are associated. */    
+       /* add the krbRealmReferences attribute from the servers that are associated. */
        if (newpasswdservers)
            for (i=0; newpasswdservers[i]; ++i)
-               if ((st=updateAttribute(ld, newpasswdservers[i], "krbRealmReferences", 
-                                       rparams->realmdn)) != 0)
-               {
+               if ((st=updateAttribute(ld, newpasswdservers[i], "krbRealmReferences",
+                                       rparams->realmdn)) != 0) {
                    sprintf(errbuf, "Error adding 'krbRealmReferences' to %s: ",
-                            newpasswdservers[i]);
-                    prepend_err_str (context, errbuf, st, st);
+                           newpasswdservers[i]);
+                   prepend_err_str (context, errbuf, st, st);
                    goto cleanup;
                }
        if (newpasswdservers)
@@ -849,23 +843,23 @@ krb5_ldap_modify_realm(context, rparams, mask)
     }
 #endif
 
- cleanup:
+cleanup:
 
 #ifdef HAVE_EDIRECTORY
     if (oldkdcservers) {
-       for(i=0; oldkdcservers[i]; ++i)
+       for (i=0; oldkdcservers[i]; ++i)
            free(oldkdcservers[i]);
        free(oldkdcservers);
     }
 
     if (oldadminservers) {
-       for(i=0; oldadminservers[i]; ++i)
+       for (i=0; oldadminservers[i]; ++i)
            free(oldadminservers[i]);
        free(oldadminservers);
     }
 
     if (oldpasswdservers) {
-       for(i=0; oldpasswdservers[i]; ++i)
+       for (i=0; oldpasswdservers[i]; ++i)
            free(oldpasswdservers[i]);
        free(oldpasswdservers);
     }
@@ -905,15 +899,15 @@ krb5_ldap_create_krbcontainer(context, krbcontparams)
     GET_HANDLE ();
 
     if (krbcontparams != NULL && krbcontparams->DN != NULL) {
-        kerberoscontdn = krbcontparams->DN;
+       kerberoscontdn = krbcontparams->DN;
     } else {
        /* If the user has not given, use the default cn=Kerberos,cn=Security */
 #ifdef HAVE_EDIRECTORY
-        kerberoscontdn = KERBEROS_CONTAINER;
+       kerberoscontdn = KERBEROS_CONTAINER;
 #else
        st = EINVAL;
        krb5_set_error_message (context, st, "Kerberos Container information is missing");
-        goto cleanup;
+       goto cleanup;
 #endif
     }
 
@@ -925,24 +919,24 @@ krb5_ldap_create_krbcontainer(context, krbcontparams)
     rdns = ldap_explode_dn(kerberoscontdn, 1);
     if (rdns == NULL) {
        st = EINVAL;
-        krb5_set_error_message(context, st, "Invalid Kerberos container DN");
+       krb5_set_error_message(context, st, "Invalid Kerberos container DN");
        goto cleanup;
     }
 
     strval[0] = rdns[0];
     strval[1] = NULL;
     if ((st=krb5_add_str_mem_ldap_mod(&mods, "cn", LDAP_MOD_ADD, strval)) != 0)
-        goto cleanup;
+       goto cleanup;
 
     /* check if the policy reference value exists and is of krbpolicyreference object class */
     if (krbcontparams && krbcontparams->policyreference) {
-       st = checkattributevalue(ld, krbcontparams->policyreference, "objectclass", policyclass, 
+       st = checkattributevalue(ld, krbcontparams->policyreference, "objectclass", policyclass,
                                 &pmask);
        CHECK_CLASS_VALIDITY(st, pmask, "ticket policy object value: ");
 
        strval[0] = krbcontparams->policyreference;
        strval[1] = NULL;
-       if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbpolicyreference", LDAP_MOD_ADD, 
+       if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbpolicyreference", LDAP_MOD_ADD,
                                          strval)) != 0)
            goto cleanup;
     }
@@ -950,10 +944,10 @@ krb5_ldap_create_krbcontainer(context, krbcontparams)
     /* create the kerberos container */
     if ((st = ldap_add_s(ld, kerberoscontdn, mods)) != LDAP_SUCCESS) {
        int ost = st;
-        st = translate_ldap_error (st, OP_ADD);
-        krb5_set_error_message (context, st, "Kerberos Container create FAILED: %s", ldap_err2string(ost));
+       st = translate_ldap_error (st, OP_ADD);
+       krb5_set_error_message (context, st, "Kerberos Container create FAILED: %s", ldap_err2string(ost));
        goto cleanup;
-    } 
+    }
 
 #ifdef HAVE_EDIRECTORY
 
@@ -962,12 +956,11 @@ krb5_ldap_create_krbcontainer(context, krbcontparams)
     mods=NULL;
 
     /* check whether the security container is bound to krbcontainerrefaux object class */
-    if ((st=checkattributevalue(ld, SECURITY_CONTAINER, "objectClass", 
-                               krbContainerRefclass, &crmask)) != 0)
-    {
+    if ((st=checkattributevalue(ld, SECURITY_CONTAINER, "objectClass",
+                               krbContainerRefclass, &crmask)) != 0) {
        prepend_err_str (context, "Security Container read FAILED: ", st, st);
        /* delete Kerberos Container, status ignored intentionally */
-       ldap_delete_s(ld, kerberoscontdn); 
+       ldap_delete_s(ld, kerberoscontdn);
        goto cleanup;
     }
 
@@ -986,15 +979,15 @@ krb5_ldap_create_krbcontainer(context, krbcontparams)
     /* update the security container with krbContainerReference attribute */
     if ((st=ldap_modify_s(ld, SECURITY_CONTAINER, mods)) != LDAP_SUCCESS) {
        int ost = st;
-        st = translate_ldap_error (st, OP_MOD);
+       st = translate_ldap_error (st, OP_MOD);
        krb5_set_error_message (context, st, "Security Container update FAILED: %s", ldap_err2string(ost));
        /* delete Kerberos Container, status ignored intentionally */
-       ldap_delete_s(ld, kerberoscontdn); 
+       ldap_delete_s(ld, kerberoscontdn);
        goto cleanup;
     }
 #endif
 
- cleanup:
+cleanup:
 
     if (rdns)
        ldap_value_free (rdns);
@@ -1006,7 +999,7 @@ krb5_ldap_create_krbcontainer(context, krbcontparams)
 
 
 /*
- * Create Realm in eDirectory. This is used by kdb5_util 
+ * Create Realm in eDirectory. This is used by kdb5_util
  */
 
 krb5_error_code
@@ -1051,7 +1044,7 @@ krb5_ldap_create_realm(context, rparams, mask)
     }
 
     if (ldap_context->krbcontainer == NULL) {
-       if ((st = krb5_ldap_read_krbcontainer_params(context, 
+       if ((st = krb5_ldap_read_krbcontainer_params(context,
                                                     &(ldap_context->krbcontainer))) != 0)
            goto cleanup;
     }
@@ -1064,12 +1057,12 @@ krb5_ldap_create_realm(context, rparams, mask)
     dn = malloc(strlen("cn=") + strlen(realm_name) + strlen(ldap_context->krbcontainer->DN) + 2);
     CHECK_NULL(dn);
     sprintf(dn, "cn=%s,%s", realm_name, ldap_context->krbcontainer->DN);
-  
+
     strval[0] = realm_name;
     strval[1] = NULL;
     if ((st=krb5_add_str_mem_ldap_mod(&mods, "cn", LDAP_MOD_ADD, strval)) != 0)
        goto cleanup;
-    
+
     strval[0] = "top";
     strval[1] = "krbrealmcontainer";
     strval[2] = "krbpolicyaux";
@@ -1077,53 +1070,53 @@ krb5_ldap_create_realm(context, rparams, mask)
 
     if ((st=krb5_add_str_mem_ldap_mod(&mods, "objectclass", LDAP_MOD_ADD, strval)) != 0)
        goto cleanup;
-  
+
     /* SUBTREE ATTRIBUTE */
     if (mask & LDAP_REALM_SUBTREE) {
        if (strlen(rparams->subtree) != 0) {
-           st = checkattributevalue(ld, rparams->subtree, "Objectclass", subtreeclass, 
+           st = checkattributevalue(ld, rparams->subtree, "Objectclass", subtreeclass,
                                     &objectmask);
            CHECK_CLASS_VALIDITY(st, objectmask, "realm object value: ");
 
        }
        strval[0] = rparams->subtree;
        strval[1] = NULL;
-       if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbsubtree", LDAP_MOD_ADD, 
+       if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbsubtree", LDAP_MOD_ADD,
                                          strval)) != 0)
            goto cleanup;
     }
 
     /* SEARCHSCOPE ATTRIBUTE */
     if (mask & LDAP_REALM_SEARCHSCOPE) {
-        if((st=krb5_add_int_mem_ldap_mod(&mods, "krbsearchscope", LDAP_MOD_ADD,
-                                         (rparams->search_scope == LDAP_SCOPE_ONELEVEL
-                                         || rparams->search_scope == LDAP_SCOPE_SUBTREE) ? 
-                                        rparams->search_scope : LDAP_SCOPE_SUBTREE)) != 0)
-            goto cleanup;
+       if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbsearchscope", LDAP_MOD_ADD,
+                                         (rparams->search_scope == LDAP_SCOPE_ONELEVEL
+                                          || rparams->search_scope == LDAP_SCOPE_SUBTREE) ?
+                                         rparams->search_scope : LDAP_SCOPE_SUBTREE)) != 0)
+           goto cleanup;
     }
     if (mask & LDAP_REALM_MAXRENEWLIFE) {
 
-           if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbMaxRenewableAge", LDAP_MOD_ADD,
-                                           rparams->max_renewable_life)) != 0)
-                   goto cleanup;
+       if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbMaxRenewableAge", LDAP_MOD_ADD,
+                                         rparams->max_renewable_life)) != 0)
+           goto cleanup;
     }
 
     /* krbMaxTicketLife ATTRIBUTE */
 
     if (mask & LDAP_REALM_MAXTICKETLIFE) {
 
-           if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbMaxTicketLife", LDAP_MOD_ADD,
-                                           rparams->max_life)) != 0)
-                   goto cleanup;
+       if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbMaxTicketLife", LDAP_MOD_ADD,
+                                         rparams->max_life)) != 0)
+           goto cleanup;
     }
 
     /* krbTicketFlags ATTRIBUTE */
 
     if (mask & LDAP_REALM_KRBTICKETFLAGS) {
 
-           if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbTicketFlags", LDAP_MOD_ADD,
-                                           rparams->tktflags)) != 0)
-                   goto cleanup;
+       if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbTicketFlags", LDAP_MOD_ADD,
+                                         rparams->tktflags)) != 0)
+           goto cleanup;
     }
 
 
@@ -1134,19 +1127,19 @@ krb5_ldap_create_realm(context, rparams, mask)
 
            /* check if the defenctype exists in the suppenctypes list */
            if (mask & LDAP_REALM_SUPPENCTYPE) {
-               for(i=0; rparams->suppenctypes[i] != END_OF_LIST; ++i)
+               for (i=0; rparams->suppenctypes[i] != END_OF_LIST; ++i)
                    if (rparams->defenctype == rparams->suppenctypes[i])
                        break;
-               
+
                if (rparams->suppenctypes[i] == END_OF_LIST) {
                    st = EINVAL;
                    krb5_set_error_message (context, st, "Default enctype not in the "
-                                         "supported list");
+                                           "supported list");
                    goto cleanup;
                }
            }
-           if((st=krb5_add_int_mem_ldap_mod(&mods, "krbdefaultenctype", LDAP_MOD_ADD,
-                                            rparams->defenctype)) != 0)
+           if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbdefaultenctype", LDAP_MOD_ADD,
+                                             rparams->defenctype)) != 0)
                goto cleanup;
        } else {
            st = EINVAL;
@@ -1162,20 +1155,20 @@ krb5_ldap_create_realm(context, rparams, mask)
 
            /* check if the defsalttype exists in the suppsalttypes list */
            if (mask & LDAP_REALM_SUPPSALTTYPE) {
-               for(i=0; rparams->suppsalttypes[i] != END_OF_LIST; ++i)
+               for (i=0; rparams->suppsalttypes[i] != END_OF_LIST; ++i)
                    if (rparams->defsalttype == rparams->suppsalttypes[i])
                        break;
-               
+
                if (rparams->suppsalttypes[i] == END_OF_LIST) {
                    st = EINVAL;
                    krb5_set_error_message (context, st,
-                           "Default salttype not in the supported list");
+                                           "Default salttype not in the supported list");
                    goto cleanup;
                }
            }
 
-           if((st=krb5_add_int_mem_ldap_mod(&mods, "krbdefaultsalttype", LDAP_MOD_ADD,
-                                            rparams->defsalttype)) != 0)
+           if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbdefaultsalttype", LDAP_MOD_ADD,
+                                             rparams->defsalttype)) != 0)
                goto cleanup;
        } else {
            st = EINVAL;
@@ -1186,49 +1179,49 @@ krb5_ldap_create_realm(context, rparams, mask)
 
     /* SUPPORTEDSALTTYPE ATTRIBUTE */
     if (mask & LDAP_REALM_SUPPSALTTYPE) {
-       for(i=0; rparams->suppsalttypes[i] != END_OF_LIST; ++i) {
+       for (i=0; rparams->suppsalttypes[i] != END_OF_LIST; ++i) {
            /* check if the salttypes entered is valid */
            if (!(rparams->suppsalttypes[i]>=0 && rparams->suppsalttypes[i]<6)) {
                st = EINVAL;
-                krb5_set_error_message (context, st, "Salttype %d not valid",
+               krb5_set_error_message (context, st, "Salttype %d not valid",
                                        rparams->suppsalttypes[i]);
                goto cleanup;
            }
        }
        ignore_duplicates(rparams->suppsalttypes);
 
-       if((st=krb5_add_int_arr_mem_ldap_mod(&mods, "krbsupportedsalttypes", LDAP_MOD_ADD,
-                                            rparams->suppsalttypes)) != 0)
+       if ((st=krb5_add_int_arr_mem_ldap_mod(&mods, "krbsupportedsalttypes", LDAP_MOD_ADD,
+                                             rparams->suppsalttypes)) != 0)
            goto cleanup;
     } else {
        /* set all the salt types as the suppsalttypes */
-       if((st=krb5_add_int_arr_mem_ldap_mod(&mods, "krbsupportedsalttypes", LDAP_MOD_ADD,
-                                            supportedsalttypes)) != 0)
-           goto cleanup;           
+       if ((st=krb5_add_int_arr_mem_ldap_mod(&mods, "krbsupportedsalttypes", LDAP_MOD_ADD,
+                                             supportedsalttypes)) != 0)
+           goto cleanup;
     }
 
