From: Ken Raeburn Date: Mon, 18 Sep 2006 23:51:50 +0000 (+0000) Subject: Savitha's patches for: X-Git-Tag: krb5-1.6-alpha1~136 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=6aeb027d3dc6fa54ee83c856e2ab004abb9c5e28;p=krb5.git Savitha's patches for: - LDAP URI support for specifying server and port - support for ldapi interface - updated to newer LDAP APIs - updated documentation git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18592 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/src/config-files/krb5.conf.M b/src/config-files/krb5.conf.M index 8f3ec39b4..0791c5fa8 100644 --- a/src/config-files/krb5.conf.M +++ b/src/config-files/krb5.conf.M @@ -594,14 +594,10 @@ This LDAP specific tag indicates the file containing the stashed passwords for t objects used for starting the Kerberos servers. This value is used if no service password file is mentioned in the configuration section under dbmodules. -.IP ldap_ssl_port -This LDAP specific tag indicates the value of the SSL port for the LDAP server. -This value is used if no SSL port is mentioned in the configuration section under dbmodules. - .IP ldap_server This LDAP specific tag indicates the list of LDAP servers. The list of LDAP servers -is whitespace-separated. The port value can be specified with the server separated by -a colon. This value is used if no LDAP servers are mentioned in the configuration +is whitespace-separated. The LDAP server is specified by a LDAP URI. +This value is used if no LDAP servers are mentioned in the configuration section under dbmodules. .IP ldap_conns_per_server @@ -639,12 +635,9 @@ as this object. This LDAP specific tag indicates the file containing the stashed passwords for the objects used for starting the Kerberos servers. -.IP ldap_ssl_port -This LDAP specific tag indicates the value of the SSL port for the LDAP server. - .IP ldap_server This LDAP specific tag indicates the list of LDAP servers. The list of LDAP servers -is whitespace-separated. The port value can be specified with the server separated by a colon. +is whitespace-separated. The LDAP server is specified by a LDAP URI. .IP ldap_conns_per_server This LDAP specific tag indicates the number of connections to be maintained per diff --git a/src/kadmin/server/kadmind.M b/src/kadmin/server/kadmind.M index 6e4cb5252..dbe4ee86b 100644 --- a/src/kadmin/server/kadmind.M +++ b/src/kadmin/server/kadmind.M @@ -66,12 +66,8 @@ Options supported for LDAP database are: \-x nconns= specifies the number of connections to be maintained per LDAP server. -\-x port= -specifies the secure port number where the LDAP server is listening. - -\-x host= -specifies the host on which the LDAP server is running. -The should be the same as the host name set in the LDAP server certificate. +\-x host= +specifies the LDAP server to connect to by a LDAP URI. \-x binddn= specifies the DN of the object used by the administration server to bind to the LDAP server. diff --git a/src/kdc/krb5kdc.M b/src/kdc/krb5kdc.M index 180656b42..c9ff75b91 100644 --- a/src/kdc/krb5kdc.M +++ b/src/kdc/krb5kdc.M @@ -70,12 +70,8 @@ Options supported for LDAP database are: \-x nconns= specifies the number of connections to be maintained per LDAP server. -\-x port= -specifies the secure port number where the LDAP server is listening. - -\-x host= -specifies the host on which the LDAP server is running. -The should be the same as the host name set in the LDAP server certificate. +\-x host= +specifies the LDAP server to connect to by a LDAP URI. \-x binddn= specifies the DN of the object used by the KDC server to bind to the LDAP server. diff --git a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.M