From ba4eb5f71605d6d966df9ad4c9d38fee1a350b76 Mon Sep 17 00:00:00 2001 From: Ken Raeburn Date: Wed, 15 Nov 2006 23:56:02 +0000 Subject: [PATCH] LDAP patch from Novell, 2006-10-13 Patch from 13 November from Savitha R: > Fix for delpol deleting ticket policies > Removed references to old schema > Moved some unused code under #ifdef HAVE_EDIRECTORY ticket: new target_version: 1.6 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18812 dc483132-0cff-0310-8789-dd5450dbe970 --- .../kdb/ldap/ldap_util/kdb5_ldap_realm.c | 5 +- src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c | 2 + src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h | 2 + .../kdb/ldap/libkdb_ldap/ldap_create.c | 2 + src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c | 14 +- .../kdb/ldap/libkdb_ldap/ldap_principal2.c | 5 +- .../kdb/ldap/libkdb_ldap/ldap_pwd_policy.c | 12 +- src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c | 206 +----------------- src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.h | 28 +-- .../ldap/libkdb_ldap/ldap_service_rights.c | 18 +- 10 files changed, 53 insertions(+), 241 deletions(-) diff --git a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c index 77b7e822c..a13bdfacb 100644 --- a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c +++ b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c @@ -900,7 +900,6 @@ void kdb5_ldap_modify(argc, argv) #ifdef HAVE_EDIRECTORY int j = 0; char *list[MAX_LIST_ENTRIES]; - char **slist = {NULL}; int existing_entries = 0, list_entries = 0; int newkdcdn = 0, newadmindn = 0, newpwddn = 0; char **tempstr = NULL; @@ -1432,6 +1431,8 @@ void kdb5_ldap_modify(argc, argv) } if ((mask & LDAP_REALM_SUBTREE)) { + int check_subtree = 1; + newsubtrees = (char**) calloc(rparams->subtreecount, sizeof(char*)); if (newsubtrees == NULL) { @@ -1452,7 +1453,7 @@ void kdb5_ldap_modify(argc, argv) for(j=0;oldsubtrees[j]!=NULL;j++) { check_subtree = 1; for(i=0; ( (oldsubtrees[j] && !rparams->subtree[i]) || - (!oldsubtrees[j] && rparams->subtree[i]))i; i++) { + (!oldsubtrees[j] && rparams->subtree[i])); i++) { if(strcasecmp( oldsubtrees[j], rparams->subtree[i]) == 0) { check_subtree = 0; continue; diff --git a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c index e5bf6c11d..883897bc8 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c +++ b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c @@ -330,6 +330,7 @@ krb5_error_code krb5_ldap_open(krb5_context context, } srv_cnt++; +#ifdef HAVE_EDIRECTORY } else if (opt && !strcmp(opt, "cert")) { if (val == NULL) { status = EINVAL; @@ -374,6 +375,7 @@ krb5_error_code krb5_ldap_open(krb5_context context, sprintf(ldap_context->root_certificate_file,"%s %s", oldstr, val); free (oldstr); } +#endif } else { /* ignore hash argument. Might have been passed from create */ status = EINVAL; diff --git a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h index 97da15d21..b1ffd8497 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h +++ b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h @@ -195,7 +195,9 @@ struct _krb5_ldap_server_info { krb5_ldap_server_handle *ldap_server_handles; time_t downtime; char *server_name; +#ifdef HAVE_EDIRECTORY char *root_certificate_file; +#endif struct _krb5_ldap_server_info *next; }; diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c index 768ba6a59..8c60c177d 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c +++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c @@ -180,6 +180,7 @@ krb5_ldap_create (krb5_context