     /* SUPPORTEDENCTYPE ATTRIBUTE */
     if (mask & LDAP_REALM_SUPPENCTYPE) {
-       for(i=0; rparams->suppenctypes[i] != -1; ++i) {
+       for (i=0; rparams->suppenctypes[i] != -1; ++i) {
 
-            /* check if the enctypes entered is valid */
+           /* check if the enctypes entered is valid */
            if (krb5_c_valid_enctype(rparams->suppenctypes[i]) == 0) {
                st = EINVAL;
-                krb5_set_error_message (context, st, "Enctype %d not valid",
+               krb5_set_error_message (context, st, "Enctype %d not valid",
                                        rparams->suppenctypes[i]);
                goto cleanup;
            }
        }
        ignore_duplicates(rparams->suppenctypes);
 
-        if((st=krb5_add_int_arr_mem_ldap_mod(&mods, "krbsupportedenctypes", LDAP_MOD_ADD,
-                                             rparams->suppenctypes)) != 0)
-            goto cleanup;
+       if ((st=krb5_add_int_arr_mem_ldap_mod(&mods, "krbsupportedenctypes", LDAP_MOD_ADD,
+                                             rparams->suppenctypes)) != 0)
+           goto cleanup;
     } else {
        /* set all the enc types as the suppenctypes */
-        if((st=krb5_add_int_arr_mem_ldap_mod(&mods, "krbsupportedenctypes", LDAP_MOD_ADD,
-                                             supportedenctypes)) != 0)
-            goto cleanup;
+       if ((st=krb5_add_int_arr_mem_ldap_mod(&mods, "krbsupportedenctypes", LDAP_MOD_ADD,
+                                             supportedenctypes)) != 0)
+           goto cleanup;
     }
 
 #ifdef HAVE_EDIRECTORY
@@ -1281,29 +1274,27 @@ krb5_ldap_create_realm(context, rparams, mask)
 
     /* realm creation operation */
     if ((st=ldap_add_s(ld, dn, mods)) != LDAP_SUCCESS) {
-        st = set_ldap_error (context, st, OP_ADD);
+       st = set_ldap_error (context, st, OP_ADD);
        goto cleanup;
     }
 
 #ifdef HAVE_EDIRECTORY
     if (mask & LDAP_REALM_KDCSERVERS)
        for (i=0; rparams->kdcservers[i]; ++i)
-           if ((st=updateAttribute(ld, rparams->kdcservers[i], "krbRealmReferences", dn)) != 0)
-           {
+           if ((st=updateAttribute(ld, rparams->kdcservers[i], "krbRealmReferences", dn)) != 0) {
                sprintf(errbuf, "Error adding 'krbRealmReferences' to %s: ",
-                        rparams->kdcservers[i]);
-                prepend_err_str (context, errbuf, st, st);
+                       rparams->kdcservers[i]);
+               prepend_err_str (context, errbuf, st, st);
                /* delete Realm, status ignored intentionally */
                ldap_delete_s(ld, dn);
                goto cleanup;
            }
-  
+
     if (mask & LDAP_REALM_ADMINSERVERS)
        for (i=0; rparams->adminservers[i]; ++i)
-           if ((st=updateAttribute(ld, rparams->adminservers[i], "krbRealmReferences", dn)) != 0)
-           {
+           if ((st=updateAttribute(ld, rparams->adminservers[i], "krbRealmReferences", dn)) != 0) {
                sprintf(errbuf, "Error adding 'krbRealmReferences' to %s: ",
-                        rparams->adminservers[i]);
+                       rparams->adminservers[i]);
                prepend_err_str (context, errbuf, st, st);
                /* delete Realm, status ignored intentionally */
                ldap_delete_s(ld, dn);
@@ -1312,18 +1303,17 @@ krb5_ldap_create_realm(context, rparams, mask)
 
     if (mask & LDAP_REALM_PASSWDSERVERS)
        for (i=0; rparams->passwdservers[i]; ++i)
-           if ((st=updateAttribute(ld, rparams->passwdservers[i], "krbRealmReferences", dn)) != 0)
-           {
+           if ((st=updateAttribute(ld, rparams->passwdservers[i], "krbRealmReferences", dn)) != 0) {
                sprintf(errbuf, "Error adding 'krbRealmReferences' to %s: ",
-                        rparams->passwdservers[i]);
-                prepend_err_str (context, errbuf, st, st);
+                       rparams->passwdservers[i]);
+               prepend_err_str (context, errbuf, st, st);
                /* delete Realm, status ignored intentionally */
                ldap_delete_s(ld, dn);
                goto cleanup;
            }
 #endif
 
- cleanup:
+cleanup:
 
     if (dn)
        free(dn);
@@ -1348,7 +1338,7 @@ krb5_ldap_read_realm_params(context, lrealm, rlparamp, mask)
     unsigned int           i=0, /* masklen=4, */ count=0;
     krb5_error_code        st=0, tempst=0;
     LDAP                   *ld=NULL;
-    LDAPMessage            *result=NULL,*ent=NULL;  
+    LDAPMessage            *result=NULL,*ent=NULL;
     krb5_ldap_realm_params *rlparams=NULL;
     kdb5_dal_handle        *dal_handle=NULL;
     krb5_ldap_context      *ldap_context=NULL;
@@ -1366,7 +1356,7 @@ krb5_ldap_read_realm_params(context, lrealm, rlparamp, mask)
 
     /* read kerberos container, if not read already */
     if (ldap_context->krbcontainer == NULL) {
-       if ((st = krb5_ldap_read_krbcontainer_params(context, 
+       if ((st = krb5_ldap_read_krbcontainer_params(context,
                                                     &(ldap_context->krbcontainer))) != 0)
            goto cleanup;
     }
@@ -1386,10 +1376,10 @@ krb5_ldap_read_realm_params(context, lrealm, rlparamp, mask)
     }
     memset((char *) rlparams->tl_data, 0, sizeof(krb5_tl_data));
     rlparams->tl_data->tl_data_type = KDB_TL_USER_INFO;
-  
+
     /* set the mask parameter to 0 */
     *mask = 0;
-    
+
     /* set default values */
     rlparams->search_scope = LDAP_SCOPE_SUBTREE;
 
@@ -1401,7 +1391,7 @@ krb5_ldap_read_realm_params(context, lrealm, rlparamp, mask)
        goto cleanup;
     }
     sprintf(rlparams->realmdn, "cn=%s,%s", lrealm, krbcontDN);
-  
+
     /* populate the realm name in the structure */
     rlparams->realm_name = strdup(lrealm);
     CHECK_NULL(rlparams->realm_name);
@@ -1420,44 +1410,44 @@ krb5_ldap_read_realm_params(context, lrealm, rlparamp, mask)
     /* Read the attributes */
     {
 
-       if((values=ldap_get_values(ld, ent, "krbSubTree")) != NULL) {
+       if ((values=ldap_get_values(ld, ent, "krbSubTree")) != NULL) {
            rlparams->subtree = strdup(values[0]);
-           if(rlparams->subtree==NULL) {
+           if (rlparams->subtree==NULL) {
                st = ENOMEM;
                goto cleanup;
            }
            *mask |= LDAP_REALM_SUBTREE;
            ldap_value_free(values);
-       } 
+       }
 
-       if((values=ldap_get_values(ld, ent, "krbSearchScope")) != NULL) {
+       if ((values=ldap_get_values(ld, ent, "krbSearchScope")) != NULL) {
            rlparams->search_scope=atoi(values[0]);
            /* searchscope can be ONE-LEVEL or SUBTREE, else default to SUBTREE */
            if (!(rlparams->search_scope==1 || rlparams->search_scope==2))
                rlparams->search_scope = LDAP_SCOPE_SUBTREE;
            *mask |= LDAP_REALM_SEARCHSCOPE;
            ldap_value_free(values);
-       }  
+       }
 
-       if((values=ldap_get_values(ld, ent, "krbMaxTicketLife")) != NULL) {
+       if ((values=ldap_get_values(ld, ent, "krbMaxTicketLife")) != NULL) {
            rlparams->max_life = atoi(values[0]);
            *mask |= LDAP_REALM_MAXTICKETLIFE;
            ldap_value_free(values);
-       }  
+       }
 
-       if((values=ldap_get_values(ld, ent, "krbMaxRenewableAge")) != NULL) {
+       if ((values=ldap_get_values(ld, ent, "krbMaxRenewableAge")) != NULL) {
            rlparams->max_renewable_life = atoi(values[0]);
            *mask |= LDAP_REALM_MAXRENEWLIFE;
            ldap_value_free(values);
-       }  
+       }
 
-       if((values=ldap_get_values(ld, ent, "krbTicketFlags")) != NULL) {
+       if ((values=ldap_get_values(ld, ent, "krbTicketFlags")) != NULL) {
            rlparams->tktflags = atoi(values[0]);
            *mask |= LDAP_REALM_KRBTICKETFLAGS;
            ldap_value_free(values);
        }
 
-       if((values=ldap_get_values(ld, ent, "krbDefaultEncType")) != NULL) {
+       if ((values=ldap_get_values(ld, ent, "krbDefaultEncType")) != NULL) {
            rlparams->defenctype = atoi(values[0]);
            if (krb5_c_valid_enctype(rlparams->defenctype) == 0)
                rlparams->defenctype = ENCTYPE_DES3_CBC_SHA1;
@@ -1465,35 +1455,35 @@ krb5_ldap_read_realm_params(context, lrealm, rlparamp, mask)
            ldap_value_free(values);
        }
 
-       if((values=ldap_get_values(ld, ent, "krbDefaultSaltType")) != NULL) {
+       if ((values=ldap_get_values(ld, ent, "krbDefaultSaltType")) != NULL) {
            rlparams->defsalttype = atoi(values[0]);
            if (!(rlparams->defsalttype>=0 && rlparams->defsalttype<6))
                rlparams->defsalttype = KRB5_KDB_SALTTYPE_NORMAL;
            *mask |= LDAP_REALM_DEFSALTTYPE;
            ldap_value_free(values);
        }
-       if((values=ldap_get_values(ld, ent, "krbSupportedEncTypes")) != NULL) {
+       if ((values=ldap_get_values(ld, ent, "krbSupportedEncTypes")) != NULL) {
            count = ldap_count_values(values);
-           rlparams->suppenctypes = malloc (sizeof(krb5_int32) * (count + 1)); 
+           rlparams->suppenctypes = malloc (sizeof(krb5_int32) * (count + 1));
            if (rlparams->suppenctypes == NULL) {
                st = ENOMEM;
                goto cleanup;
            }
-           for(i=0; i<count; ++i)
+           for (i=0; i<count; ++i)
                rlparams->suppenctypes[i] = atoi(values[i]);
            rlparams->suppenctypes[count] = -1;
            *mask |= LDAP_REALM_SUPPENCTYPE;
            ldap_value_free(values);
        }
 
-       if((values=ldap_get_values(ld, ent, "krbSupportedSaltTypes")) != NULL) {
+       if ((values=ldap_get_values(ld, ent, "krbSupportedSaltTypes")) != NULL) {
            count = ldap_count_values(values);
-           rlparams->suppsalttypes =  malloc (sizeof(krb5_int32) * (count + 1)); 
+           rlparams->suppsalttypes =  malloc (sizeof(krb5_int32) * (count + 1));
            if (rlparams->suppsalttypes == NULL) {
                st = ENOMEM;
                goto cleanup;
            }
-           for(i=0; i<count; ++i)
+           for (i=0; i<count; ++i)
                rlparams->suppsalttypes[i] = atoi(values[i]);
            rlparams->suppsalttypes[count] = -1;
            *mask |= LDAP_REALM_SUPPSALTTYPE;
@@ -1502,7 +1492,7 @@ krb5_ldap_read_realm_params(context, lrealm, rlparamp, mask)
 
 #ifdef HAVE_EDIRECTORY
 
-       if((values=ldap_get_values(ld, ent, "krbKdcServers")) != NULL) {
+       if ((values=ldap_get_values(ld, ent, "krbKdcServers")) != NULL) {
            count = ldap_count_values(values);
            if ((st=copy_arrays(values, &(rlparams->kdcservers), (int) count)) != 0)
                goto cleanup;
@@ -1510,15 +1500,15 @@ krb5_ldap_read_realm_params(context, lrealm, rlparamp, mask)
            ldap_value_free(values);
        }
 
-       if((values=ldap_get_values(ld, ent, "krbAdmServers")) != NULL) {
+       if ((values=ldap_get_values(ld, ent, "krbAdmServers")) != NULL) {
            count = ldap_count_values(values);
            if ((st=copy_arrays(values, &(rlparams->adminservers), (int) count)) != 0)
                goto cleanup;
            *mask |= LDAP_REALM_ADMINSERVERS;
            ldap_value_free(values);
-       }    
+       }
 
-       if((values=ldap_get_values(ld, ent, "krbPwdServers")) != NULL) {
+       if ((values=ldap_get_values(ld, ent, "krbPwdServers")) != NULL) {
            count = ldap_count_values(values);
            if ((st=copy_arrays(values, &(rlparams->passwdservers), (int) count)) != 0)
                goto cleanup;
@@ -1532,56 +1522,56 @@ krb5_ldap_read_realm_params(context, lrealm, rlparamp, mask)
     /*
      * If all of maxtktlife, maxrenewlife and ticketflags are not directly
      * available, use the policy dn from the policy reference attribute, if
-     * available, to fetch the missing. 
+     * available, to fetch the missing.
      */
 
-    if ((!(*mask & LDAP_REALM_MAXTICKETLIFE && *mask & LDAP_REALM_MAXRENEWLIFE && 
+    if ((!(*mask & LDAP_REALM_MAXTICKETLIFE && *mask & LDAP_REALM_MAXRENEWLIFE &&
           *mask & LDAP_REALM_KRBTICKETFLAGS)) && rlparams->policyreference) {
 
