From 7dc12e82f745dadc00ef0215abf929eed9b6557f Mon Sep 17 00:00:00 2001 From: Ken Raeburn Date: Mon, 25 Sep 2006 21:17:42 +0000 Subject: [PATCH] Patch from Will Fiveash for "kdb5_util create" support in LDAP, modified to drop separate port-number spec so it'll build with current sources. Not tested because of a bug in the recent Novell patch. :-( git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18616 dc483132-0cff-0310-8789-dd5450dbe970 --- src/kadmin/dbutil/kdb5_create.c | 4 + src/kadmin/dbutil/kdb5_util.c | 6 +- src/plugins/kdb/ldap/ldap_exp.c | 2 +- .../kdb/ldap/ldap_util/kdb5_ldap_realm.c | 1 + .../kdb/ldap/ldap_util/kdb5_ldap_realm.h | 2 - src/plugins/kdb/ldap/libkdb_ldap/Makefile.in | 2 + src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c | 4 +- src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h | 8 +- .../kdb/ldap/libkdb_ldap/kdb_ldap_conn.c | 26 +- .../kdb/ldap/libkdb_ldap/ldap_create.c | 381 ++++++++++++++++++ .../kdb/ldap/libkdb_ldap/ldap_krbcontainer.h | 2 + src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c | 10 + src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.h | 3 + src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c | 14 +- src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.h | 3 - .../kdb/ldap/libkdb_ldap/libkdb_ldap.exports | 1 - 16 files changed, 437 insertions(+), 32 deletions(-) create mode 100644 src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c diff --git a/src/kadmin/dbutil/kdb5_create.c b/src/kadmin/dbutil/kdb5_create.c index 46bccce43..da192256e 100644 --- a/src/kadmin/dbutil/kdb5_create.c +++ b/src/kadmin/dbutil/kdb5_create.c @@ -425,6 +425,10 @@ add_principal(context, princ, op, pblock) break; } + entry.mask = (KADM5_KEY_DATA | KADM5_PRINCIPAL | KADM5_ATTRIBUTES | + KADM5_MAX_LIFE | KADM5_MAX_RLIFE | KADM5_TL_DATA | + KADM5_PRINC_EXPIRE_TIME); + retval = krb5_db_put_principal(context, &entry, &nentries); error_out:; diff --git a/src/kadmin/dbutil/kdb5_util.c b/src/kadmin/dbutil/kdb5_util.c index 00c87a225..e60e9929c 100644 --- a/src/kadmin/dbutil/kdb5_util.c +++ b/src/kadmin/dbutil/kdb5_util.c @@ -229,11 +229,9 @@ int main(argc, argv) } } else if (strcmp(*argv, "-x") == 0 && ARG_VAL) { - db5util_db_args_size++; if (!add_db_arg(koptarg)) { - fprintf(stderr,"%s: Cannot initialize. Not enough memory\n", - argv[0]); - exit(1); + com_err(progname, ENOMEM, "while parsing command arguments\n"); + exit(1); } } else if (strcmp(*argv, "-r") == 0 && ARG_VAL) { diff --git a/src/plugins/kdb/ldap/ldap_exp.c b/src/plugins/kdb/ldap/ldap_exp.c index d0eec64d8..eaeef2a8c 100644 --- a/src/plugins/kdb/ldap/ldap_exp.c +++ b/src/plugins/kdb/ldap/ldap_exp.c @@ -52,7 +52,7 @@ kdb_vftabl kdb_function_table = { /* fini_library */ krb5_ldap_lib_cleanup, /* init_module */ krb5_ldap_open, /* fini_module */ krb5_ldap_close, - /* db_create */ krb5_ldap_create_realm_1, + /* db_create */ krb5_ldap_create, /* db_destroy */ krb5_ldap_delete_realm_1, /* db_get_age */ krb5_ldap_db_get_age, /* db_set_option */ krb5_ldap_set_option, diff --git a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c index ea98647da..1f658b423 100644 --- a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c +++ b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c @@ -87,6 +87,7 @@ #include "kdb5_ldap_util.h" #include "kdb5_ldap_list.h" #include +#include extern time_t get_date(char *); /* kadmin/cli/getdate.o */ char *yes = "yes\n"; /* \n to compare against result of fgets */ diff --git a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.h b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.h