context, char *conf_section, char **db_args) } srv_cnt++; +#ifdef HAVE_EDIRECTORY } else if (opt && !strcmp(opt, "cert")) { if (val == NULL) { status = EINVAL; @@ -224,6 +225,7 @@ krb5_ldap_create (krb5_context context, char *conf_section, char **db_args) sprintf(ldap_context->root_certificate_file,"%s %s", oldstr, val); free (oldstr); } +#endif } else { /* ignore hash argument. Might have been passed from create */ status = EINVAL; diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c index efcb73ee7..f76a6e895 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c +++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c @@ -229,6 +229,7 @@ krb5_ldap_read_server_params(context, conf_section, srv_type) goto cleanup; } +#ifdef HAVE_EDIRECTORY /* * If root certificate file is not set read it from database * module section of conf file this is the trusted root @@ -241,6 +242,7 @@ krb5_ldap_read_server_params(context, conf_section, srv_type) if (st) goto cleanup; } +#endif /* * If the ldap server parameter is not set read the list of ldap @@ -270,7 +272,7 @@ krb5_ldap_read_server_params(context, conf_section, srv_type) (*server_info)[ele] = (krb5_ldap_server_info *)calloc(1, sizeof(krb5_ldap_server_info)); - (*server_info)[ele]->server_name = strdup("localhost"); + (*server_info)[ele]->server_name = strdup("ldapi://"); if ((*server_info)[ele]->server_name == NULL) { st = ENOMEM; goto cleanup; @@ -326,9 +328,11 @@ krb5_ldap_free_server_params(ldap_context) if (ldap_context->server_info_list[i]->server_name) { free (ldap_context->server_info_list[i]->server_name); } +#ifdef HAVE_EDIRECTORY if (ldap_context->server_info_list[i]->root_certificate_file) { free (ldap_context->server_info_list[i]->root_certificate_file); } +#endif if (ldap_context->server_info_list[i]->ldap_server_handles) { ldap_server_handle = ldap_context->server_info_list[i]->ldap_server_handles; while (ldap_server_handle) { @@ -365,10 +369,12 @@ krb5_ldap_free_server_params(ldap_context) ldap_context->service_password_file = NULL; } +#ifdef HAVE_EDIRECTORY if (ldap_context->root_certificate_file != NULL) { krb5_xfree(ldap_context->root_certificate_file); ldap_context->root_certificate_file = NULL; } +#endif if (ldap_context->service_cert_path != NULL) { krb5_xfree(ldap_context->service_cert_path); @@ -915,8 +921,10 @@ checkattributevalue (ld, dn, attribute, attrvalues, mask) char **values=NULL, *attributes[2] = {NULL}; LDAPMessage *result=NULL, *entry=NULL; - if (strlen(dn) == 0) - return LDAP_NO_SUCH_OBJECT; + if (strlen(dn) == 0) { + st = set_ldap_error(0, LDAP_NO_SUCH_OBJECT, OP_SEARCH); + return st; + } attributes[0] = attribute; diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c index 9bfef1510..e0ada5d3a 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c +++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c @@ -1076,10 +1076,9 @@ krb5_ldap_put_principal(context, entries, nentries, db_args) int p, q, r=0, amask=0; if ((st=checkattributevalue(ld, (xargs.dn) ? xargs.dn : principal_dn, - "objectclass", attrvalues, &amask)) != 0) { - st = KRB5_KDB_UK_RERROR; + "objectclass", attrvalues, &amask)) != 0) goto cleanup; - } + memset(strval, 0, sizeof(strval)); for (p=1, q=0; p<=2; p<<=1, ++q) { if ((p & amask) == 0) diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c index 3c229c055..6f8b3efd8 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c +++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c @@ -323,7 +323,8 @@ krb5_ldap_delete_password_policy (context, policy) krb5_context context; char *policy; { - char *policy_dn = NULL; + int mask = 0; + char *policy_dn = NULL, *class[] = {"krbpwdpolicy", NULL}; krb5_error_code st=0; LDAP *ld=NULL; kdb5_dal_handle *dal_handle=NULL; @@ -344,6 +345,15 @@ krb5_ldap_delete_password_policy (context, policy) if (st != 0) goto cleanup; + /* Ensure that the object is a password policy */ + if ((st=checkattributevalue(ld, policy_dn, "objectclass", class, &mask)) != 0) + goto cleanup; + + if (mask == 0) { + st = KRB5_KDB_NOENTRY; + goto cleanup; + } + if ((st=ldap_delete_ext_s(ld, policy_dn, NULL, NULL)) != LDAP_SUCCESS) { st = set_ldap_error (context, st, OP_DEL); goto cleanup; diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c index 3013838ea..b5e198ff7 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c +++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c @@ -42,10 +42,9 @@ #define END_OF_LIST -1 char *realm_attributes[] = {"krbSearchScope","krbSubTrees", "krbPrincContainerRef", "krbMaxTicketLife", "krbMaxRenewableAge", - "krbTicketFlags", "krbDefaultEncType", - "krbDefaultSaltType", "krbUpEnabled", - "krbTicketPolicyReference", "krbSupportedEncTypes", - "krbSupportedSaltTypes", "krbLdapServers", + "krbTicketFlags", "krbUpEnabled", + "krbTicketPolicyReference", + "krbLdapServers", "krbKdcServers", "krbAdmServers", "krbPwdServers", NULL}; @@ -64,14 +63,6 @@ char *pwdclass[] = { "krbPwdService", NULL }; char *subtreeclass[] = { "Organization", "OrganizationalUnit", "Domain", "krbContainer", "krbRealmContainer", "Country", "Locality", NULL }; -int supportedenctypes[] = { ENCTYPE_DES_CBC_CRC, ENCTYPE_DES_CBC_MD4, ENCTYPE_DES_CBC_MD5, - ENCTYPE_DES3_CBC_SHA1, ENCTYPE_AES128_CTS_HMAC_SHA1_96, - ENCTYPE_AES256_CTS_HMAC_SHA1_96, ENCTYPE_ARCFOUR_HMAC, -1}; - -int supportedsalttypes[] = { KRB5_KDB_SALTTYPE_NORMAL, KRB5_KDB_SALTTYPE_V4, - KRB5_KDB_SALTTYPE_NOREALM, KRB5_KDB_SALTTYPE_ONLYREALM, - KRB5_KDB_SALTTYPE_SPECIAL, -1}; - char *krbContainerRefclass[] = { "krbContainerRefAux", NULL}; @@ -460,9 +451,6 @@ krb5_ldap_modify_realm(context, rparams, mask) rparams->tl_data->tl_data_contents == NULL || ((mask & LDAP_REALM_SUBTREE) && rparams->subtree == NULL) || ((mask & LDAP_REALM_CONTREF) && rparams->containerref == NULL) || - /* This has to be fixed ... */ - ((mask & LDAP_REALM_DEFENCTYPE) && rparams->suppenctypes == NULL) || - ((mask & LDAP_REALM_DEFSALTTYPE) && rparams->suppsalttypes == NULL) || #ifdef HAVE_EDIRECTORY ((mask & LDAP_REALM_KDCSERVERS) && rparams->kdcservers == NULL) || ((mask & LDAP_REALM_ADMINSERVERS) && rparams->adminservers == NULL) || @@ -490,22 +478,6 @@ krb5_ldap_modify_realm(context, rparams, mask) } } - /* - * Sort the list of salt-types / enc-types ... just to eliminate duplicates - * later. - */ - { - if ((mask & LDAP_REALM_SUPPENCTYPE) && rparams->suppenctypes) { - for (i = 0; rparams->suppenctypes [i] != END_OF_LIST; i++) { - } - qsort ((void *)rparams->suppenctypes, (unsigned) i, sizeof(krb5_int32), compare); - } - if ((mask & LDAP_REALM_SUPPSALTTYPE) && rparams->suppsalttypes) { - for (i = 0; rparams->suppenctypes [i] != END_OF_LIST; i++) { - } - qsort ((void *)rparams->suppsalttypes, (unsigned) i, sizeof(krb5_int32), compare); - } - } /* SUBTREE ATTRIBUTE */ if (mask & LDAP_REALM_SUBTREE) { @@ -575,124 +547,6 @@ krb5_ldap_modify_realm(context, rparams, mask) } - /* DEFENCTYPE ATTRIBUTE */ - if (mask & LDAP_REALM_DEFENCTYPE) { - /* check if the entered enctype is valid */ - if (krb5_c_valid_enctype(rparams->defenctype)) { - - /* check if the