        LDAP_SEARCH_1(rlparams->policyreference, LDAP_SCOPE_BASE, NULL, policy_attributes, IGNORE_STATUS);
        if (st != LDAP_SUCCESS && st != LDAP_NO_SUCH_OBJECT) {
-               int ost = st;
-               st = translate_ldap_error (st, OP_SEARCH);
-               krb5_set_error_message (context, st, "Policy object read failed: %s", ldap_err2string(ost));
+           int ost = st;
+           st = translate_ldap_error (st, OP_SEARCH);
+           krb5_set_error_message (context, st, "Policy object read failed: %s", ldap_err2string(ost));
            goto cleanup;
        }
        ent = ldap_first_entry (ld, result);
        if (ent != NULL) {
            if ((*mask & LDAP_REALM_MAXTICKETLIFE) == 0) {
-               if((values=ldap_get_values(ld, ent, "krbmaxticketlife")) != NULL) {
+               if ((values=ldap_get_values(ld, ent, "krbmaxticketlife")) != NULL) {
                    rlparams->max_life = atoi(values[0]);
-                   *mask |= LDAP_REALM_MAXTICKETLIFE;                  
+                   *mask |= LDAP_REALM_MAXTICKETLIFE;
                    ldap_value_free(values);
                }
            }
-           
+
            if ((*mask & LDAP_REALM_MAXRENEWLIFE) == 0) {
-               if((values=ldap_get_values(ld, ent, "krbmaxrenewableage")) != NULL) {
+               if ((values=ldap_get_values(ld, ent, "krbmaxrenewableage")) != NULL) {
                    rlparams->max_renewable_life = atoi(values[0]);
-                   *mask |= LDAP_REALM_MAXRENEWLIFE;                   
+                   *mask |= LDAP_REALM_MAXRENEWLIFE;
                    ldap_value_free(values);
                }
            }
 
            if ((*mask & LDAP_REALM_KRBTICKETFLAGS) == 0) {
-               if((values=ldap_get_values(ld, ent, "krbticketflags")) != NULL) {
+               if ((values=ldap_get_values(ld, ent, "krbticketflags")) != NULL) {
                    rlparams->tktflags = atoi(values[0]);
-                   *mask |= LDAP_REALM_KRBTICKETFLAGS;                 
+                   *mask |= LDAP_REALM_KRBTICKETFLAGS;
                    ldap_value_free(values);
                }
            }
        }
        ldap_msgfree(result);
     }
-       
+
     rlparams->mask = *mask;
     *rlparamp = rlparams;
     st = store_tl_data(rlparams->tl_data, KDB_TL_MASK, mask);
 
- cleanup:
+cleanup:
 
     /* if there is an error, free allocated structures */
-    if(st != 0) {
+    if (st != 0) {
        krb5_ldap_free_realm_params(rlparams);
        *rlparamp=NULL;
     }
@@ -1593,13 +1583,13 @@ krb5_ldap_read_realm_params(context, lrealm, rlparamp, mask)
 /*
   Free the krb5_ldap_realm_params.
 */
-void 
+void
 krb5_ldap_free_realm_params(rparams)
     krb5_ldap_realm_params *rparams;
 {
     int i=0;
-    
-    if(rparams) {  
+
+    if (rparams) {
        if (rparams->realmdn)
            free(rparams->realmdn);
 
@@ -1608,26 +1598,26 @@ krb5_ldap_free_realm_params(rparams)
 
        if (rparams->subtree)
            krb5_xfree(rparams->subtree);
-       
+
        if (rparams->suppenctypes)
-               krb5_xfree(rparams->suppenctypes);
+           krb5_xfree(rparams->suppenctypes);
 
        if (rparams->suppsalttypes)
            krb5_xfree(rparams->suppsalttypes);
 
-       if (rparams->kdcservers){
+       if (rparams->kdcservers) {
            for (i=0; rparams->kdcservers[i]; ++i)
                krb5_xfree(rparams->kdcservers[i]);
            krb5_xfree(rparams->kdcservers);
        }
 
-       if (rparams->adminservers){
+       if (rparams->adminservers) {
            for (i=0; rparams->adminservers[i]; ++i)
                krb5_xfree(rparams->adminservers[i]);
            krb5_xfree(rparams->adminservers);
        }
 
-       if (rparams->passwdservers){
+       if (rparams->passwdservers) {
            for (i=0; rparams->passwdservers[i]; ++i)
                krb5_xfree(rparams->passwdservers[i]);
            krb5_xfree(rparams->passwdservers);
@@ -1643,7 +1633,7 @@ krb5_ldap_free_realm_params(rparams)
            memset(rparams->mkey.contents, 0, rparams->mkey.length);
            krb5_xfree(rparams->mkey.contents);
        }
-       
+
        krb5_xfree(rparams);
     }
     return;
@@ -1655,7 +1645,7 @@ krb5_error_code
 krb5_ldap_create_realm_1(krb5_context kcontext, char *conf_section, char **db_args)
 {
     krb5_error_code status = KRB5_PLUGIN_OP_NOTSUPP;
-    krb5_set_error_message( kcontext, status, "LDAP %s", error_message( status ) );
+    krb5_set_error_message(kcontext, status, "LDAP %s", error_message(status));
     return status;
 }
 
@@ -1663,6 +1653,6 @@ krb5_error_code
 krb5_ldap_delete_realm_1(krb5_context kcontext, char *conf_section, char **db_args)
 {
     krb5_error_code status = KRB5_PLUGIN_OP_NOTSUPP;
-    krb5_set_error_message( kcontext, status, "LDAP %s", error_message( status ) );
+    krb5_set_error_message(kcontext, status, "LDAP %s", error_message(status));
     return status;
 }
index 296e36d2dc5bc0d1e443f3e4c19480d6ef0f23a1..01045ce32a6167f1a6c95054b0a0aec2f9d06542 100644 (file)
@@ -222,7 +222,7 @@ static char *adminrights_realmcontainer[][2]={
     {"6#subtree#","#DetectIntruder"},
     {"6#subtree#","#LockoutAfterDetection"},
     {"2#subtree#","#LockedByIntruder"},
-    {"6#subtree#","#Surname"}, 
+    {"6#subtree#","#Surname"},
     {"6#subtree#","#krbPwdHistoryLength"},
     {"6#subtree#","#krbMinPwdLife"},
     {"6#subtree#","#krbMaxPwdLife"},
@@ -280,20 +280,20 @@ static char *kerberos_container[][2] = {
 };
 
 
-/* 
+/*
  * This will set the rights for the Kerberos service objects.
  * The function will read the subtree attribute from the specified
  * realm name and will the appropriate rights on both the realm
- * container and the subtree. The kerberos context passed should 
+ * container and the subtree. The kerberos context passed should
  * have a valid ldap handle, with appropriate rights to write acl
- * attributes. 
- * 
+ * attributes.
+ *
  * krb5_context - IN The Kerberos context with valid ldap handle
  *
  */
 
-krb5_error_code 
-krb5_ldap_add_service_rights( context, servicetype, serviceobjdn, realmname, subtreeparam, mask)
+krb5_error_code
+krb5_ldap_add_service_rights(context, servicetype, serviceobjdn, realmname, subtreeparam, mask)
     krb5_context       context;
     int                 servicetype;
     char                *serviceobjdn;
@@ -301,7 +301,7 @@ krb5_ldap_add_service_rights( context, servicetype, serviceobjdn, realmname, sub
     char                *subtreeparam;
     int                 mask;
 {
-    
+
     int                    st=0,i=0;
     char                   *realmacls[2]={NULL}, *subtreeacls[2]={NULL}, *seccontacls[2]={NULL}, *krbcontacls[2]={NULL};
     LDAP                   *ld;
@@ -311,43 +311,43 @@ krb5_ldap_add_service_rights( context, servicetype, serviceobjdn, realmname, sub
     kdb5_dal_handle        *dal_handle=NULL;
     krb5_ldap_context      *ldap_context=NULL;
     krb5_ldap_server_handle *ldap_server_handle=NULL;
-    
+
     SETUP_CONTEXT();
     GET_HANDLE();
 
-    if ((serviceobjdn == NULL) || (realmname == NULL) || (servicetype < 0) || (servicetype > 4) 
-        || (ldap_context->krbcontainer->DN == NULL) ) {
+    if ((serviceobjdn == NULL) || (realmname == NULL) || (servicetype < 0) || (servicetype > 4)
+       || (ldap_context->krbcontainer->DN == NULL)) {
        st=-1;
        goto cleanup;
     }
-    
+
     /* If the subtree is null, set the value to root */
-    if(subtreeparam== NULL)
+    if (subtreeparam== NULL)
        subtree=strdup("");
     else
        subtree=strdup(subtreeparam);
-    
-    if( subtree == NULL ) {
+
+    if (subtree == NULL) {
        st = ENOMEM;
        goto cleanup;
     }
-      
+
     /* Set the rights for the service object on the security container */
     seccontclass.mod_op = LDAP_MOD_ADD;
     seccontclass.mod_type = "ACL";
-    
+
     for (i=0; strcmp(security_container[i][0], "") != 0; i++) {
 
-       seccontacls[0] = (char *)malloc( strlen(security_container[i][0]) + 
-                                      strlen(serviceobjdn) + 
-                                      strlen(security_container[i][1]) + 1);
+       seccontacls[0] = (char *)malloc(strlen(security_container[i][0]) +
+                                       strlen(serviceobjdn) +
+                                       strlen(security_container[i][1]) + 1);
 
-       sprintf( seccontacls[0], "%s%s%s", security_container[i][0], serviceobjdn, 
-                security_container[i][1]);
+       sprintf(seccontacls[0], "%s%s%s", security_container[i][0], serviceobjdn,
+               security_container[i][1]);
        seccontclass.mod_values = seccontacls;
-       
+
        seccontarr[0] = &seccontclass;
-       
+
        st = ldap_modify_ext_s(ld,
                               SECURITY_CONTAINER,
                               seccontarr,
@@ -355,26 +355,26 @@ krb5_ldap_add_service_rights( context, servicetype, serviceobjdn, realmname, sub
                               NULL);
        if (st != LDAP_SUCCESS && st != LDAP_TYPE_OR_VALUE_EXISTS && st != LDAP_OTHER) {
            free(seccontacls[0]);
-            st = set_ldap_error (context, st, OP_MOD);
+           st = set_ldap_error (context, st, OP_MOD);
            goto cleanup;
        }
        free(seccontacls[0]);
     }
-    
+
 
     /* Set the rights for the service object on the kerberos container */
     krbcontclass.mod_op = LDAP_MOD_ADD;
     krbcontclass.mod_type = "ACL";
-    
+
     for (i=0; strcmp(kerberos_container[i][0], "") != 0; i++) {
-       krbcontacls[0] = (char *)malloc( strlen(kerberos_container[i][0]) + strlen(serviceobjdn) 
-                                      + strlen(kerberos_container[i][1]) + 1);
-       sprintf(krbcontacls[0], "%s%s%s", kerberos_container[i][0], serviceobjdn, 
-                kerberos_container[i][1]);
+       krbcontacls[0] = (char *)malloc(strlen(kerberos_container[i][0]) + strlen(serviceobjdn)
+                                       + strlen(kerberos_container[i][1]) + 1);
+       sprintf(krbcontacls[0], "%s%s%s", kerberos_container[i][0], serviceobjdn,
+               kerberos_container[i][1]);
        krbcontclass.mod_values = krbcontacls;
-       
+
        krbcontarr[0] = &krbcontclass;
-       
+
        st = ldap_modify_ext_s(ld,
                               ldap_context->krbcontainer->DN,
                               krbcontarr,
@@ -382,34 +382,34 @@ krb5_ldap_add_service_rights( context, servicetype, serviceobjdn, realmname, sub
                               NULL);
        if (st != LDAP_SUCCESS && st != LDAP_TYPE_OR_VALUE_EXISTS && st != LDAP_OTHER) {
            free(krbcontacls[0]);
-            st = set_ldap_error (context, st, OP_MOD);
+           st = set_ldap_error (context, st, OP_MOD);
            goto cleanup;
        }
        free(krbcontacls[0]);
     }
-    
+
     /* Set the rights for the realm */
     if (mask & LDAP_REALM_RIGHTS) {
-       
+
        /* Construct the realm dn from realm name */
-       realmdn = (char * )malloc(strlen("cn=") + strlen(realmname) + 
-                               strlen(ldap_context->krbcontainer->DN) + 2);
+       realmdn = (char *)malloc(strlen("cn=") + strlen(realmname) +
+                                strlen(ldap_context->krbcontainer->DN) + 2);
        sprintf(realmdn,"cn=%s,%s", realmname, ldap_context->krbcontainer->DN);
 