b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.M index 5ff7615f1..ca08ef9fd 100644 --- a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.M +++ b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.M @@ -4,7 +4,7 @@ kdb5_ldap_util \- Kerberos Configuration Utility .SH SYNOPSIS .B kdb5_ldap_util [\fB\-D\fP\ \fIuser_dn\fP [\fB\-w\fP\ \fIpasswd\fP]] -[\fB\-h\fP\ \fIldap_server\fP] [\fB\-p\fP\ \fIldap_port\fP] +[\fB\-H\fP\ \fIldapuri\fP] .I command .I [command_options] .SH DESCRIPTION @@ -21,12 +21,8 @@ Specifies the password of .IR user_dn . This option is not recommended. .TP -\fB\-h\fP\ \fIldap_server\fP -Specifies the hostname or IP address of the server hosting the LDAP service for -a Kerberos realm. -.TP -\fB\-p\fP\ \fIldap_port\fP -Specifies the SSL port number of the LDAP server. +\fB\-H\fP\ \fIldapuri\fP +Specifies the URI of the LDAP server. .SH COMMANDS .TP \fBcreate\fP [\fB\-subtree\fP\ \fIsubtree_dn\fP] [\fB\-sscope\fP\ \fIsearch_scope\fP] [\fB\-k\fP\ \fImkeytype\fP] [\fB\-m\fP|\fB\-P\fP\ \fIpassword\fP|\fB\-sf\fP\ \fIstashfilename\fP] [\fB\-r\fP\ \fIrealm\fP] [\fB\-kdcdn\fP\ \fIkdc_service_list\fP] [\fB\-admindn\fP\ \fIadmin_service_list\fP] [\fB\-pwddn\fP\ \fIpasswd_service_list\fP] [\fB\-maxtktlife\fP\ \fImax_ticket_life\fP] [\fB\-maxrenewlife\fP\ \fImax_renewable_ticket_life\fP] [\fIticket_flags\fP] diff --git a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c index be9ae0c6f..d5e7134e4 100644 --- a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c +++ b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c @@ -107,7 +107,7 @@ krb5_boolean manual_mkey = FALSE; void usage() { fprintf(stderr, "Usage: " -"kdb5_ldap_util [-D user_dn [-w passwd]] [-h ldap_server] [-p ldap_port]\n" +"kdb5_ldap_util [-D user_dn [-w passwd]] [-H ldapuri]\n" "\tcmd [cmd_options]\n" /* Create realm */ @@ -116,7 +116,7 @@ void usage() "\t\t[-kdcdn kdc_service_list] [-admindn admin_service_list]\n" "\t\t[-pwddn passwd_service_list]\n" #endif -"\t\t[-m|-P password|-sf stashfilename] [-k mkeytype]\n" +"\t\t[-m|-P password|-sf stashfilename] [-k mkeytype] [-s]\n" "\t\t[-maxtktlife max_ticket_life] [-maxrenewlife max_renewable_ticket_life]\n" "\t\t[ticket_flags] [-r realm]\n" @@ -373,7 +373,7 @@ int main(argc, argv) goto cleanup; } ldapmask |= CMD_LDAP_W; - } else if (strcmp(*argv, "-h") == 0 && ARG_VAL) { + } else if (strcmp(*argv, "-H") == 0 && ARG_VAL) { ldap_server = koptarg; if (ldap_server == NULL) { com_err(progname, ENOMEM, "while reading ldap parameters"); @@ -381,14 +381,6 @@ int main(argc, argv) goto cleanup; } ldapmask |= CMD_LDAP_H; - } else if (strcmp(*argv, "-p") == 0 && ARG_VAL) { - ldap_port = koptarg; - if (ldap_port == NULL) { - com_err(progname, ENOMEM, "while reading ldap parameters"); - exit_status++; - goto cleanup; - } - ldapmask |= CMD_LDAP_P; } else if (cmd_lookup(*argv) != NULL) { if (cmd_argv[0] == NULL) cmd_argv[0] = *argv; @@ -562,10 +554,6 @@ int main(argc, argv) goto cleanup; } } - /* If ldapport is specified, release entry filled by configuration & use this*/ - if (ldapmask & CMD_LDAP_P) { - ldap_context->port = atoi(ldap_port); - } if (bind_dn) { ldap_context->bind_dn = strdup(bind_dn); if (ldap_context->bind_dn == NULL) { diff --git a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c index b2798b9f2..cfefa097e 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c +++ b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c @@ -136,22 +136,22 @@ has_sasl_external_mech(context, ldap_server) LDAP *ld=NULL; LDAPMessage *msg=NULL, *res=NULL; - ld = ldap_open(ldap_server, 389); /* Should the port number be configurable ? */ - if (ld == NULL) { + retval = ldap_initialize(&ld, ldap_server); + if (retval != LDAP_SUCCESS) { krb5_set_error_message(context, 2, "%s", ERR_MSG1); ret = 2; /* Don't know */ goto cleanup; } /* Anonymous bind */ - retval = ldap_simple_bind_s(ld, NULL, NULL); + retval = ldap_sasl_bind_s(ld, NULL, NULL, NULL, NULL, NULL, NULL); if (retval != LDAP_SUCCESS) { krb5_set_error_message(context, 2, "%s", ERR_MSG1); ret = 2; /* Don't know */ goto cleanup; } - retval = ldap_search_s(ld, "", LDAP_SCOPE_BASE, NULL, attrs, 0, &res); + retval = ldap_search_ext_s(ld, "", LDAP_SCOPE_BASE, NULL, attrs, 0, NULL, NULL, NULL, 0, &res); if (retval != LDAP_SUCCESS) { krb5_set_error_message(context, 2, "%s", ERR_MSG1); ret = 2; /* Don't know */ @@ -193,7 +193,7 @@ cleanup: ldap_msgfree(res); if (ld != NULL) - ldap_unbind_s(ld); + ldap_unbind_ext_s(ld, NULL, NULL); return ret; } @@ -295,8 +295,6 @@ krb5_error_code krb5_ldap_open(krb5_context context, goto clean_n_exit; } } else if (opt && !strcmp(opt, "host")) { - char *port = NULL; - if (val == NULL) { status = EINVAL; krb5_set_error_message (context, status, "'host' value missing"); @@ -323,7 +321,6 @@ krb5_error_code krb5_ldap_open(krb5_context context, ldap_context->server_info_list[srv_cnt]->server_status = NOTSET; - val = strtok_r(val, ":", &port); ldap_context->server_info_list[srv_cnt]->server_name = strdup(val); if (ldap_context->server_info_list[srv_cnt]->server_name == NULL) { free (opt); @@ -332,25 +329,7 @@ krb5_error_code krb5_ldap_open(krb5_context context, goto clean_n_exit; } - if (port) { - ldap_context->server_info_list[srv_cnt]->port = atoi(port); - } srv_cnt++; - } else if (opt && !strcmp(opt, "port")) { - if (ldap_context->port) { - free (opt); - free (val); - status = EINVAL; - krb5_set_error_message (context, status, "'port' missing"); - goto clean_n_exit; - } - if (val == NULL) { - status = EINVAL; - krb5_set_error_message (context, status, "'port' value missing"); - free(opt); - goto clean_n_exit; - } - ldap_context->port = atoi(val); } else if (opt && !strcmp(opt, "cert")) { if (val == NULL) { status = EINVAL; diff --git a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c index fe9e6a027..b5d11761f 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c +++ b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c @@ -127,9 +127,12 @@ krb5_ldap_bind(ldap_context, ldap_server_handle) } } else { /* password based simple bind */ - st = ldap_simple_bind_s(ldap_server_handle->ldap_handle, - ldap_context->bind_dn, - ldap_context->bind_pwd); + bv.bv_val = ldap_context->bind_pwd; + bv.bv_len = strlen(ldap_context->bind_pwd); + st = ldap_sasl_bind_s(ldap_server_handle->ldap_handle, + ldap_context->bind_dn, + NULL, &bv, NULL, + NULL, NULL); } return st; } @@ -139,17 +142,9 @@ krb5_ldap_initialize(ldap_context, server_info) krb5_ldap_context *ldap_context; krb5_ldap_server_info *server_info; { - int port=0; krb5_error_code st=0; krb5_ldap_server_handle *ldap_server_handle=NULL; - if (server_info->port) - port = server_info->port; - else if (ldap_context->port) - port = ldap_context->port; - else - port = LDAPS_PORT; - ldap_server_handle = calloc(1, sizeof(krb5_ldap_server_handle)); if (ldap_server_handle == NULL) { @@ -158,12 +153,11 @@ krb5_ldap_initialize(ldap_context, server_info) } /* ldap init */ - if ((ldap_server_handle->ldap_handle=ldap_init(server_info->server_name, - port)) == NULL) { - st = KRB5_KDB_ACCESS_ERROR; + if ((st = ldap_initialize(&ldap_server_handle->ldap_handle, server_info->server_name)) != 0) { if (ldap_context->kcontext) - krb5_set_error_message (ldap_context->kcontext, st, "%s", - strerror(errno)); + krb5_set_error_message (ldap_context->kcontext, KRB5_KDB_ACCESS_ERROR, "%s", + ldap_err2string(st)); + st = KRB5_KDB_ACCESS_ERROR; goto err_out; } @@ -198,9 +192,6 @@ krb5_ldap_db_init(krb5_context context, krb5_ldap_context *ldap_context) krb5_boolean sasl_mech_supported=TRUE; int cnt=0, version=LDAP_VERSION3; struct timeval local_timelimit = {10,0}; -#ifdef LDAP_OPT_X_TLS_HARD - int tlsoption=LDAP_OPT_X_TLS_HARD; -#endif if ((st=krb5_validate_ldap_context(context, ldap_context)) != 0) goto err_out; @@ -211,9 +202,6 @@ krb5_ldap_db_init(krb5_context context, krb5_ldap_context *ldap_context) #elif defined LDAP_X_OPT_CONNECT_TIMEOUT ldap_set_option(NULL, LDAP_X_OPT_CONNECT_TIMEOUT, &local_timelimit); #endif -#ifdef LDAP_OPT_X_TLS_HARD - ldap_set_option(NULL, LDAP_OPT_X_TLS, &tlsoption); -#endif HNDL_LOCK(ldap_context); while (ldap_context->server_info_list[cnt] != NULL) { @@ -305,17 +293,9 @@ krb5_ldap_rebind(ldap_context, ldap_server_handle) krb5_ldap_server_handle **ldap_server_handle; { krb5_ldap_server_handle *handle = *ldap_server_handle; - int port=0; - - if (handle->server_info->port) - port = handle->server_info->port; - else if (ldap_context->port) - port = ldap_context->port; - else - port = LDAPS_PORT; - if ((handle->ldap_handle=ldap_init(handle->server_info->server_name, port)) == NULL - || krb5_ldap_bind(ldap_context, handle) != LDAP_SUCCESS) + if ((ldap_initialize(&handle->ldap_handle, handle->server_info->server_name) != LDAP_SUCCESS) + || (krb5_ldap_bind(ldap_context, handle) != LDAP_SUCCESS)) return krb5_ldap_request_next_handle_from_pool(ldap_context, ldap_server_handle); return LDAP_SUCCESS; } diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c index 76b53820f..d69785304 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c +++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c @@ -104,7 +104,7 @@ prof_get_string_def(krb5_context ctx, const char *conf_section, /* * This function reads the parameters from the krb5.conf file. The * parameters read here are DAL-LDAP specific attributes. Some of - * these are ldap_port, ldap_server .... + * these are ldap_server .... */ krb5_error_code krb5_ldap_read_server_params(context, conf_section, srv_type) @@ -166,16 +166,6 @@ krb5_ldap_read_server_params(context, conf_section, srv_type) goto cleanup; } - /* If ldap port is not set read it from database module section of - conf file. */ - if (ldap_context->port == 0) { - st = prof_get_integer_def (context, conf_section, - "ldap_ssl_port", - LDAPS_PORT, &ldap_context->port); - if (st) - goto cleanup; - } - /* * If the bind dn is not set read it from the database module * section of conf file this paramter is populated by one of the @@ -227,7 +217,7 @@ krb5_ldap_read_server_params(context, conf_section, srv_type) /* * If the ldap server parameter is not set read the list of ldap - * servers:port from the database module section of the conf file. + * servers from the database module section of the conf file. */ if (ldap_context->server_info_list == NULL) { @@ -260,7 +250,7 @@ krb5_ldap_read_server_params(context, conf_section, srv_type) } (*server_info)[ele]->server_status = NOTSET; } else { - char *port=NULL, *server=NULL, *item=NULL; + char *server=NULL, *item=NULL; item = strtok_r(tempval,delims,&save_ptr); while (item != NULL && eleserver_name = strdup(server); + (*server_info)[ele]->server_name = strdup(item); if ((*server_info)[ele]->server_name == NULL) { st = ENOMEM; goto cleanup; } - if (port) { - (*server_info)[ele]->port = atoi(port); - } (*server_info)[ele]->server_status = NOTSET; item = strtok_r(NULL,delims,&save_ptr); ++ele; @@ -320,7 +305,7 @@ krb5_ldap_free_server_params(ldap_context) if (ldap_context->server_info_list[i]->ldap_server_handles) { ldap_server_handle = ldap_context->server_info_list[i]->ldap_server_handles; while (ldap_server_handle) { - ldap_unbind_s(ldap_server_handle->ldap_handle); + ldap_unbind_ext_s(ldap_server_handle->ldap_handle, NULL, NULL); ldap_server_handle->ldap_handle = NULL; next_ldap_server_handle = ldap_server_handle->next; krb5_xfree(ldap_server_handle); @@ -1026,7 +1011,7 @@ updateAttribute (ld, dn, attribute, value) mods[0] = &modAttr; /* ldap modify operation */ - st = ldap_modify_s(ld, dn, mods); + st = ldap_modify_ext_s(ld, dn, mods, NULL, NULL); /* if the {attr,attrval} combination is already present return a success * LDAP_ALREADY_EXISTS is for single-valued attribute @@ -1071,7 +1056,7 @@ deleteAttribute (ld, dn, attribute, value) mods[0] = &modAttr; /* ldap modify operation */ - st = ldap_modify_s(ld, dn, mods); + st = ldap_modify_ext_s(ld, dn, mods, NULL, NULL); /* if either the attribute or the attribute value is missing return a success */ if (st == LDAP_NO_SUCH_ATTRIBUTE || st == LDAP_UNDEFINED_TYPE) diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c index b646fe8e1..b0488eb52 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c +++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c @@ -315,13 +315,13 @@ krb5_ldap_delete_principal(context, searchfor, nentries) } } } - st=ldap_modify_s(ld, DN, mods); + st=ldap_modify_ext_s(ld, DN, mods, NULL, NULL); if (st != LDAP_SUCCESS) { st = set_ldap_error(context, st, OP_MOD); goto cleanup; } } else if (ptype == KDB_SERVICE_PRINCIPAL) { - st = ldap_delete_s(ld, DN); + st = ldap_delete_ext_s(ld, DN, NULL, NULL); if (st != LDAP_SUCCESS) { st = set_ldap_error (context, st, OP_DEL); goto cleanup; diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c index d54453cc1..ff97b4095 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c +++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c @@ -992,7 +992,7 @@ krb5_ldap_put_principal(context, entries, nentries, db_args) if (mods == NULL) { goto cleanup; } - st=ldap_modify_s(ld, xargs.dn, mods); + st=ldap_modify_ext_s(ld, xargs.dn, mods, NULL, NULL); if (st != LDAP_SUCCESS) { sprintf(errbuf, "User modification failed: %s", ldap_err2string(st)); st = translate_ldap_error (st, OP_MOD); @@ -1000,7 +1000,7 @@ krb5_ldap_put_principal(context, entries, nentries, db_args) goto cleanup; } } else { - st=ldap_add_s(ld, xargs.dn, mods); + st=ldap_add_ext_s(ld, xargs.dn, mods, NULL, NULL); if (st != LDAP_SUCCESS) { sprintf(errbuf, "Principal add failed: %s", ldap_err2string(st)); st = translate_ldap_error (st, OP_ADD); diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c index 074f24752..7aa78010e 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c +++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c @@ -95,7 +95,7 @@ krb5_ldap_create_password_policy (context, policy) goto cleanup; /* password policy object creation */ - if ((st=ldap_add_s(ld, policy->name, mods)) != LDAP_SUCCESS) { + if ((st=ldap_add_ext_s(ld, policy->name, mods, NULL, NULL)) != LDAP_SUCCESS) { st = set_ldap_error (context, st, OP_ADD); goto cleanup; } @@ -150,7 +150,7 @@ krb5_ldap_put_password_policy (context, policy) goto cleanup; /* modify the password policy object. */ - if ((st=ldap_modify_s(ld, policy->name, mods)) != LDAP_SUCCESS) { + if ((st=ldap_modify_ext_s(ld, policy->name, mods, NULL, NULL)) != LDAP_SUCCESS) { st = set_ldap_error (context, st, OP_MOD); goto cleanup; } @@ -241,7 +241,7 @@ krb5_ldap_delete_password_policy (context, policy) SETUP_CONTEXT(); GET_HANDLE(); - if ((st=ldap_delete_s(ld, policy)) != LDAP_SUCCESS) { + if ((st=ldap_delete_ext_s(ld, policy, NULL, NULL)) != LDAP_SUCCESS) { st = set_ldap_error (context, st, OP_DEL); goto cleanup; } diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c index 438df718f..809311777 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c +++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c @@ -349,7 +349,7 @@ krb5_ldap_delete_realm (context, lrealm) } /* Delete the realm object */ - if ((st=ldap_delete_s(ld, ldap_context->lrparams->realmdn)) != LDAP_SUCCESS) { + if ((st=ldap_delete_ext_s(ld, ldap_context->lrparams->realmdn, NULL, NULL)) != LDAP_SUCCESS) { int ost = st; st = translate_ldap_error (st, OP_DEL); krb5_set_error_message (context, st, "Realm Delete FAILED: %s", @@ -685,12 +685,16 @@ krb5_ldap_modify_realm(context, rparams, mask) mask & LDAP_REALM_PASSWDSERVERS) { char *servers[] = {"krbKdcServers", "krbAdmServers", "krbPwdServers", NULL}; - if ((st= ldap_search_s(ld, + if ((st= ldap_search_ext_s(ld, rparams->realmdn, LDAP_SCOPE_BASE, 0, servers, 0, + NULL, + NULL, + NULL, + 0, &result)) != LDAP_SUCCESS) { st = set_ldap_error (context, st, OP_SEARCH); goto cleanup; @@ -724,7 +728,7 @@ krb5_ldap_modify_realm(context, rparams, mask) #endif /* Realm modify opearation */ - if ((st=ldap_modify_s(ld, rparams->realmdn, mods)) != LDAP_SUCCESS) { + if ((st=ldap_modify_ext_s(ld, rparams->realmdn, mods, NULL, NULL)) != LDAP_SUCCESS) { st = set_ldap_error (context, st, OP_MOD); goto cleanup; } @@ -942,7 +946,7 @@ krb5_ldap_create_krbcontainer(context, krbcontparams) } /* create the kerberos container */ - if ((st = ldap_add_s(ld, kerberoscontdn, mods)) != LDAP_SUCCESS) { + if ((st = ldap_add_ext_s(ld, kerberoscontdn, mods, NULL, NULL)) != LDAP_SUCCESS) { int ost = st; st = translate_ldap_error (st, OP_ADD); krb5_set_error_message (context, st, "Kerberos Container create FAILED: %s", ldap_err2string(ost)); @@ -960,7 +964,7 @@ krb5_ldap_create_krbcontainer(context, krbcontparams) krbContainerRefclass, &crmask)) != 0) { prepend_err_str (context, "Security Container read FAILED: ", st, st); /* delete Kerberos Container, status ignored intentionally */ - ldap_delete_s(ld, kerberoscontdn); + ldap_delete_ext_s(ld, kerberoscontdn, NULL, NULL); goto cleanup; } @@ -977,12 +981,12 @@ krb5_ldap_create_krbcontainer(context, krbcontparams) goto cleanup; /* update the security container with krbContainerReference attribute */ - if ((st=ldap_modify_s(ld, SECURITY_CONTAINER, mods)) != LDAP_SUCCESS) { + if ((st=ldap_modify_ext_s(ld, SECURITY_CONTAINER, mods, NULL, NULL)) != LDAP_SUCCESS) { int ost = st; st = translate_ldap_error (st, OP_MOD); krb5_set_error_message (context, st, "Security Container update FAILED: %s", ldap_err2string(ost)); /* delete Kerberos Container, status ignored intentionally */ - ldap_delete_s(ld, kerberoscontdn); + ldap_delete_ext_s(ld, kerberoscontdn, NULL, NULL); goto cleanup; } #endif @@ -1273,7 +1277,7 @@ krb5_ldap_create_realm(context, rparams, mask) #endif /* realm creation operation */ - if ((st=ldap_add_s(ld, dn, mods)) != LDAP_SUCCESS) { + if ((st=ldap_add_ext_s(ld, dn, mods, NULL, NULL)) != LDAP_SUCCESS) { st = set_ldap_error (context, st, OP_ADD); goto cleanup; } @@ -1286,7 +1290,7 @@ krb5_ldap_create_realm(context, rparams, mask) rparams->kdcservers[i]); prepend_err_str (context, errbuf, st, st); /* delete Realm, status ignored intentionally */ - ldap_delete_s(ld, dn); + ldap_delete_ext_s(ld, dn, NULL, NULL); goto cleanup; } @@ -1297,7 +1301,7 @@ krb5_ldap_create_realm(context, rparams, mask) rparams->adminservers[i]); prepend_err_str (context, errbuf, st, st); /* delete Realm, status ignored intentionally */ - ldap_delete_s(ld, dn); + ldap_delete_ext_s(ld, dn, NULL, NULL); goto cleanup; } @@ -1308,7 +1312,7 @@ krb5_ldap_create_realm(context, rparams, mask) rparams->passwdservers[i]); prepend_err_str (context, errbuf, st, st); /* delete Realm, status ignored intentionally */ - ldap_delete_s(ld, dn); + ldap_delete_ext_s(ld, dn, NULL, NULL); goto cleanup; } #endif diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_services.