index 59b684beb..9a2972a5a 100644 --- a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.h +++ b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.h @@ -29,8 +29,6 @@ * POSSIBILITY OF SUCH DAMAGE. */ -#define MAX_KRB_CONTAINER_LEN 256 - #define BUFF_LEN 64 /* Max len of enctype string */ #define MAX_PRINC_SIZE 256 diff --git a/src/plugins/kdb/ldap/libkdb_ldap/Makefile.in b/src/plugins/kdb/ldap/libkdb_ldap/Makefile.in index b7d0175a5..ca5b7851f 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/Makefile.in +++ b/src/plugins/kdb/ldap/libkdb_ldap/Makefile.in @@ -38,6 +38,7 @@ SHLIB_RDIRS=$(KRB5_LIBDIR) SRCS= $(srcdir)/kdb_ldap.c \ $(srcdir)/kdb_ldap_conn.c \ $(srcdir)/ldap_realm.c \ + $(srcdir)/ldap_create.c \ $(srcdir)/ldap_krbcontainer.c \ $(srcdir)/ldap_principal.c \ $(srcdir)/ldap_principal2.c \ @@ -58,6 +59,7 @@ STOBJLISTS=OBJS.ST STLIBOBJS= kdb_ldap.o \ kdb_ldap_conn.o \ ldap_realm.o \ + ldap_create.o \ ldap_krbcontainer.o \ ldap_principal.o \ ldap_principal2.o \ diff --git a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c index cfefa097e..cd4c1f070 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c +++ b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c @@ -38,7 +38,7 @@ #include "ldap_misc.h" #include -static krb5_error_code +krb5_error_code krb5_ldap_get_db_opt(char *input, char **opt, char **val) { char *pos = strchr(input, '='); @@ -394,6 +394,8 @@ krb5_error_code krb5_ldap_open(krb5_context context, dal_handle->db_context = ldap_context; status = krb5_ldap_read_server_params(context, conf_section, mode & 0x0300); if (status) { + if (ldap_context) + krb5_ldap_free_ldap_context(ldap_context); ldap_context = NULL; dal_handle->db_context = NULL; prepend_err_str (context, "Error reading LDAP server params: ", status, status); diff --git a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h index 37e0fa776..f9f965c46 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h +++ b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h @@ -255,13 +255,15 @@ krb5_ldap_alloc( krb5_context kcontext, void *ptr, size_t size ); void krb5_ldap_free( krb5_context kcontext, void *ptr ); - krb5_error_code krb5_ldap_get_mkey(krb5_context, krb5_keyblock **); krb5_error_code krb5_ldap_set_mkey(krb5_context, char *, krb5_keyblock *); +krb5_error_code +krb5_ldap_create(krb5_context , char *, char **); + krb5_error_code krb5_ldap_open( krb5_context , char *, char **db_args, @@ -269,6 +271,9 @@ krb5_ldap_open( krb5_context , char *, krb5_error_code krb5_ldap_close( krb5_context ); +krb5_error_code +krb5_ldap_free_ldap_context(krb5_ldap_context *); + krb5_error_code krb5_ldap_read_startup_information(krb5_context ); @@ -280,6 +285,7 @@ krb5_get_policydn(krb5_context, krb5_db_entry *, char **); /* DAL functions */ + krb5_error_code krb5_ldap_set_option( krb5_context, int, void * ); diff --git a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c index b5d11761f..343705efc 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c +++ b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c @@ -314,7 +314,22 @@ krb5_error_code krb5_ldap_lib_cleanup() return 0; } +krb5_error_code +krb5_ldap_free_ldap_context(krb5_ldap_context *ldap_context) +{ + if (ldap_context == NULL) + return 0; + + krb5_ldap_free_krbcontainer_params(ldap_context->krbcontainer); + ldap_context->krbcontainer = NULL; + + krb5_ldap_free_realm_params(ldap_context->lrparams); + ldap_context->lrparams = NULL; + + krb5_ldap_free_server_params(ldap_context); + return 0; +} krb5_error_code krb5_ldap_close(krb5_context