        realmclass.mod_op = LDAP_MOD_ADD;
        realmclass.mod_type = "ACL";
-       
+
        if (servicetype == LDAP_KDC_SERVICE) {
-           for (i=0; strcmp(kdcrights_realmcontainer[i][0], "") != 0; i++) {
-               realmacls[0] = (char *)malloc(strlen(kdcrights_realmcontainer[i][0]) 
-                                            + strlen(serviceobjdn) + 
-                                            strlen(kdcrights_realmcontainer[i][1]) + 1);
-               sprintf(realmacls[0], "%s%s%s", kdcrights_realmcontainer[i][0], serviceobjdn, 
+           for (i=0; strcmp(kdcrights_realmcontainer[i][0], "") != 0; i++) {
+               realmacls[0] = (char *)malloc(strlen(kdcrights_realmcontainer[i][0])
+                                             + strlen(serviceobjdn) +
+                                             strlen(kdcrights_realmcontainer[i][1]) + 1);
+               sprintf(realmacls[0], "%s%s%s", kdcrights_realmcontainer[i][0], serviceobjdn,
                        kdcrights_realmcontainer[i][1]);
                realmclass.mod_values = realmacls;
-               
+
                realmarr[0] = &realmclass;
-               
+
                st = ldap_modify_ext_s(ld,
                                       realmdn,
                                       realmarr,
@@ -417,22 +417,22 @@ krb5_ldap_add_service_rights( context, servicetype, serviceobjdn, realmname, sub
                                       NULL);
                if (st != LDAP_SUCCESS && st != LDAP_TYPE_OR_VALUE_EXISTS && st != LDAP_OTHER) {
                    free(realmacls[0]);
-                    st = set_ldap_error (context, st, OP_MOD);
+                   st = set_ldap_error (context, st, OP_MOD);
                    goto cleanup;
                }
                free(realmacls[0]);
            }
-       } else if(servicetype == LDAP_ADMIN_SERVICE){
-           fori=0; strcmp(adminrights_realmcontainer[i][0], "") != 0; i++) {
-               realmacls[0] = (char *) malloc(strlen(adminrights_realmcontainer[i][0]) + 
-                                            strlen(serviceobjdn) + 
-                                            strlen(adminrights_realmcontainer[i][1]) + 1);
-               sprintf(realmacls[0], "%s%s%s", adminrights_realmcontainer[i][0], serviceobjdn, 
+       } else if (servicetype == LDAP_ADMIN_SERVICE) {
+           for (i=0; strcmp(adminrights_realmcontainer[i][0], "") != 0; i++) {
+               realmacls[0] = (char *) malloc(strlen(adminrights_realmcontainer[i][0]) +
+                                              strlen(serviceobjdn) +
+                                              strlen(adminrights_realmcontainer[i][1]) + 1);
+               sprintf(realmacls[0], "%s%s%s", adminrights_realmcontainer[i][0], serviceobjdn,
                        adminrights_realmcontainer[i][1]);
                realmclass.mod_values = realmacls;
-               
+
                realmarr[0] = &realmclass;
-               
+
                st = ldap_modify_ext_s(ld,
                                       realmdn,
                                       realmarr,
@@ -440,23 +440,23 @@ krb5_ldap_add_service_rights( context, servicetype, serviceobjdn, realmname, sub
                                       NULL);
                if (st != LDAP_SUCCESS && st != LDAP_TYPE_OR_VALUE_EXISTS && st != LDAP_OTHER) {
                    free(realmacls[0]);
-                    st = set_ldap_error (context, st, OP_MOD);
+                   st = set_ldap_error (context, st, OP_MOD);
                    goto cleanup;
                }
-               free(realmacls[0]);                 
+               free(realmacls[0]);
            }
        } else if (servicetype == LDAP_PASSWD_SERVICE) {
            for (i=0; strcmp(pwdrights_realmcontainer[i][0], "")!=0; i++) {
-               realmacls[0] = (char *) malloc( strlen(pwdrights_realmcontainer[i][0]) + 
-                                            strlen(serviceobjdn) + 
-                                            strlen(pwdrights_realmcontainer[i][1]) + 1);
-               sprintf( realmacls[0], "%s%s%s", pwdrights_realmcontainer[i][0], serviceobjdn, 
-                        pwdrights_realmcontainer[i][1]);
+               realmacls[0] = (char *) malloc(strlen(pwdrights_realmcontainer[i][0]) +
+                                              strlen(serviceobjdn) +
+                                              strlen(pwdrights_realmcontainer[i][1]) + 1);
+               sprintf(realmacls[0], "%s%s%s", pwdrights_realmcontainer[i][0], serviceobjdn,
+                       pwdrights_realmcontainer[i][1]);
                realmclass.mod_values = realmacls;
-               
+
                realmarr[0] = &realmclass;
-               
-               
+
+
                st = ldap_modify_ext_s(ld,
                                       realmdn,
                                       realmarr,
@@ -464,7 +464,7 @@ krb5_ldap_add_service_rights( context, servicetype, serviceobjdn, realmname, sub
                                       NULL);
                if (st != LDAP_SUCCESS && st != LDAP_TYPE_OR_VALUE_EXISTS && st != LDAP_OTHER) {
                    free(realmacls[0]);
-                    st = set_ldap_error (context, st, OP_MOD);
+                   st = set_ldap_error (context, st, OP_MOD);
                    goto cleanup;
                }
                free(realmacls[0]);
@@ -478,18 +478,18 @@ krb5_ldap_add_service_rights( context, servicetype, serviceobjdn, realmname, sub
        /* Populate the acl data to be added to the subtree */
        subtreeclass.mod_op = LDAP_MOD_ADD;
        subtreeclass.mod_type = "ACL";
-       
+
        if (servicetype == LDAP_KDC_SERVICE) {
            for (i=0; strcmp(kdcrights_subtree[i][0], "")!=0; i++) {
-               subtreeacls[0] = (char *) malloc( strlen(kdcrights_subtree[i][0]) + 
-                                              strlen(serviceobjdn) + 
-                                              strlen(kdcrights_subtree[i][1]) + 1);
-               sprintf( subtreeacls[0], "%s%s%s", kdcrights_subtree[i][0], serviceobjdn, 
-                        kdcrights_subtree[i][1]);
+               subtreeacls[0] = (char *) malloc(strlen(kdcrights_subtree[i][0]) +
+                                                strlen(serviceobjdn) +
+                                                strlen(kdcrights_subtree[i][1]) + 1);
+               sprintf(subtreeacls[0], "%s%s%s", kdcrights_subtree[i][0], serviceobjdn,
+                       kdcrights_subtree[i][1]);
                subtreeclass.mod_values = subtreeacls;
-               
+
                subtreearr[0] = &subtreeclass;
-               
+
                st = ldap_modify_ext_s(ld,
                                       subtree,
                                       subtreearr,
@@ -497,22 +497,22 @@ krb5_ldap_add_service_rights( context, servicetype, serviceobjdn, realmname, sub
                                       NULL);
                if (st != LDAP_SUCCESS && st != LDAP_TYPE_OR_VALUE_EXISTS && st != LDAP_OTHER) {
                    free(subtreeacls[0]);
-                    st = set_ldap_error (context, st, OP_MOD);
+                   st = set_ldap_error (context, st, OP_MOD);
                    goto cleanup;
                }
                free(subtreeacls[0]);
            }
        } else if (servicetype == LDAP_ADMIN_SERVICE) {
            for (i=0; strcmp(adminrights_subtree[i][0], "")!=0; i++) {
-               subtreeacls[0] = (char *) malloc(strlen(adminrights_subtree[i][0]) 
-                                                + strlen(serviceobjdn) 
+               subtreeacls[0] = (char *) malloc(strlen(adminrights_subtree[i][0])
+                                                + strlen(serviceobjdn)
                                                 + strlen(adminrights_subtree[i][1]) + 1);
-               sprintf( subtreeacls[0], "%s%s%s", adminrights_subtree[i][0], serviceobjdn, 
-                        adminrights_subtree[i][1]);
+               sprintf(subtreeacls[0], "%s%s%s", adminrights_subtree[i][0], serviceobjdn,
+                       adminrights_subtree[i][1]);
                subtreeclass.mod_values = subtreeacls;
-               
+
                subtreearr[0] = &subtreeclass;
-               
+
                st = ldap_modify_ext_s(ld,
                                       subtree,
                                       subtreearr,
@@ -520,22 +520,22 @@ krb5_ldap_add_service_rights( context, servicetype, serviceobjdn, realmname, sub
                                       NULL);
                if (st != LDAP_SUCCESS && st !=LDAP_TYPE_OR_VALUE_EXISTS && st != LDAP_OTHER) {
                    free(subtreeacls[0]);
-                    st = set_ldap_error (context, st, OP_MOD);
+                   st = set_ldap_error (context, st, OP_MOD);
                    goto cleanup;
                }
                free(subtreeacls[0]);
            }
        } else if (servicetype == LDAP_PASSWD_SERVICE) {
            for (i=0; strcmp(pwdrights_subtree[i][0], "") != 0; i++) {
-               subtreeacls[0] = (char *)malloc( strlen(pwdrights_subtree[i][0]) 
-                                                + strlen(serviceobjdn) 
-                                                + strlen(pwdrights_subtree[i][1]) + 1);
-               sprintf( subtreeacls[0], "%s%s%s", pwdrights_subtree[i][0], serviceobjdn, 
-                        pwdrights_subtree[i][1]);
+               subtreeacls[0] = (char *)malloc(strlen(pwdrights_subtree[i][0])
+                                               + strlen(serviceobjdn)
+                                               + strlen(pwdrights_subtree[i][1]) + 1);
+               sprintf(subtreeacls[0], "%s%s%s", pwdrights_subtree[i][0], serviceobjdn,
+                       pwdrights_subtree[i][1]);
                subtreeclass.mod_values = subtreeacls;
-               
+
                subtreearr[0] = &subtreeclass;
-               
+
                st = ldap_modify_ext_s(ld,
                                       subtree,
                                       subtreearr,
@@ -543,7 +543,7 @@ krb5_ldap_add_service_rights( context, servicetype, serviceobjdn, realmname, sub
                                       NULL);
                if (st != LDAP_SUCCESS && st != LDAP_TYPE_OR_VALUE_EXISTS && st != LDAP_OTHER) {
                    free(subtreeacls[0]);
-                    st = set_ldap_error (context, st, OP_MOD);
+                   st = set_ldap_error (context, st, OP_MOD);
                    goto cleanup;
                }
                free(subtreeacls[0]);
@@ -551,13 +551,13 @@ krb5_ldap_add_service_rights( context, servicetype, serviceobjdn, realmname, sub
        }
     } /* Subtree rights settings ends here */
     st = 0;
-    
- cleanup:
-    
-    if(realmdn)
+
+cleanup:
+
+    if (realmdn)
        free(realmdn);
 
-    if(subtree)
+    if (subtree)
        free(subtree);
 
     krb5_ldap_put_handle_to_pool(ldap_context, ldap_server_handle);
@@ -565,20 +565,20 @@ krb5_ldap_add_service_rights( context, servicetype, serviceobjdn, realmname, sub
 }
 
 
-/* 
-   This will set the rights for the Kerberos service objects.
-   The function will read the subtree attribute from the specified
-   realm name and will the appropriate rights on both the realm
-   container and the subtree. The kerberos context passed should 
-   have a valid ldap handle, with appropriate rights to write acl
-   attributes. 
-   
-   krb5_context - IN The Kerberos context with valid ldap handle
+/*
+  This will set the rights for the Kerberos service objects.
+  The function will read the subtree attribute from the specified
+  realm name and will the appropriate rights on both the realm
+  container and the subtree. The kerberos context passed should
+  have a valid ldap handle, with appropriate rights to write acl
+  attributes.
+
+  krb5_context - IN The Kerberos context with valid ldap handle
 
 */
 
 krb5_error_code
-krb5_ldap_delete_service_rights( context, servicetype, serviceobjdn, realmname, subtreeparam, mask)
+krb5_ldap_delete_service_rights(context, servicetype, serviceobjdn, realmname, subtreeparam, mask)
     krb5_context       context;
     int             servicetype;
     char            *serviceobjdn;
@@ -597,50 +597,50 @@ krb5_ldap_delete_service_rights( context, servicetype, serviceobjdn, realmname,
     kdb5_dal_handle        *dal_handle=NULL;
     krb5_ldap_context *ldap_context=NULL;
     krb5_ldap_server_handle *ldap_server_handle=NULL;
-    
+
     SETUP_CONTEXT();
     GET_HANDLE();
 
-    if((serviceobjdn == NULL) || (realmname == NULL) || (servicetype < 0) || (servicetype > 4) 
-       || (ldap_context->krbcontainer->DN == NULL) ) {
+    if ((serviceobjdn == NULL) || (realmname == NULL) || (servicetype < 0) || (servicetype > 4)
+       || (ldap_context->krbcontainer->DN == NULL)) {
        st=-1;
        goto cleanup;
     }
 
     /* If the subtree is null, set the value to root */
-    if(subtreeparam== NULL)
+    if (subtreeparam== NULL)
        subtree=strdup("");
     else
        subtree=strdup(subtreeparam);
-    
-    if( subtree == NULL ) {
+
+    if (subtree == NULL) {
        st = ENOMEM;
        goto cleanup;
     }
 
 
     /* Set the rights for the realm */
-    if( mask & LDAP_REALM_RIGHTS ) {
-               
+    if (mask & LDAP_REALM_RIGHTS) {
+
        /* Construct the realm dn from realm name */
-       realmdn = (char *) malloc( strlen("cn=") + strlen(realmname) + 
-                                  strlen(ldap_context->krbcontainer->DN) + 2 );
+       realmdn = (char *) malloc(strlen("cn=") + strlen(realmname) +
+                                 strlen(ldap_context->krbcontainer->DN) + 2);
        sprintf(realmdn,"cn=%s,%s", realmname, ldap_context->krbcontainer->DN);
 
        realmclass.mod_op=LDAP_MOD_DELETE;
        realmclass.mod_type="ACL";
-       
+
        if (servicetype == LDAP_KDC_SERVICE) {
            for (i=0; strcmp(kdcrights_realmcontainer[i][0], "") != 0; i++) {
-               realmacls[0] = (char *) malloc(strlen(kdcrights_realmcontainer[i][0]) 
-                                              + strlen(serviceobjdn) + 
+               realmacls[0] = (char *) malloc(strlen(kdcrights_realmcontainer[i][0])
+                                              + strlen(serviceobjdn) +
                                               strlen(kdcrights_realmcontainer[i][1]) + 1);
-               sprintf( realmacls[0], "%s%s%s", kdcrights_realmcontainer[i][0], serviceobjdn, 
-                        kdcrights_realmcontainer[i][1]);
+               sprintf(realmacls[0], "%s%s%s", kdcrights_realmcontainer[i][0], serviceobjdn,
+                       kdcrights_realmcontainer[i][1]);
                realmclass.mod_values= realmacls;
-               
+
                realmarr[0]=&realmclass;
-               
+
                st = ldap_modify_ext_s(ld,
                                       realmdn,
                                       realmarr,
@@ -648,22 +648,22 @@ krb5_ldap_delete_service_rights( context, servicetype, serviceobjdn, realmname,
                                       NULL);
                if (st != LDAP_SUCCESS && st != LDAP_NO_SUCH_ATTRIBUTE) {
                    free(realmacls[0]);
-                    st = set_ldap_error (context, st, OP_MOD);
+                   st = set_ldap_error (context, st, OP_MOD);
                    goto cleanup;
                }
                free(realmacls[0]);
            }
        } else if (servicetype == LDAP_ADMIN_SERVICE) {
            for (i=0; strcmp(adminrights_realmcontainer[i][0], "") != 0; i++) {
-               realmacls[0] = (char *) malloc( strlen(adminrights_realmcontainer[i][0]) + 
-                                            strlen(serviceobjdn) + 
-                                            strlen(adminrights_realmcontainer[i][1]) + 1);
-               sprintf(realmacls[0], "%s%s%s", adminrights_realmcontainer[i][0], serviceobjdn, 
+               realmacls[0] = (char *) malloc(strlen(adminrights_realmcontainer[i][0]) +
+                                              strlen(serviceobjdn) +
+                                              strlen(adminrights_realmcontainer[i][1]) + 1);
+               sprintf(realmacls[0], "%s%s%s", adminrights_realmcontainer[i][0], serviceobjdn,
                        adminrights_realmcontainer[i][1]);
                realmclass.mod_values= realmacls;
-               
+
                realmarr[0]=&realmclass;
-               
+
                st = ldap_modify_ext_s(ld,
                                       realmdn,
                                       realmarr,
@@ -671,22 +671,22 @@ krb5_ldap_delete_service_rights( context, servicetype, serviceobjdn, realmname,
                                       NULL);
                if (st != LDAP_SUCCESS && st != LDAP_NO_SUCH_ATTRIBUTE) {
                    free(realmacls[0]);
-                    st = set_ldap_error (context, st, OP_MOD);
+                   st = set_ldap_error (context, st, OP_MOD);
                    goto cleanup;
                }
                free(realmacls[0]);
            }
        } else if (servicetype == LDAP_PASSWD_SERVICE) {
            for (i=0; strcmp(pwdrights_realmcontainer[i][0], "") != 0; i++) {
-               realmacls[0]=(char *)malloc( strlen(pwdrights_realmcontainer[i][0]) 
-                                            + strlen(serviceobjdn) 
-                                            + strlen(pwdrights_realmcontainer[i][1]) + 1);
-               sprintf( realmacls[0], "%s%s%s", pwdrights_realmcontainer[i][0], serviceobjdn, 
-                        pwdrights_realmcontainer[i][1]);
+               realmacls[0]=(char *)malloc(strlen(pwdrights_realmcontainer[i][0])
+                                           + strlen(serviceobjdn)
+                                           + strlen(pwdrights_realmcontainer[i][1]) + 1);
+               sprintf(realmacls[0], "%s%s%s", pwdrights_realmcontainer[i][0], serviceobjdn,
+                       pwdrights_realmcontainer[i][1]);
                realmclass.mod_values= realmacls;
-               
+
                realmarr[0]=&realmclass;
-               
+
                st = ldap_modify_ext_s(ld,
                                       realmdn,
                                       realmarr,
@@ -700,9 +700,9 @@ krb5_ldap_delete_service_rights( context, servicetype, serviceobjdn, realmname,
                free(realmacls[0]);
            }
        }
-       
+
     } /* Realm rights setting ends here */
-    
+
 