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_services.c index 4fde33037..11f6d1e38 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_services.c +++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_services.c @@ -135,7 +135,7 @@ krb5_ldap_create_service(context, service, mask) } /* ldap add operation */ - if ((st=ldap_add_s(ld, service->servicedn, mods)) != LDAP_SUCCESS) { + if ((st=ldap_add_ext_s(ld, service->servicedn, mods, NULL, NULL)) != LDAP_SUCCESS) { st = set_ldap_error (context, st, OP_ADD); goto cleanup; } @@ -152,7 +152,7 @@ krb5_ldap_create_service(context, service, mask) service->krbrealmreferences[i]); prepend_err_str (context, errbuf, st, st); /* delete service object, status ignored intentionally */ - ldap_delete_s(ld, service->servicedn); + ldap_delete_ext_s(ld, service->servicedn, NULL, NULL); goto cleanup; } } @@ -245,12 +245,16 @@ krb5_ldap_modify_service(context, service, mask) realmattr = "krbKdcServers"; /* read the existing list of krbRealmreferences. this will needed */ - if ((st = ldap_search_s (ld, + if ((st = ldap_search_ext_s (ld, service->servicedn, LDAP_SCOPE_BASE, 0, attr, 0, + NULL, + NULL, + NULL, + 0, &result)) != LDAP_SUCCESS) { st = set_ldap_error (context, st, OP_SEARCH); goto cleanup; @@ -274,7 +278,7 @@ krb5_ldap_modify_service(context, service, mask) } /* ldap modify operation */ - if ((st=ldap_modify_s(ld, service->servicedn, mods)) != LDAP_SUCCESS) { + if ((st=ldap_modify_ext_s(ld, service->servicedn, mods, NULL, NULL)) != LDAP_SUCCESS) { st = set_ldap_error (context, st, OP_MOD); goto cleanup; } @@ -351,7 +355,7 @@ krb5_ldap_delete_service(context, service, servicedn) SETUP_CONTEXT(); GET_HANDLE(); - st = ldap_delete_s(ld, servicedn); + st = ldap_delete_ext_s(ld, servicedn, NULL, NULL); if (st != 0) { st = set_ldap_error (context, st, OP_DEL); } @@ -580,7 +584,7 @@ krb5_ldap_set_service_passwd(context, service, passwd) if ((st=krb5_add_str_mem_ldap_mod(&mods, "userPassword", LDAP_MOD_REPLACE, password)) != 0) goto cleanup; - st = ldap_modify_s(ld, service, mods); + st = ldap_modify_ext_s(ld, service, mods, NULL, NULL); if (st) { st = set_ldap_error (context, st, OP_MOD); } diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c index 78601e5b9..292cf7ae6 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c +++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c @@ -163,7 +163,7 @@ krb5_ldap_create_policy(context, policy, mask) goto cleanup; /* ldap add operation */ - if ((st=ldap_add_s(ld, policy->policydn, mods)) != LDAP_SUCCESS) { + if ((st=ldap_add_ext_s(ld, policy->policydn, mods, NULL, NULL)) != LDAP_SUCCESS) { st = set_ldap_error (context, st, OP_ADD); goto cleanup; } @@ -241,7 +241,7 @@ krb5_ldap_modify_policy(context, policy, mask) policy->polrefcount)) != 0) goto cleanup; } - if ((st=ldap_modify_s(ld, policy->policydn, mods)) != LDAP_SUCCESS) { + if ((st=ldap_modify_ext_s(ld, policy->policydn, mods, NULL, NULL)) != LDAP_SUCCESS) { st = set_ldap_error (context, st, OP_MOD); goto cleanup; } @@ -379,7 +379,7 @@ krb5_ldap_delete_policy(context, policydn, policy, mask) if (policy->polrefcount == 0) { - if ((st=ldap_delete_s(ld, policydn)) != 0) { + if ((st=ldap_delete_ext_s(ld, policydn, NULL, NULL)) != 0) { prepend_err_str (context,ldap_err2string(st),st,st); goto cleanup;