context) @@ -331,16 +346,7 @@ krb5_ldap_close(krb5_context context) ldap_context = (krb5_ldap_context *) dal_handle->db_context; dal_handle->db_context = NULL; - if (ldap_context == NULL) - return 0; - - krb5_ldap_free_krbcontainer_params(ldap_context->krbcontainer); - ldap_context->krbcontainer = NULL; - - krb5_ldap_free_realm_params(ldap_context->lrparams); - ldap_context->lrparams = NULL; - - krb5_ldap_free_server_params(ldap_context); + krb5_ldap_free_ldap_context(ldap_context); return 0; } diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c new file mode 100644 index 000000000..989dea7b9 --- /dev/null +++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c @@ -0,0 +1,381 @@ +/* + * lib/kdb/kdb_ldap/ldap_create.c + * + * Copyright (c) 2004-2005, Novell, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * * Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * * The copyright holder's name is not used to endorse or promote products + * derived from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + +#include "ldap_main.h" +#include "ldap_realm.h" +#include "ldap_principal.h" +#include "ldap_krbcontainer.h" +#include "ldap_err.h" + +/* + * ****************************************************************************** + * DAL functions + * ****************************************************************************** + */ + +/* + * This function will create a krbcontainer and realm on the LDAP Server, with + * the specified attributes. + */ +krb5_error_code +krb5_ldap_create (krb5_context context, char *conf_section, char **db_args) +{ + krb5_error_code status = 0; + char **t_ptr = db_args; + krb5_ldap_realm_params *rparams = NULL; + kdb5_dal_handle *dal_handle = NULL; + krb5_ldap_context *ldap_context=NULL; + krb5_boolean realm_obj_created = FALSE; + krb5_boolean krbcontainer_obj_created = FALSE; + int srv_cnt = 0; + int mask = 0; +#ifdef HAVE_EDIRECTORY + int i = 0, rightsmask = 0; +#endif + + /* Clear the global error string */ + krb5_clear_error_message(context); + + ldap_context = malloc(sizeof(krb5_ldap_context)); + if (ldap_context == NULL) { + status = ENOMEM; + goto cleanup; + } + memset(ldap_context, 0, sizeof(*ldap_context)); + + ldap_context->kcontext = context; + + /* populate ldap_context with ldap specific options */ + while (t_ptr && *t_ptr) { + char *opt = NULL, *val = NULL; + + if ((status = krb5_ldap_get_db_opt(*t_ptr, &opt, &val)) != 0) { + goto cleanup; + } + if (opt && !strcmp(opt, "binddn")) { + if (ldap_context->bind_dn) { + free (opt); + free (val); + status = EINVAL; + krb5_set_error_message (context, status, "'binddn' missing"); + goto cleanup; + } + if (val == NULL) { + status = EINVAL; + krb5_set_error_message (context, status, "'binddn' value missing"); + free(opt); + goto cleanup; + } + ldap_context->bind_dn = strdup(val); + if (ldap_context->bind_dn == NULL) { + free (opt); + free (val); + status = ENOMEM; + goto cleanup; + } + } else if (opt && !strcmp(opt, "nconns")) { + if (ldap_context->max_server_conns) { + free (opt); + free (val); + status = EINVAL; + krb5_set_error_message (context, status, "'nconns' missing"); + goto cleanup; + } + if (val == NULL) { + status = EINVAL; + krb5_set_error_message (context, status, "'nconns' value missing"); + free(opt); + goto cleanup; + } + ldap_context->max_server_conns = atoi(val) ? atoi(val) : DEFAULT_CONNS_PER_SERVER; + } else if (opt && !strcmp(opt, "bindpwd")) { + if (ldap_context->bind_pwd) { + free (opt); + free (val); + status = EINVAL; + krb5_set_error_message (context, status, "'bindpwd' missing"); + goto