     /* Set the rights for the subtree */
     if (mask & LDAP_SUBTREE_RIGHTS) {
@@ -710,18 +710,18 @@ krb5_ldap_delete_service_rights( context, servicetype, serviceobjdn, realmname,
        /* Populate the acl data to be added to the subtree */
        subtreeclass.mod_op=LDAP_MOD_DELETE;
        subtreeclass.mod_type="ACL";
-       
-       if(servicetype == LDAP_KDC_SERVICE){
+
+       if (servicetype == LDAP_KDC_SERVICE) {
            for (i=0; strcmp(kdcrights_subtree[i][0], "")!=0; i++) {
-               subtreeacls[0] = (char *) malloc( strlen(kdcrights_subtree[i][0]) 
-                                                 + strlen(serviceobjdn) 
-                                                 + strlen(kdcrights_subtree[i][1]) + 1);
-               sprintf( subtreeacls[0], "%s%s%s", kdcrights_subtree[i][0], serviceobjdn, 
-                        kdcrights_subtree[i][1]);
+               subtreeacls[0] = (char *) malloc(strlen(kdcrights_subtree[i][0])
+                                                + strlen(serviceobjdn)
+                                                + strlen(kdcrights_subtree[i][1]) + 1);
+               sprintf(subtreeacls[0], "%s%s%s", kdcrights_subtree[i][0], serviceobjdn,
+                       kdcrights_subtree[i][1]);
                subtreeclass.mod_values= subtreeacls;
-               
+
                subtreearr[0]=&subtreeclass;
-               
+
                st = ldap_modify_ext_s(ld,
                                       subtree,
                                       subtreearr,
@@ -736,39 +736,38 @@ krb5_ldap_delete_service_rights( context, servicetype, serviceobjdn, realmname,
            }
        } else if (servicetype == LDAP_ADMIN_SERVICE) {
            for (i=0; strcmp(adminrights_subtree[i][0], "") != 0; i++) {
-               subtreeacls[0] = (char *) malloc(strlen(adminrights_subtree[i][0]) 
-                                              + strlen(serviceobjdn) 
-                                              + strlen(adminrights_subtree[i][1]) + 1);
-               sprintf(subtreeacls[0], "%s%s%s", adminrights_subtree[i][0], serviceobjdn, 
+               subtreeacls[0] = (char *) malloc(strlen(adminrights_subtree[i][0])
+                                                + strlen(serviceobjdn)
+                                                + strlen(adminrights_subtree[i][1]) + 1);
+               sprintf(subtreeacls[0], "%s%s%s", adminrights_subtree[i][0], serviceobjdn,
                        adminrights_subtree[i][1]);
                subtreeclass.mod_values= subtreeacls;
-               
+
                subtreearr[0]=&subtreeclass;
-               
+
                st = ldap_modify_ext_s(ld,
                                       subtree,
                                       subtreearr,
                                       NULL,
                                       NULL);
-               if ( st != LDAP_SUCCESS && st != LDAP_NO_SUCH_ATTRIBUTE) {
+               if (st != LDAP_SUCCESS && st != LDAP_NO_SUCH_ATTRIBUTE) {
                    free(subtreeacls[0]);
                    st = set_ldap_error (context, st, OP_MOD);
                    goto cleanup;
                }
                free(subtreeacls[0]);
            }
-       }
-       else if (servicetype == LDAP_PASSWD_SERVICE) {
+       } else if (servicetype == LDAP_PASSWD_SERVICE) {
            for (i=0; strcmp(pwdrights_subtree[i][0], "") != 0; i++) {
-               subtreeacls[0] = (char *) malloc(strlen(pwdrights_subtree[i][0]) 
-                                                + strlen(serviceobjdn) 
+               subtreeacls[0] = (char *) malloc(strlen(pwdrights_subtree[i][0])
+                                                + strlen(serviceobjdn)
                                                 + strlen(pwdrights_subtree[i][1]) + 1);
-               sprintf(subtreeacls[0], "%s%s%s", pwdrights_subtree[i][0], serviceobjdn, 
+               sprintf(subtreeacls[0], "%s%s%s", pwdrights_subtree[i][0], serviceobjdn,
                        pwdrights_subtree[i][1]);
                subtreeclass.mod_values= subtreeacls;
-               
+
                subtreearr[0]=&subtreeclass;
-               
+
                st = ldap_modify_ext_s(ld,
                                       subtree,
                                       subtreearr,
@@ -783,15 +782,15 @@ krb5_ldap_delete_service_rights( context, servicetype, serviceobjdn, realmname,
            }
        }
     } /* Subtree rights setting ends here */
-    
+
     st = 0;
 
- cleanup:
-       
-    if(realmdn)
+cleanup:
+
+    if (realmdn)
        free(realmdn);
 
-    if(subtree)
+    if (subtree)
        free(subtree);
 
     krb5_ldap_put_handle_to_pool(ldap_context, ldap_server_handle);
index 702f548c503f1a3bf3b68c16d1fe13177c66faa4..7c9dbad1b00fbe0a454f374834b0e0346b218191 100644 (file)
@@ -48,7 +48,7 @@ krb5_ldap_readpassword(context, ldap_context, password)
     *password = NULL;
 
     if (ldap_context->service_password_file)
-        file = ldap_context->service_password_file;
+       file = ldap_context->service_password_file;
 
 #ifndef HAVE_STRERROR_R
 # undef strerror_r
@@ -57,133 +57,133 @@ krb5_ldap_readpassword(context, ldap_context, password)
 
     /* check whether file exists */
     if (access(file, F_OK) < 0) {
-        st = errno;
+       st = errno;
        strerror_r(errno, errbuf, sizeof(errbuf));
-        krb5_set_error_message (context, st, "%s", errbuf);
-        goto rp_exit;
+       krb5_set_error_message (context, st, "%s", errbuf);
+       goto rp_exit;
     }
 
     /* check read access */
     if (access(file, R_OK) < 0) {
-        st = errno;
+       st = errno;
        strerror_r(errno, errbuf, sizeof(errbuf));
-        krb5_set_error_message (context, st, "%s", errbuf);
-        goto rp_exit;
+       krb5_set_error_message (context, st, "%s", errbuf);
+       goto rp_exit;
     }
 
-    if((fptr=fopen(file, "r")) == NULL) {
-        st = errno;
+    if ((fptr=fopen(file, "r")) == NULL) {
+       st = errno;
        strerror_r(errno, errbuf, sizeof(errbuf));
-        krb5_set_error_message (context, st, "%s", errbuf);
-        goto rp_exit;
+       krb5_set_error_message (context, st, "%s", errbuf);
+       goto rp_exit;
     }
-    
+
     /* get the record from the file */
-    while(fgets(line, RECORDLEN, fptr)!= NULL) {
-        char tmp[RECORDLEN];
+    while (fgets(line, RECORDLEN, fptr)!= NULL) {
+       char tmp[RECORDLEN];
 
-        tmp[0] = '\0';
-        /* Handle leading white-spaces */
-        for(start = line; isspace(*start); ++start);
+       tmp[0] = '\0';
+       /* Handle leading white-spaces */
+       for (start = line; isspace(*start); ++start);
 
-        /* Handle comment lines */
-        if (*start == '!' || *start == '#')
-            continue;
-        sscanf(line, "%*[ \t]%[^#]", tmp);
-        if(tmp[0] == '\0')
-            sscanf(line, "%[^#]", tmp);
-        if(strcasecmp(tmp, ldap_context->bind_dn) == 0) {
-            entryfound = 1; /* service_dn record found !!! */
-            break;
-        }
+       /* Handle comment lines */
+       if (*start == '!' || *start == '#')
+           continue;
+       sscanf(line, "%*[ \t]%[^#]", tmp);
+       if (tmp[0] == '\0')
+           sscanf(line, "%[^#]", tmp);
+       if (strcasecmp(tmp, ldap_context->bind_dn) == 0) {
+           entryfound = 1; /* service_dn record found !!! */
+           break;
+       }
     }
     fclose (fptr);
 
     if (entryfound == 0)  {
        st = KRB5_KDB_SERVER_INTERNAL_ERR;
        krb5_set_error_message (context, st, "Bind DN entry missing in stash file");
-        goto rp_exit;
+       goto rp_exit;
     }
     /* replace the \n with \0 */
     start = strchr(line, '\n');
     if (start)
-        *start = '\0';
+       *start = '\0';
 
     start = strchr(line, '#');
-    if (start == NULL ) {
-        /* password field missing */
+    if (start == NULL) {
+       /* password field missing */
        st = KRB5_KDB_SERVER_INTERNAL_ERR;
-        krb5_set_error_message (context, st, "Stash file entry corrupt");
-        goto rp_exit;
+       krb5_set_error_message (context, st, "Stash file entry corrupt");
+       goto rp_exit;
     }
     ++ start;
     /* Extract the plain password / certificate file information */
     {
-        struct data PT, CT;
+       struct data PT, CT;
 
-        /* Check if the entry has the path of a certificate */
-        if(!strncmp(start, "{FILE}", strlen("{FILE}"))) {
+       /* Check if the entry has the path of a certificate */
+       if (!strncmp(start, "{FILE}", strlen("{FILE}"))) {
            /* Set *password = {FILE}<path to cert>\0<cert password> */
-            /*ptr = strchr(start, ':');
-             if(ptr == NULL){ */
+           /*ptr = strchr(start, ':');
+             if (ptr == NULL) { */
            *password = (unsigned char *)malloc(strlen(start) + 2);
            (*password)[strlen(start) + 1] = '\0';
            (*password)[strlen(start)] = '\0';
            strcpy((char *)(*password), start);
            goto got_password;
-        } else {
+       } else {
            CT.value = (unsigned char *)start;
            CT.len = strlen((char *)CT.value);
            st = dec_password(CT, &PT);
-           if(st != 0){
-                switch (st) {
-                    case ERR_NO_MEM:
-                        st = ENOMEM;
-                        break;
-                    case ERR_PWD_ZERO:
-                        st = EINVAL;
-                        krb5_set_error_message(context, st, "Password has zero length");
-                        break;
-                    case ERR_PWD_BAD:
-                        st = EINVAL;
-                        krb5_set_error_message(context, st, "Password corrupted");
-                        break;
-                    case ERR_PWD_NOT_HEX:
-                        st = EINVAL;
-                        krb5_set_error_message(context, st, "Not a hexadecimal password");
-                        break;
-                    default:
-                       st = KRB5_KDB_SERVER_INTERNAL_ERR;
-                        break;
-                }
+           if (st != 0) {
+               switch (st) {
+               case ERR_NO_MEM:
+                   st = ENOMEM;
+                   break;
+               case ERR_PWD_ZERO:
+                   st = EINVAL;
+                   krb5_set_error_message(context, st, "Password has zero length");
+                   break;
+               case ERR_PWD_BAD:
+                   st = EINVAL;
+                   krb5_set_error_message(context, st, "Password corrupted");
+                   break;
+               case ERR_PWD_NOT_HEX:
+                   st = EINVAL;
+                   krb5_set_error_message(context, st, "Not a hexadecimal password");
+                   break;
+               default:
+                   st = KRB5_KDB_SERVER_INTERNAL_ERR;
+                   break;
+               }
                goto rp_exit;
            }
            *password = PT.value;
-        }
+       }
     }
- got_password:
+got_password:
 
- rp_exit:
+rp_exit:
     if (st) {
-        if (*password)
-            free (*password);
-        *password = NULL;
+       if (*password)
+           free (*password);
+       *password = NULL;
     }
     return st;
 }
 
 /* Encodes a sequence of bytes in hexadecimal */
 
-int 
+int
 tohex(in, ret)
-     krb5_data         in;
-     krb5_data         *ret;
+    krb5_data         in;
+    krb5_data         *ret;
 {
     int                i=0, j=0, err = 0;
-    
+
     ret->length = 0;
     ret->data = NULL;
-    
+
     ret->data = (unsigned char *)malloc((unsigned int)in.length * 2 + 1 /*Null termination */);
     if (ret->data == NULL) {
        err = ENOMEM;
@@ -191,19 +191,19 @@ tohex(in, ret)
     }
     ret->length = in.length * 2;
     ret->data[ret->length] = 0;
-    
+
     for (i = 0, j = 0; i < in.length; i++, j += 2) {
        sprintf((char *)ret->data + j, "%x", in.data[i] >> 4);
        sprintf((char *)ret->data + j + 1, "%x", in.data[i] & 0xf);
     }
-    
- cleanup:
-    
+
+cleanup:
+
     if (ret->length == 0) {
        free(ret->data);
        ret->data = NULL;
     }
-    
+
     return err;
 }
 
@@ -219,31 +219,31 @@ tohex(in, ret)
  * ERR_PWD_NOT_HEX - Not a hexadecimal password
  */
 
-int dec_password(struct data pwd, struct data *ret){
+int dec_password(struct data pwd, struct data *ret) {
     int err=0;
     int i=0, j=0;
-    
+
     ret->len = 0;
     ret->value = NULL;
-    
+
     if (pwd.len == 0) {
-        err = ERR_PWD_ZERO;
-        ret->len = 0;
-        goto cleanup;
+       err = ERR_PWD_ZERO;
+       ret->len = 0;
+       goto cleanup;
     }
-    
+
     /* Check if it is a hexadecimal encoded password */
-    if (pwd.len >= strlen("{HEX}") && 
+    if (pwd.len >= strlen("{HEX}") &&
        strncmp((char *)pwd.value, "{HEX}", strlen("{HEX}")) == 0) {
-       
-       if((pwd.len - strlen("{HEX}")) % 2 != 0){
+
+       if ((pwd.len - strlen("{HEX}")) % 2 != 0) {
            /* A hexadecimal encoded password should have even length */
-            err = ERR_PWD_BAD;
+           err = ERR_PWD_BAD;
            ret->len = 0;
            goto cleanup;
        }
        ret->value = (unsigned char *)malloc((pwd.len - strlen("{HEX}")) / 2 + 1);
-       if(ret->value == NULL){
+       if (ret->value == NULL) {
            err = ERR_NO_MEM;
            ret->len = 0;
            goto cleanup;
@@ -254,26 +254,25 @@ int dec_password(struct data pwd, struct data *ret){
            int k;
            /* Check if it is a hexadecimal number */
            if (isxdigit(pwd.value[i]) == 0 || isxdigit(pwd.value[i + 1]) == 0) {
-                err = ERR_PWD_NOT_HEX;
-                ret->len = 0;
-                goto cleanup;
+               err = ERR_PWD_NOT_HEX;
+               ret->len = 0;
+               goto cleanup;
            }
            sscanf((char *)pwd.value + i, "%2x", &k);
            ret->value[j] = k;
        }
        goto cleanup;
     } else {
-        err = ERR_PWD_NOT_HEX;
-        ret->len = 0;
-        goto cleanup;
+       err = ERR_PWD_NOT_HEX;
+       ret->len = 0;
+       goto cleanup;
     }
-    
- cleanup:
-       
-    if(ret->len == 0) {
+
+cleanup:
+
+    if (ret->len == 0) {
        free(ret->value);
        ret->value = NULL;
     }
     return(err);
 }
-
index fa1bdd7b37b4ae5abc4251038faa6b1618bb431f..4fde33037ea66bbd96adc97218899526137bb2d0 100644 (file)
@@ -47,7 +47,7 @@ krb5_ldap_create_service(context, service, mask)
     krb5_ldap_service_params    *service;
     int                         mask;
 {
-    int                         i=0, j=0; 
+    int                         i=0, j=0;
     krb5_error_code             st=0;
     LDAP                        *ld=NULL;
     char                        **rdns=NULL, *realmattr=NULL, *strval[3]={NULL};
@@ -74,7 +74,7 @@ krb5_ldap_create_service(context, service, mask)
        strval[1] = "krbKdcService";
        realmattr = "krbKdcServers";
     } else if (service->servicetype == LDAP_ADMIN_SERVICE) {
-       strval[1] = "krbAdmService";  
+       strval[1] = "krbAdmService";
        realmattr = "krbAdmServers";
     } else if (service->servicetype == LDAP_PASSWD_SERVICE) {
        strval[1] = "krbPwdService";
@@ -84,21 +84,21 @@ krb5_ldap_create_service(context, service, mask)
        realmattr = "krbKdcServers";
     }
     if ((st=krb5_add_str_mem_ldap_mod(&mods, "objectclass", LDAP_MOD_ADD, strval)) != 0)
-      goto cleanup;
-  
+       goto cleanup;
+
     rdns = ldap_explode_dn(service->servicedn, 1);
     if (rdns == NULL) {
-      st = LDAP_INVALID_DN_SYNTAX;
-      goto cleanup;
+       st = LDAP_INVALID_DN_SYNTAX;
+       goto cleanup;
     }
     memset(strval, 0, sizeof(strval));
     strval[0] = rdns[0];
     if ((st=krb5_add_str_mem_ldap_mod(&mods, "cn", LDAP_MOD_ADD, strval)) != 0)
-      goto cleanup;
-    
+       goto cleanup;
+
     if (mask & LDAP_SERVICE_SERVICEFLAG) {
-        if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbserviceflags", LDAP_MOD_ADD,
-                                          service->krbserviceflags)) != 0)
+       if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbserviceflags", LDAP_MOD_ADD,
+                                         service->krbserviceflags)) != 0)
            goto cleanup;
     }
 
@@ -110,17 +110,17 @@ krb5_ldap_create_service(context, service, mask)
        } else {
            st = EINVAL;
            krb5_set_error_message (context, st, "'krbhostserver' argument invalid");
-            goto cleanup;
+           goto cleanup;
        }
     }
-  
+
     if (mask & LDAP_SERVICE_REALMREFERENCE) {
        if (service->krbrealmreferences != NULL) {
            unsigned int realmmask=0;
-           
+
            /* check for the validity of the values */
            for (j=0; service->krbrealmreferences[j] != NULL; ++j) {
-               st = checkattributevalue(ld, service->krbrealmreferences[j], "ObjectClass", 
+               st = checkattributevalue(ld, service->krbrealmreferences[j], "ObjectClass",
                                         realmcontclass, &realmmask);
                CHECK_CLASS_VALIDITY(st, realmmask, "realm object value: ");
            }
@@ -128,40 +128,40 @@ krb5_ldap_create_service(context, service, mask)
                                              service->krbrealmreferences)) != 0)
                goto cleanup;
        } else {
-            st = EINVAL;
+           st = EINVAL;
            krb5_set_error_message (context, st, "Server has no 'krbrealmreferences'");
-            goto cleanup;
+           goto cleanup;
        }
     }
-  
+
     /* ldap add operation */
     if ((st=ldap_add_s(ld, service->servicedn, mods)) != LDAP_SUCCESS) {
-        st = set_ldap_error (context, st, OP_ADD);
+       st = set_ldap_error (context, st, OP_ADD);
        goto cleanup;
     }
-  
-    /* 
+
+    /*
      * If the service created has realm/s associated with it, then the realm should be updated
      * to have a reference to the service object just created.
      */
     if (mask & LDAP_SERVICE_REALMREFERENCE) {
        for (i=0; service->krbrealmreferences[i]; ++i) {
-           if((st=updateAttribute(ld, service->krbrealmreferences[i], realmattr, 
-                                  service->servicedn)) != 0) {
+           if ((st=updateAttribute(ld, service->krbrealmreferences[i], realmattr,
+                                   service->servicedn)) != 0) {
                sprintf (errbuf, "Error adding 'krbRealmReferences' to %s: ",
                         service->krbrealmreferences[i]);
-                prepend_err_str (context, errbuf, st, st);
+               prepend_err_str (context, errbuf, st, st);
                /* delete service object, status ignored intentionally */
                ldap_delete_s(ld, service->servicedn);
                goto cleanup;
            }
        }
     }
-    
- cleanup:
+
+cleanup:
 
     if (rdns)
-      ldap_value_free (rdns);
+       ldap_value_free (rdns);
 
     ldap_mods_free(mods, 1);
     krb5_ldap_put_handle_to_pool(ldap_context, ldap_server_handle);
@@ -193,69 +193,69 @@ krb5_ldap_modify_service(context, service, mask)
 
     /* validate the input parameter */
     if (service == NULL || service->servicedn == NULL) {
-        st = EINVAL;
+       st = EINVAL;
        krb5_set_error_message (context, st, "Service DN is NULL");
-        goto cleanup;
+       goto cleanup;
     }
 
     SETUP_CONTEXT();
     GET_HANDLE();
 
     if (mask & LDAP_SERVICE_SERVICEFLAG) {
-        if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbserviceflags", LDAP_MOD_REPLACE,
-                                          service->krbserviceflags)) != 0)
+       if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbserviceflags", LDAP_MOD_REPLACE,
+                                         service->krbserviceflags)) != 0)
            goto cleanup;
     }
 
     if (mask & LDAP_SERVICE_HOSTSERVER) {
        if (service->krbhostservers != NULL) {
            if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbhostserver", LDAP_MOD_REPLACE,
-                                              service->krbhostservers)) != 0)
-                goto cleanup;
+                                             service->krbhostservers)) != 0)
+               goto cleanup;
        } else {
-            st = EINVAL;
+           st = EINVAL;
            krb5_set_error_message (context, st, "'krbhostserver' value invalid");
-            goto cleanup;
+           goto cleanup;
        }
     }
-  
+
     if (mask & LDAP_SERVICE_REALMREFERENCE) {
        if (service->krbrealmreferences != NULL) {
            unsigned int realmmask=0;
-           
+
            /* check for the validity of the values */
            for (j=0; service->krbrealmreferences[j]; ++j) {
-                st = checkattributevalue(ld, service->krbrealmreferences[j], "ObjectClass",
-                                         realmcontclass, &realmmask);
+               st = checkattributevalue(ld, service->krbrealmreferences[j], "ObjectClass",
+                                        realmcontclass, &realmmask);
                CHECK_CLASS_VALIDITY(st, realmmask, "realm object value: ");
            }
-            if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbrealmreferences", LDAP_MOD_REPLACE,
-                                              service->krbrealmreferences)) != 0)
-                goto cleanup;
-           
-           
+           if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbrealmreferences", LDAP_MOD_REPLACE,
+                                             service->krbrealmreferences)) != 0)
+               goto cleanup;
+
+
            /* get the attribute of the realm to be set */
            if (service->servicetype == LDAP_KDC_SERVICE)
                realmattr = "krbKdcServers";
            else if (service->servicetype == LDAP_ADMIN_SERVICE)
-               realmattr = "krbAdmservers";  
+               realmattr = "krbAdmservers";
            else if (service->servicetype == LDAP_PASSWD_SERVICE)
                realmattr = "krbPwdServers";
            else
                realmattr = "krbKdcServers";
-           
+
            /* read the existing list of krbRealmreferences. this will needed  */
-           if ((st = ldap_search_s (ld, 
-                                    service->servicedn, 
+           if ((st = ldap_search_s (ld,
+                                    service->servicedn,
                                     LDAP_SCOPE_BASE,
                                     0,
                                     attr,
                                     0,
                                     &result)) != LDAP_SUCCESS) {
-                st = set_ldap_error (context, st, OP_SEARCH);
+               st = set_ldap_error (context, st, OP_SEARCH);
                goto cleanup;
            }
-           
+
            ent = ldap_first_entry(ld, result);
            if (ent) {
                if ((values=ldap_get_values(ld, ent, "krbRealmReferences")) != NULL) {
@@ -267,20 +267,20 @@ krb5_ldap_modify_service(context, service, mask)
            }
            ldap_msgfree(result);
        } else {
-            st = EINVAL;
+           st = EINVAL;
            krb5_set_error_message (context, st, "'krbRealmReferences' value invalid");
-            goto cleanup;
+           goto cleanup;
        }
     }
-           
+
     /* ldap modify operation */
     if ((st=ldap_modify_s(ld, service->servicedn, mods)) != LDAP_SUCCESS) {
-        st = set_ldap_error (context, st, OP_MOD);
+       st = set_ldap_error (context, st, OP_MOD);
        goto cleanup;
     }
-    
-    /* 
-     * If the service modified had realm/s associations changed, then the realm should be 
+
+    /*
+     * If the service modified had realm/s associations changed, then the realm should be
      * updated to reflect the changes.
      */
 
@@ -288,44 +288,42 @@ krb5_ldap_modify_service(context, service, mask)
        /* get the count of the new list of krbrealmreferences */
        for (i=0; service->krbrealmreferences[i]; ++i)
            ;
-       
+
        /* make a new copy of the krbrealmreferences */
        if ((st=copy_arrays(service->krbrealmreferences, &newrealmrefs, i)) != 0)
            goto cleanup;
-       
+
        /* find the deletions/additions to the list of krbrealmreferences */
        if (disjoint_members(oldrealmrefs, newrealmrefs) != 0)
            goto cleanup;
 
-        /* see if some of the attributes have to be deleted */
+       /* see if some of the attributes have to be deleted */
        if (oldrealmrefs) {
-           
+
            /* update the dn represented by the attribute that is to be deleted */
-           for (i=0; oldrealmrefs[i]; ++i) 
-               if((st=deleteAttribute(ld, oldrealmrefs[i], realmattr, service->servicedn)) != 0)
-               {
+           for (i=0; oldrealmrefs[i]; ++i)
+               if ((st=deleteAttribute(ld, oldrealmrefs[i], realmattr, service->servicedn)) != 0) {
                    prepend_err_str (context, "Error deleting realm attribute:", st, st);
-                    goto cleanup;
+                   goto cleanup;
                }
        }
-       
-        /* see if some of the attributes have to be added */
-       for (i=0; newrealmrefs[i]; ++i) 
-           if((st=updateAttribute(ld, newrealmrefs[i], realmattr, service->servicedn)) != 0)
-           {
+
+       /* see if some of the attributes have to be added */
+       for (i=0; newrealmrefs[i]; ++i)
+           if ((st=updateAttribute(ld, newrealmrefs[i], realmattr, service->servicedn)) != 0) {
                prepend_err_str (context, "Error updating realm attribute: ", st, st);
                goto cleanup;
            }
     }
-  
- cleanup:
+
+cleanup:
 
     if (oldrealmrefs) {
        for (i=0; oldrealmrefs[i]; ++i)
            free (oldrealmrefs[i]);
        free (oldrealmrefs);
     }
-  
+
     if (newrealmrefs) {
        for (i=0; newrealmrefs[i]; ++i)
            free (newrealmrefs[i]);
@@ -352,10 +350,10 @@ krb5_ldap_delete_service(context, service, servicedn)
 
     SETUP_CONTEXT();
     GET_HANDLE();
-    
+
     st = ldap_delete_s(ld, servicedn);
     if (st != 0) {
-        st = set_ldap_error (context, st, OP_DEL);
+       st = set_ldap_error (context, st, OP_DEL);
     }
 