cleanup; + } + if (val == NULL) { + status = EINVAL; + krb5_set_error_message (context, status, "'bindpwd' value missing"); + free(opt); + goto cleanup; + } + ldap_context->bind_pwd = strdup(val); + if (ldap_context->bind_pwd == NULL) { + free (opt); + free (val); + status = ENOMEM; + goto cleanup; + } + } else if (opt && !strcmp(opt, "host")) { + if (val == NULL) { + status = EINVAL; + krb5_set_error_message (context, status, "'host' value missing"); + free(opt); + goto cleanup; + } + if (ldap_context->server_info_list == NULL) + ldap_context->server_info_list = + (krb5_ldap_server_info **) calloc(SERV_COUNT+1, sizeof(krb5_ldap_server_info *)); + + if (ldap_context->server_info_list == NULL) { + free (opt); + free (val); + status = ENOMEM; + goto cleanup; + } + + ldap_context->server_info_list[srv_cnt] = + (krb5_ldap_server_info *) calloc(1, sizeof(krb5_ldap_server_info)); + if (ldap_context->server_info_list[srv_cnt] == NULL) { + free (opt); + free (val); + status = ENOMEM; + goto cleanup; + } + + ldap_context->server_info_list[srv_cnt]->server_status = NOTSET; + + ldap_context->server_info_list[srv_cnt]->server_name = strdup(val); + if (ldap_context->server_info_list[srv_cnt]->server_name == NULL) { + free (opt); + free (val); + status = ENOMEM; + goto cleanup; + } + + srv_cnt++; + } else if (opt && !strcmp(opt, "cert")) { + if (val == NULL) { + status = EINVAL; + krb5_set_error_message (context, status, "'cert' value missing"); + free(opt); + goto cleanup; + } + + if (ldap_context->root_certificate_file == NULL) { + ldap_context->root_certificate_file = strdup(val); + if (ldap_context->root_certificate_file == NULL) { + free (opt); + free (val); + status = ENOMEM; + goto cleanup; + } + } else { + void *tmp=NULL; + char *oldstr = NULL; + unsigned int len=0; + + oldstr = strdup(ldap_context->root_certificate_file); + if (oldstr == NULL) { + free (opt); + free (val); + status = ENOMEM; + goto cleanup; + } + + tmp = ldap_context->root_certificate_file; + len = strlen(ldap_context->root_certificate_file) + 2 + strlen(val); + ldap_context->root_certificate_file = realloc(ldap_context->root_certificate_file, + len); + if (ldap_context->root_certificate_file == NULL) { + free (tmp); + free (opt); + free (val); + status = ENOMEM; + goto cleanup; + } + memset(ldap_context->root_certificate_file, 0, len); + sprintf(ldap_context->root_certificate_file,"%s %s", oldstr, val); + free (oldstr); + } + } + /* ignore hash argument. Might have been passed from create */ + else { + status = EINVAL; + krb5_set_error_message (context, status, "unknown option \'%s\'", + opt?opt:val); + free(opt); + free(val); + goto cleanup; + } + + free(opt); + free(val); + t_ptr++; + } + + dal_handle = (kdb5_dal_handle *) context->db_context; + dal_handle->db_context = (kdb5_dal_handle *) ldap_context; + + status = krb5_ldap_read_server_params(context, conf_section, KRB5_KDB_SRV_TYPE_ADMIN); + if (status) { + dal_handle->db_context = NULL; + prepend_err_str (context, "Error reading LDAP server params: ", status, status); + goto cleanup; + } + if (status = krb5_ldap_db_init(context, ldap_context)) { + goto cleanup; + } + + /* read the kerberos container */ + if ((status = krb5_ldap_read_krbcontainer_params(context, + &(ldap_context->krbcontainer))) == KRB5_KDB_NOENTRY) { + krb5_ldap_krbcontainer_params kparams; + + /* The kerberos container does not exist so try to create. */ + memset(&kparams, 0, sizeof(kparams)); + + /* Read the kerberos container location from configuration file */ + if (ldap_context->conf_section) { + if ((status = profile_get_string(context->profile, + KDB_MODULE_SECTION, ldap_context->conf_section, + "ldap_kerberos_container_dn", NULL, + &kparams.DN)) != 0) { + goto cleanup; + } + } + if (kparams.DN == NULL) { + if ((status = profile_get_string(context->profile, + KDB_MODULE_DEF_SECTION, + "ldap_kerberos_container_dn", NULL, + NULL, &kparams.DN)) != 0) { + goto cleanup; + } + } + + /* create the kerberos container */ + status = krb5_ldap_create_krbcontainer(context, + ((kparams.DN != NULL) ? &kparams : NULL)); + if (status) + goto cleanup; + + krbcontainer_obj_created = TRUE; + + status = krb5_ldap_read_krbcontainer_params(context, + &(ldap_context->krbcontainer)); + if (status) { + krb5_set_error_message(context, status, "while reading kerberos container information"); + goto cleanup; + } + } else if (status) { + krb5_set_error_message(context, status, "while reading kerberos container information"); + goto cleanup; + } + + rparams = (krb5_ldap_realm_params *) malloc(sizeof(krb5_ldap_realm_params)); + if (rparams == NULL) { + status = ENOMEM; + goto cleanup; + } + memset(rparams, 0, sizeof(*rparams)); + rparams->realm_name = strdup(context->default_realm); + if (rparams->realm_name == NULL) { + status = ENOMEM; + goto cleanup; + } + + if ((status = krb5_ldap_create_realm(context, rparams, mask))) { + krb5_set_error_message(context, status, "while creating realm object entry"); + goto cleanup; + } + + /* We just created the Realm container. Here starts our transaction tracking */ + realm_obj_created = TRUE; + + /* verify realm object */ + if ((status = krb5_ldap_read_realm_params(context, + rparams->realm_name, + &(ldap_context->lrparams), + &mask))) { + krb5_set_error_message(context, status, "while reading realm object entry"); + goto cleanup; + } + +#ifdef HAVE_EDIRECTORY + if ((mask & LDAP_REALM_KDCSERVERS) || (mask & LDAP_REALM_ADMINSERVERS) || + (mask & LDAP_REALM_PASSWDSERVERS)) { + + rightsmask =0; + rightsmask |= LDAP_REALM_RIGHTS; + rightsmask |= LDAP_SUBTREE_RIGHTS; + if ((rparams != NULL) && (rparams->kdcservers != NULL)) { + for (i=0; (rparams->kdcservers[i] != NULL); i++) { + if ((status=krb5_ldap_add_service_rights(context, + LDAP_KDC_SERVICE, rparams->kdcservers[i], + rparams->realm_name, rparams->subtree, rightsmask)) != 0) { + goto cleanup; + } + } + } + + rightsmask = 0; + rightsmask |= LDAP_REALM_RIGHTS; + rightsmask |= LDAP_SUBTREE_RIGHTS; + if ((rparams != NULL) && (rparams->adminservers != NULL)) { + for (i=0; (rparams->adminservers[i] != NULL); i++) { + if ((status=krb5_ldap_add_service_rights(context, + LDAP_ADMIN_SERVICE, rparams->adminservers[i], + rparams->realm_name, rparams->subtree, rightsmask)) != 0) { + goto cleanup; + } + } + } + + rightsmask = 0; + rightsmask |= LDAP_REALM_RIGHTS; + rightsmask |= LDAP_SUBTREE_RIGHTS; + if ((rparams != NULL) && (rparams->passwdservers != NULL)) { + for (i=0; (rparams->passwdservers[i] != NULL); i++) { + if ((status=krb5_ldap_add_service_rights(context, + LDAP_PASSWD_SERVICE, rparams->passwdservers[i], + rparams->realm_name, rparams->subtree, rightsmask)) != 0) { + goto cleanup; + } + } + } + } +#endif + +cleanup: +#if 0 /************** Begin IFDEF'ed OUT *******************************/ + /* If the krbcontainer/realm creation is not complete, do the roll-back here */ + if ((krbcontainer_obj_created) && (!realm_obj_created)) + /* XXX WAF this needs to be created !!! */ + krb5_ldap_delete_krbcontainer(context); +#endif /**************** END IFDEF'ed OUT *******************************/ + + if (rparams) + krb5_ldap_free_realm_params(rparams); + + return(status); +} diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_krbcontainer.h b/src/plugins/kdb/ldap/libkdb_ldap/ldap_krbcontainer.h index 4d1b4e4e5..7dfc2a55d 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_krbcontainer.h +++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_krbcontainer.h @@ -31,6 +31,8 @@ #ifndef _LDAP_KRBCONTAINER_H_ #define _LDAP_KRBCONTAINER_H_ 1 +#define MAX_KRB_CONTAINER_LEN 256 + /* kerberos container structure */ typedef struct _krb5_ldap_krbcontainer_params { diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c index d69785304..f00016239 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c +++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c @@ -461,6 +461,16 @@ krb5_get_subtree_info(ldap_context, subtreearr, ntree) * works in both case. */ if (subtree == NULL || strcasecmp(subtree, "") == 0) { + /* + * XXX WAF to see if I can get around ldapsearch issue with a null base + * which doesn't work in solaris. This should probably be a Solaris + * specific #ifdef but I am not sure what define value to use. + */ + if (realm_cont_dn != NULL) { + subtreearr[0] = strdup(realm_cont_dn); + if (subtreearr[0] == NULL) + return ENOMEM; + } *ntree = 1; return 0; } diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.h b/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.h index d15b7c70f..954e71ccc 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.h +++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.h @@ -122,4 +122,7 @@ krb5_add_int_mem_ldap_mod(LDAPMod ***, char *, int , int); krb5_error_code krb5_ldap_free_mod_array(LDAPMod **); +krb5_error_code +krb5_ldap_get_db_opt(char *, char **, char **); + #endif diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c index 724786b7b..221b38c65 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c +++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c @@ -1643,15 +1643,11 @@ krb5_ldap_free_realm_params(rparams) return; } -/* DAL functions */ - -krb5_error_code -krb5_ldap_create_realm_1(krb5_context kcontext, char *conf_section, char **db_args) -{ - krb5_error_code status = KRB5_PLUGIN_OP_NOTSUPP; - krb5_set_error_message(kcontext, status, "LDAP %s", error_message(status)); - return status; -} +/* + * ****************************************************************************** + * DAL functions + * ****************************************************************************** + */ krb5_error_code krb5_ldap_delete_realm_1(krb5_context kcontext, char *conf_section, char **db_args) diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.h b/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.h index 21d7d877c..9ffd3e86e 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.h +++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.h @@ -95,9 +95,6 @@ krb5_ldap_read_realm_params(krb5_context , char *, krb5_ldap_realm_params **, in void krb5_ldap_free_realm_params(krb5_ldap_realm_params *); -krb5_error_code -krb5_ldap_create_realm_1(krb5_context, char *, char **); - krb5_error_code krb5_ldap_delete_realm_1(krb5_context, char *, char **); diff --git a/src/plugins/kdb/ldap/libkdb_ldap/libkdb_ldap.exports b/src/plugins/kdb/ldap/libkdb_ldap/libkdb_ldap.exports index 36659da92..027fd74c7 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/libkdb_ldap.exports +++ b/src/plugins/kdb/ldap/libkdb_ldap/libkdb_ldap.exports @@ -39,7 +39,6 @@ krb5_ldap_free krb5_ldap_set_mkey krb5_ldap_get_mkey disjoint_members -krb5_ldap_create_realm_1 krb5_ldap_delete_realm_1 krb5_ldap_set_option krb5_ldap_lock -- 2.26.2