     /* NOTE: This should be removed now as the backlinks are going off in OpenLDAP */
@@ -364,16 +362,16 @@ krb5_ldap_delete_service(context, service, servicedn)
     {
        int                         i=0;
        char                        *attr=NULL;
-       
+
        if (service) {
            if (service->krbrealmreferences) {
                if (service->servicetype == LDAP_KDC_SERVICE)
-                   attr = "krbkdcservers"; 
+                   attr = "krbkdcservers";
                else if (service->servicetype == LDAP_ADMIN_SERVICE)
                    attr = "krbadmservers";
                else if (service->servicetype == LDAP_PASSWD_SERVICE)
                    attr = "krbpwdservers";
-               
+
                for (i=0; service->krbrealmreferences[i]; ++i) {
                    deleteAttribute(ld, service->krbrealmreferences[i], attr, servicedn);
                }
@@ -382,7 +380,7 @@ krb5_ldap_delete_service(context, service, servicedn)
     }
 #endif
 
- cleanup:
+cleanup:
 
     krb5_ldap_put_handle_to_pool(ldap_context, ldap_server_handle);
     return st;
@@ -415,8 +413,8 @@ krb5_ldap_read_service(context, servicedn, service, omask)
     char                        **values=NULL;
     int                         i=0, count=0, objectmask=0;
     krb5_error_code             st=0, tempst=0;
-    LDAPMessage                 *result=NULL,*ent=NULL;  
-    char                        *attributes[] = {"krbHostServer", "krbServiceflags", 
+    LDAPMessage                 *result=NULL,*ent=NULL;
+    char                        *attributes[] = {"krbHostServer", "krbServiceflags",
                                                 "krbRealmReferences", "objectclass", NULL};
     char                        *attrvalues[] = {"krbService", NULL};
     krb5_ldap_service_params    *lservice=NULL;
@@ -424,23 +422,23 @@ krb5_ldap_read_service(context, servicedn, service, omask)
     kdb5_dal_handle             *dal_handle=NULL;
     krb5_ldap_server_handle     *ldap_server_handle=NULL;
     LDAP                        *ld = NULL;
-    
+
     /* validate the input parameter */
     if (servicedn == NULL) {
        st = EINVAL;
        krb5_set_error_message (context, st, "Service DN NULL");
        goto cleanup;
     }
-    
+
     SETUP_CONTEXT();
     GET_HANDLE();
 
     *omask = 0;
-    
+
     /* the policydn object should be of the krbService object class */
     st = checkattributevalue(ld, servicedn, "objectClass", attrvalues, &objectmask);
     CHECK_CLASS_VALIDITY(st, objectmask, "service object value: ");
-    
+
     /* Initialize service structure */
     lservice =(krb5_ldap_service_params *) calloc(1, sizeof(krb5_ldap_service_params));
     if (lservice == NULL) {
@@ -455,30 +453,30 @@ krb5_ldap_read_service(context, servicedn, service, omask)
        goto cleanup;
     }
     lservice->tl_data->tl_data_type = KDB_TL_USER_INFO;
-    
+
     LDAP_SEARCH(servicedn, LDAP_SCOPE_BASE, "(objectclass=krbService)", attributes);
 
     lservice->servicedn = strdup(servicedn);
     CHECK_NULL(lservice->servicedn);
 
-    ent=ldap_first_entry(ld, result); 
+    ent=ldap_first_entry(ld, result);
     if (ent != NULL) {
 
-       if((values=ldap_get_values(ld, ent, "krbServiceFlags")) != NULL) {
+       if ((values=ldap_get_values(ld, ent, "krbServiceFlags")) != NULL) {
            lservice->krbserviceflags = atoi(values[0]);
            *omask |= LDAP_SERVICE_SERVICEFLAG;
            ldap_value_free(values);
-       }  
+       }
 
-       if((values=ldap_get_values(ld, ent, "krbHostServer")) != NULL) {
+       if ((values=ldap_get_values(ld, ent, "krbHostServer")) != NULL) {
            count = ldap_count_values(values);
            if ((st=copy_arrays(values, &(lservice->krbhostservers), count)) != 0)
                goto cleanup;
            *omask |= LDAP_SERVICE_HOSTSERVER;
            ldap_value_free(values);
-       } 
+       }
 
-       if((values=ldap_get_values(ld, ent, "krbRealmReferences")) != NULL) {
+       if ((values=ldap_get_values(ld, ent, "krbRealmReferences")) != NULL) {
            count = ldap_count_values(values);
            if ((st=copy_arrays(values, &(lservice->krbrealmreferences), count)) != 0)
                goto cleanup;
@@ -486,17 +484,17 @@ krb5_ldap_read_service(context, servicedn, service, omask)
            ldap_value_free(values);
        }
 
-       if((values=ldap_get_values(ld, ent, "objectClass")) != NULL) {
-           for (i=0; values[i]; ++i){
+       if ((values=ldap_get_values(ld, ent, "objectClass")) != NULL) {
+           for (i=0; values[i]; ++i) {
                if (strcasecmp(values[i], "krbKdcService") == 0) {
                    lservice->servicetype = LDAP_KDC_SERVICE;
                    break;
-               } 
+               }
 
                if (strcasecmp(values[i], "krbAdmService") == 0) {
                    lservice->servicetype = LDAP_ADMIN_SERVICE;
                    break;
-               } 
+               }
 
                if (strcasecmp(values[i], "krbPwdService") == 0) {
                    lservice->servicetype = LDAP_PASSWD_SERVICE;
@@ -507,9 +505,9 @@ krb5_ldap_read_service(context, servicedn, service, omask)
        }
     }
     ldap_msgfree(result);
-  
- cleanup:
-    if(st != 0) {
+
+cleanup:
+    if (st != 0) {
        krb5_ldap_free_service(context, lservice);
        *service = NULL;
     } else {
@@ -524,7 +522,7 @@ krb5_ldap_read_service(context, servicedn, service, omask)
 /*
  * This function frees the krb5_ldap_service_params structure members.
  */
+
 krb5_error_code
 krb5_ldap_free_service(context, service)
     krb5_context                context;
@@ -549,13 +547,13 @@ krb5_ldap_free_service(context, service)
            free (service->krbhostservers[i]);
        free (service->krbhostservers);
     }
-  
+
     if (service->tl_data) {
        if (service->tl_data->tl_data_contents)
            free (service->tl_data->tl_data_contents);
        free (service->tl_data);
     }
-    
+
     free (service);
     return 0;
 }
@@ -581,13 +579,13 @@ krb5_ldap_set_service_passwd(context, service, passwd)
 
     if ((st=krb5_add_str_mem_ldap_mod(&mods, "userPassword", LDAP_MOD_REPLACE, password)) != 0)
        goto cleanup;
-    
+
     st = ldap_modify_s(ld, service, mods);
     if (st) {
-        st = set_ldap_error (context, st, OP_MOD);
+       st = set_ldap_error (context, st, OP_MOD);
     }
 
- cleanup:
+cleanup:
     ldap_mods_free(mods, 1);
     krb5_ldap_put_handle_to_pool(ldap_context, ldap_server_handle);
     return st;
index f5948786fea46a7f864c0312dfa089d812393945..78601e5b9f26527ced67e6faac927fe229b4eb04 100644 (file)
 
 /* Ticket policy object management */
 
-/* 
-* This function changes the value of policyreference count for a particular ticket policy. if flag is 1 it will increment else it will reduce by one
-*/
+/*
+ * This function changes the value of policyreference count for a
+ * particular ticket policy.  If flag is 1 it will increment else it
+ * will reduce by one.
+ */
 
 krb5_error_code
 krb5_ldap_change_count(context ,policydn ,flag)
-       krb5_context                context;
-       char                        *policydn;
-       int                         flag;
+    krb5_context                context;
+    char                        *policydn;
+    int                         flag;
 {
 
-       krb5_error_code             st=0;
-       int                         objectmask=0;
-       LDAP                        *ld=NULL;
-       char                        *attrvalues[] = { "krbPolicy", NULL};
-       kdb5_dal_handle             *dal_handle=NULL;
-       krb5_ldap_context           *ldap_context=NULL;
-       krb5_ldap_server_handle     *ldap_server_handle=NULL;
-       krb5_ldap_policy_params     *policyparams=NULL;
-       int mask = 0;
-
-       /* validate the input parameters */
-       if (policydn == NULL) {
-               st = EINVAL;
-               prepend_err_str(context,"Ticket Policy Object information missing",st,st);
-               goto cleanup;
-       }
+    krb5_error_code             st=0;
+    int                         objectmask=0;
+    LDAP                        *ld=NULL;
+    char                        *attrvalues[] = { "krbPolicy", NULL};
+    kdb5_dal_handle             *dal_handle=NULL;
+    krb5_ldap_context           *ldap_context=NULL;
+    krb5_ldap_server_handle     *ldap_server_handle=NULL;
+    krb5_ldap_policy_params     *policyparams=NULL;
+    int mask = 0;
+
+    /* validate the input parameters */
+    if (policydn == NULL) {
+       st = EINVAL;
+       prepend_err_str(context,"Ticket Policy Object information missing",st,st);
+       goto cleanup;
+    }
 
-       SETUP_CONTEXT();
-       GET_HANDLE();
+    SETUP_CONTEXT();
+    GET_HANDLE();
 
-       /* the policydn object should be of the krbPolicy object class */
-       st = checkattributevalue(ld, policydn, "objectClass", attrvalues, &objectmask);
-       CHECK_CLASS_VALIDITY(st, objectmask, "ticket policy object: ");
+    /* the policydn object should be of the krbPolicy object class */
+    st = checkattributevalue(ld, policydn, "objectClass", attrvalues, &objectmask);
+    CHECK_CLASS_VALIDITY(st, objectmask, "ticket policy object: ");
 
-       /* Initialize ticket policy structure */
+    /* Initialize ticket policy structure */
 
-        if ((st = krb5_ldap_read_policy(context, policydn, &policyparams, &mask)))
-               goto cleanup;
-       if(flag == 1){
-               /*Increment*/
-               policyparams->polrefcount +=1;
-       }
-       else{
-               /*Decrement*/
-               if(policyparams->polrefcount >0)
-               {
-                       policyparams->polrefcount-=1;
-               }
+    if ((st = krb5_ldap_read_policy(context, policydn, &policyparams, &mask)))
+       goto cleanup;
+    if (flag == 1) {
+       /*Increment*/
+       policyparams->polrefcount +=1;
+    } else{
+       /*Decrement*/
+       if (policyparams->polrefcount >0) {
+           policyparams->polrefcount-=1;
        }
-       mask |= LDAP_POLICY_COUNT;
+    }
+    mask |= LDAP_POLICY_COUNT;
 
-       if ((st = krb5_ldap_modify_policy(context, policyparams, mask)))
-               goto cleanup;
+    if ((st = krb5_ldap_modify_policy(context, policyparams, mask)))
+       goto cleanup;
 
 cleanup:
-       krb5_ldap_put_handle_to_pool(ldap_context, ldap_server_handle);
-       return st;
+    krb5_ldap_put_handle_to_pool(ldap_context, ldap_server_handle);
+    return st;
 }
 
 /*
@@ -114,7 +114,7 @@ krb5_ldap_create_policy(context, policy, mask)
 
     /* validate the input parameters */
     if (policy == NULL || policy->policydn==NULL) {
-        st = EINVAL;
+       st = EINVAL;
        krb5_set_error_message (context, st, "Ticket Policy Object DN missing");
        goto cleanup;
     }
@@ -127,12 +127,12 @@ krb5_ldap_create_policy(context, policy, mask)
        st = LDAP_INVALID_DN_SYNTAX;
        goto cleanup;
     }
-    
+
     memset(strval, 0, sizeof(strval));
     strval[0] = rdns[0];
     if ((st=krb5_add_str_mem_ldap_mod(&mods, "cn", LDAP_MOD_ADD, strval)) != 0)
        goto cleanup;
-    
+
     memset(strval, 0, sizeof(strval));
     strval[0] = "krbPolicy";
     strval[1] = "krbPolicyaux";
@@ -140,37 +140,37 @@ krb5_ldap_create_policy(context, policy, mask)
        goto cleanup;
 
     if (mask & LDAP_POLICY_MAXTKTLIFE) {
-       if((st=krb5_add_int_mem_ldap_mod(&mods, "krbmaxticketlife", LDAP_MOD_ADD, 
-                                        policy->maxtktlife)) != 0)
+       if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbmaxticketlife", LDAP_MOD_ADD,
+                                         policy->maxtktlife)) != 0)
            goto cleanup;
     }
 
     if (mask & LDAP_POLICY_MAXRENEWLIFE) {
-       if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbmaxrenewableage", LDAP_MOD_ADD, 
+       if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbmaxrenewableage", LDAP_MOD_ADD,
                                          policy->maxrenewlife)) != 0)
            goto cleanup;
     }
-  
+
     if (mask & LDAP_POLICY_TKTFLAGS) {
-       if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbticketflags", LDAP_MOD_ADD, 
+       if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbticketflags", LDAP_MOD_ADD,
                                          policy->tktflags)) != 0)
            goto cleanup;
     }
     /*ticket policy reference count attribute added with value 0 */
 
     if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbPolicyRefCount", LDAP_MOD_ADD,
-                                    0)) != 0)
-            goto cleanup;
+                                     0)) != 0)
+       goto cleanup;
 
     /* ldap add operation */
     if ((st=ldap_add_s(ld, policy->policydn, mods)) != LDAP_SUCCESS) {
-        st = set_ldap_error (context, st, OP_ADD);
+       st = set_ldap_error (context, st, OP_ADD);
        goto cleanup;
     }
-  
- cleanup:
+
+cleanup:
     if (rdns)
-      ldap_value_free(rdns);
+       ldap_value_free(rdns);
 
     ldap_mods_free(mods, 1);
     krb5_ldap_put_handle_to_pool(ldap_context, ldap_server_handle);
@@ -183,7 +183,7 @@ krb5_ldap_create_policy(context, policy, mask)
  */
 
 krb5_error_code
-krb5_ldap_modify_policy(context,  policy, mask)
+krb5_ldap_modify_policy(context, policy, mask)
     krb5_context               context;
     krb5_ldap_policy_params     *policy;
     int                         mask;
@@ -201,7 +201,7 @@ krb5_ldap_modify_policy(context,  policy, mask)
     if (policy == NULL || policy->policydn==NULL) {
        st = EINVAL;
        krb5_set_error_message (context, st, "Ticket Policy Object DN missing");
-        goto cleanup;
+       goto cleanup;
     }
 
     SETUP_CONTEXT();
@@ -210,7 +210,7 @@ krb5_ldap_modify_policy(context,  policy, mask)
     /* the policydn object should be of the krbPolicy object class */
     st = checkattributevalue(ld, policy->policydn, "objectClass", attrvalues, &objectmask);
     CHECK_CLASS_VALIDITY(st, objectmask, "ticket policy object: ");
-  
+
     if ((objectmask & 0x02) == 0) { /* add krbpolicyaux to the object class list */
        memset(strval, 0, sizeof(strval));
        strval[0] = "krbPolicyAux";
@@ -219,34 +219,34 @@ krb5_ldap_modify_policy(context,  policy, mask)
     }
 
     if (mask & LDAP_POLICY_MAXTKTLIFE) {
-       if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbmaxticketlife", LDAP_MOD_REPLACE, 
+       if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbmaxticketlife", LDAP_MOD_REPLACE,
                                          policy->maxtktlife)) != 0)
            goto cleanup;
     }
 
     if (mask & LDAP_POLICY_MAXRENEWLIFE) {
-        if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbmaxrenewableage", LDAP_MOD_REPLACE, 
-                                 policy->maxrenewlife)) != 0)
+       if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbmaxrenewableage", LDAP_MOD_REPLACE,
+                                         policy->maxrenewlife)) != 0)
            goto cleanup;
     }
-  
+
     if (mask & LDAP_POLICY_TKTFLAGS) {
-        if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbticketflags", LDAP_MOD_REPLACE, 
+       if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbticketflags", LDAP_MOD_REPLACE,
                                          policy->tktflags)) != 0)
            goto cleanup;
     }
 
     if (mask & LDAP_POLICY_COUNT) {
-        if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbpolicyrefcount", LDAP_MOD_REPLACE, 
+       if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbpolicyrefcount", LDAP_MOD_REPLACE,
                                          policy->polrefcount)) != 0)
            goto cleanup;
     }
     if ((st=ldap_modify_s(ld, policy->policydn, mods)) != LDAP_SUCCESS) {
-        st = set_ldap_error (context, st, OP_MOD);
+       st = set_ldap_error (context, st, OP_MOD);
        goto cleanup;
     }
-  
- cleanup:
+
+cleanup:
     ldap_mods_free(mods, 1);
     krb5_ldap_put_handle_to_pool(ldap_context, ldap_server_handle);
     return st;
@@ -254,7 +254,7 @@ krb5_ldap_modify_policy(context,  policy, mask)
 
 
 /*
- * Read the policy object from the Directory and populate the krb5_ldap_policy_params 
+ * Read the policy object from the Directory and populate the krb5_ldap_policy_params
  * structure.
  */
 
@@ -268,19 +268,19 @@ krb5_ldap_read_policy(context, policydn, policy, omask)
     krb5_error_code             st=0, tempst=0;
     int                         objectmask=0;
     LDAP                        *ld=NULL;
-    LDAPMessage                 *result=NULL,*ent=NULL;  
+    LDAPMessage                 *result=NULL,*ent=NULL;
     char                        *attributes[] = { "krbMaxTicketLife", "krbMaxRenewableAge", "krbTicketFlags", "krbPolicyRefCount", NULL};
     char                        *attrvalues[] = { "krbPolicy", NULL};
     krb5_ldap_policy_params     *lpolicy=NULL;
     kdb5_dal_handle             *dal_handle=NULL;
     krb5_ldap_context           *ldap_context=NULL;
     krb5_ldap_server_handle     *ldap_server_handle=NULL;
-    
+
     /* validate the input parameters */
     if (policydn == NULL  || policy == NULL) {
        st = EINVAL;
        krb5_set_error_message(context, st, "Ticket Policy Object information missing");
-        goto cleanup;
+       goto cleanup;
     }
 
     SETUP_CONTEXT();
@@ -305,18 +305,18 @@ krb5_ldap_read_policy(context, policydn, policy, omask)
     lpolicy->policydn = strdup(policydn);
     CHECK_NULL(lpolicy->policydn);
 
-    ent=ldap_first_entry(ld, result); 
+    ent=ldap_first_entry(ld, result);
     if (ent != NULL) {
        if (krb5_ldap_get_value(ld, ent, "krbmaxticketlife", (int *) &(lpolicy->maxtktlife)) == 0)
            *omask |= LDAP_POLICY_MAXTKTLIFE;
-       
+
        if (krb5_ldap_get_value(ld, ent, "krbmaxrenewableage", (int *) &(lpolicy->maxrenewlife)) == 0)
            *omask |= LDAP_POLICY_MAXRENEWLIFE;
 
        if (krb5_ldap_get_value(ld, ent, "krbticketflags", (int *) &(lpolicy->tktflags)) == 0)
-               *omask |= LDAP_POLICY_TKTFLAGS;
+           *omask |= LDAP_POLICY_TKTFLAGS;
        if (krb5_ldap_get_value(ld, ent, "krbPolicyRefCount", (int *) &(lpolicy->polrefcount)) == 0)
-               *omask |= LDAP_POLICY_COUNT;
+           *omask |= LDAP_POLICY_COUNT;
 
     }
     ldap_msgfree(result);
@@ -325,26 +325,29 @@ krb5_ldap_read_policy(context, policydn, policy, omask)
     store_tl_data(lpolicy->tl_data, KDB_TL_MASK, omask);
     *policy = lpolicy;
 
- cleanup:
+cleanup:
     if (st != 0) {
        krb5_ldap_free_policy(context, lpolicy);
        *policy = NULL;
-    } 
+    }
     krb5_ldap_put_handle_to_pool(ldap_context, ldap_server_handle);
     return st;
 }
 
 
-/* 
- * function to delete ticket policy object from the directory. Before calling this function krb5_ldap_read_policy
- * should be called to check the existence of the object. This serves one major purpose, i.e. if the object to be 
- * is anything other than the ticket policy object then the krb5_ldap_read_policy returns an error and thus is not
- * accidently deleted in this function.
+/*
+ * Function to delete ticket policy object from the directory.  Before
+ * calling this function krb5_ldap_read_policy should be called to
+ * check the existence of the object.  This serves one major purpose,
+ * i.e., if the object to be is anything other than the ticket policy
+ * object then the krb5_ldap_read_policy returns an error and thus is
+ * not accidently deleted in this function.
  *
- * NOTE: Other kerberos objects (user/realm object) might be having references to the 
- * policy object to be deleted. This situation is not handled here, instead is taken care 
- * of at all the places where the deleted policy object is read, to ignore a return status 
- * of LDAP_NO_SUCH_OBJECT and continue. 
+ * NOTE: Other kerberos objects (user/realm object) might be having
+ * references to the policy object to be deleted. This situation is
+ * not handled here, instead is taken care of at all the places where
+ * the deleted policy object is read, to ignore a return status of
+ * LDAP_NO_SUCH_OBJECT and continue.
  */
 
 krb5_error_code
@@ -354,43 +357,42 @@ krb5_ldap_delete_policy(context, policydn, policy, mask)
     krb5_ldap_policy_params                    *policy;
     int                        mask;
 {
-       krb5_error_code             st = 0;
-       LDAP                        *ld = NULL;
-       kdb5_dal_handle             *dal_handle=NULL;
-       krb5_ldap_context           *ldap_context=NULL;
-       krb5_ldap_server_handle     *ldap_server_handle=NULL;
-
-       if (policy == NULL || policydn==NULL) {
-               st = EINVAL;
-               prepend_err_str (context,"Ticket Policy Object DN missing",st,st);
-               goto cleanup;
-       }
+    krb5_error_code             st = 0;
+    LDAP                        *ld = NULL;
+    kdb5_dal_handle             *dal_handle=NULL;
+    krb5_ldap_context           *ldap_context=NULL;
+    krb5_ldap_server_handle     *ldap_server_handle=NULL;
 
+    if (policy == NULL || policydn==NULL) {
+       st = EINVAL;
+       prepend_err_str (context,"Ticket Policy Object DN missing",st,st);
+       goto cleanup;
+    }
 
-       SETUP_CONTEXT();
-       GET_HANDLE();
-       
 
-       /*checking for policy count for 0 and will not permit delete if it is greater than 0*/
+    SETUP_CONTEXT();
+    GET_HANDLE();
 
-       if(policy->polrefcount == 0){
 
-               if ((st=ldap_delete_s(ld, policydn)) != 0)
-               {
-                       prepend_err_str (context,ldap_err2string(st),st,st);
-                       
-                       goto cleanup;
-               }
-       }
-       else {
-               st = EINVAL;
-               prepend_err_str (context,"Delete Failed: One or more Principals associated with the Ticket Policy",st,st);
-               goto cleanup;
+    /* Checking for policy count for 0 and will not permit delete if
+     * it is greater than 0.  */
+
+    if (policy->polrefcount == 0) {
+
+       if ((st=ldap_delete_s(ld, policydn)) != 0) {
+           prepend_err_str (context,ldap_err2string(st),st,st);
+
+           goto cleanup;
        }
+    } else {
+       st = EINVAL;
+       prepend_err_str (context,"Delete Failed: One or more Principals associated with the Ticket Policy",st,st);
+       goto cleanup;
+    }
 
 cleanup:
-       krb5_ldap_put_handle_to_pool(ldap_context, ldap_server_handle);
-       return st;
+    krb5_ldap_put_handle_to_pool(ldap_context, ldap_server_handle);
+    return st;
 }
 
 
@@ -407,15 +409,15 @@ krb5_ldap_list_policy(context, containerdn, policy)
     krb5_error_code             st=0;
 
     st = krb5_ldap_list(context, policy, "krbPolicy", containerdn);
-  
+
     return st;
 }
 
 /*
  * Function to free the ticket policy object structure.
- * Note: this function assumes that memory of the policy structure is dynamically allocated and hence the whole 
+ * Note: this function assumes that memory of the policy structure is dynamically allocated and hence the whole
  * structure is freed up. Care should be taken not to call this function on a static structure
- */ 
+ */
 
 krb5_error_code
 krb5_ldap_free_policy(context, policy)
@@ -424,10 +426,10 @@ krb5_ldap_free_policy(context, policy)
 {
 
     krb5_error_code st=0;
-  
+
     if (policy == NULL)
        return st;
-  
+
     if (policy->policydn)
        free (policy->policydn);
 
@@ -442,8 +444,8 @@ krb5_ldap_free_policy(context, policy)
 }
 
 /*
- * This function is general object listing routine. It is currently used for ticket policy 
- * object listing.
+ * This function is general object listing routine.  It is currently
+ * used for ticket policy object listing.
  */
 
 krb5_error_code
@@ -457,7 +459,7 @@ krb5_ldap_list(context, list, objectclass, containerdn)
     krb5_error_code             st=0, tempst=0;
     int                         i=0, count=0, filterlen=0;
     LDAP                        *ld=NULL;
-    LDAPMessage                 *result=NULL,*ent=NULL;  
+    LDAPMessage                 *result=NULL,*ent=NULL;
     kdb5_dal_handle             *dal_handle=NULL;
     krb5_ldap_context           *ldap_context=NULL;
     krb5_ldap_server_handle     *ldap_server_handle=NULL;
@@ -472,7 +474,7 @@ krb5_ldap_list(context, list, objectclass, containerdn)
            goto cleanup;
        }
     }
-    
+
     /* set the filter for the search operation */
     filterlen = strlen("(objectclass=") + strlen(objectclass) + 1 + 1;
     filter = malloc ((unsigned) filterlen);
@@ -496,7 +498,7 @@ krb5_ldap_list(context, list, objectclass, containerdn)
        goto cleanup;
     }
 
-    for(ent=ldap_first_entry(ld, result), count=0; ent != NULL; ent=ldap_next_entry(ld, ent), ++count) {
+    for (ent=ldap_first_entry(ld, result), count=0; ent != NULL; ent=ldap_next_entry(ld, ent), ++count) {
        if ((dn=ldap_get_dn(ld, ent)) == NULL)
            continue;
        if (((*list)[count] = strdup(dn)) == NULL) {
@@ -507,11 +509,11 @@ krb5_ldap_list(context, list, objectclass, containerdn)
        ldap_memfree(dn);
     }
     ldap_msgfree(result);
-  
- cleanup:
+
+cleanup:
     if (filter)
        free (filter);
-    
+
     /* some error, free up all the memory */
     if (st != 0) {
        if (*list) {
@@ -520,7 +522,7 @@ krb5_ldap_list(context, list, objectclass, containerdn)
            free (*list);
            *list = NULL;
        }
-    } 
+    }
     krb5_ldap_put_handle_to_pool(ldap_context, ldap_server_handle);
     return st;
 }
index e089c8f7dfed4bdcf850ddfed57273bd52ac522f..3aa520aa2b3770c31bd4706dacca544d16c30d78 100644 (file)
@@ -30,7 +30,7 @@ ldap_xdr_krb5_int16(XDR *xdrs, krb5_int16 *objp)
     return(TRUE);
 }
 
-bool_t 
+bool_t
 ldap_xdr_nullstring(XDR *xdrs, char **objp)
 {
     u_int size;
@@ -206,7 +206,7 @@ krb5_update_tl_kadm_data(policy_dn, new_tl_data)
     XDR xdrs;
     osa_princ_ent_t princ_entry;
 
-    if((princ_entry = (osa_princ_ent_t) malloc(sizeof(osa_princ_ent_rec))) == NULL)
+    if ((princ_entry = (osa_princ_ent_t) malloc(sizeof(osa_princ_ent_rec))) == NULL)
        return ENOMEM;
 
     memset(princ_entry, 0, sizeof(osa_princ_ent_rec));
@@ -215,14 +215,14 @@ krb5_update_tl_kadm_data(policy_dn, new_tl_data)
     princ_entry->policy = policy_dn;
 
     xdralloc_create(&xdrs, XDR_ENCODE);
-    if(! ldap_xdr_osa_princ_ent_rec(&xdrs, princ_entry)) {
+    if (! ldap_xdr_osa_princ_ent_rec(&xdrs, princ_entry)) {
        xdr_destroy(&xdrs);
        return(KADM5_XDR_FAILURE);
     }
     new_tl_data->tl_data_type = KRB5_TL_KADM_DATA;
     new_tl_data->tl_data_length = xdr_getpos(&xdrs);
     new_tl_data->tl_data_contents = (krb5_octet *)xdralloc_getdata(&xdrs);
-    
+
     /*
       xdr_destroy(&xdrs);
       ldap_osa_free_princ_ent(princ_entry);