defenctype exists in the suppenctypes list */ - for (i = 0; rparams->suppenctypes[i] != END_OF_LIST; ++i) - if (rparams->defenctype == rparams->suppenctypes[i]) - break; - - /* touching the end of list means defenctype is missing */ - if (rparams->suppenctypes[i] == END_OF_LIST) { - st = EINVAL; - krb5_set_error_message (context, st, "Default enctype not in the supported list"); - goto cleanup; - } - - if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbdefaultenctype", LDAP_MOD_REPLACE, - rparams->defenctype)) != 0) - goto cleanup; - } else { - st = EINVAL; - krb5_set_error_message (context, st, "Invalid default enctype"); - goto cleanup; - } - } - - /* DEFSALTTYPE ATTRIBUTE */ - if (mask & LDAP_REALM_DEFSALTTYPE) { - /* check if the entered salttype is valid */ - if (rparams->defsalttype>=0 && rparams->defsalttype<6) { - - /* check if the defsalttype exists in the suppsalttypes list */ - for (i = 0; rparams->suppsalttypes[i] != END_OF_LIST; ++i) - if (rparams->defsalttype == rparams->suppsalttypes[i]) - break; - - /* touching the end of the list means defsalttype is missing */ - if (rparams->suppsalttypes[i] == END_OF_LIST) { - st = EINVAL; - krb5_set_error_message (context, st, "Default salttype not in the supported list"); - goto cleanup; - } - - if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbdefaultsalttype", - LDAP_MOD_REPLACE, rparams->defsalttype)) != 0) - goto cleanup; - - } else { - st = EINVAL; - krb5_set_error_message (context, st, "Invalid default salttype"); - goto cleanup; - } - } - - /* SUPPSALTTYPE ATTRIBUTE */ - if (mask & LDAP_REALM_SUPPSALTTYPE) { - krb5_boolean flag=FALSE; - - for (i = 0; rparams->suppsalttypes[i] != END_OF_LIST; ++i) { - /* check if the salttypes entered is valid */ - if (!(rparams->suppsalttypes[i]>=0 && rparams->suppsalttypes[i]<6)) { - st = EINVAL; - krb5_set_error_message (context, st, "salttype %d not valid", rparams->suppsalttypes[i]); - goto cleanup; - } - - /* Ensure that the default salt type is supported */ - if ((oldmask & LDAP_REALM_DEFSALTTYPE || - mask & LDAP_REALM_DEFSALTTYPE) && - rparams->defsalttype == rparams->suppsalttypes[i]) - flag = TRUE; - } - - if (flag == FALSE) { /* Default salt type is not supported */ - st = EINVAL; - krb5_set_error_message (context, st, "Default salttype not in the supported list"); - goto cleanup; - } - ignore_duplicates(rparams->suppsalttypes); - - if ((st=krb5_add_int_arr_mem_ldap_mod(&mods, "krbsupportedsalttypes", - LDAP_MOD_REPLACE, rparams->suppsalttypes)) != 0) - goto cleanup; - } - - /* SUPPENCTYPE ATTRIBUTE */ - if (mask & LDAP_REALM_SUPPENCTYPE) { - krb5_boolean flag=FALSE; - - for (i=0; rparams->suppenctypes[i] != END_OF_LIST; ++i) { - - /* check if the enctypes entered is valid */ - if (krb5_c_valid_enctype(rparams->suppenctypes[i]) == 0) { - st = EINVAL; - krb5_set_error_message (context, st, "Enctype %d not valid", rparams->suppenctypes[i]); - goto cleanup; - } - - /* Ensure that the default encryption type is supported */ - if ((oldmask & LDAP_REALM_DEFENCTYPE || - mask & LDAP_REALM_DEFENCTYPE) && - rparams->defenctype == rparams->suppenctypes[i]) - flag = TRUE; - } - - if (flag == FALSE) { /* Default encryption type is not supported */ - st = EINVAL; - krb5_set_error_message(context, st, "Default enctype not in the supported list"); - goto cleanup; - } - ignore_duplicates(rparams->suppenctypes); - - if ((st=krb5_add_int_arr_mem_ldap_mod(&mods, "krbsupportedenctypes", - LDAP_MOD_REPLACE, rparams->suppenctypes)) != 0) - goto cleanup; - } - #ifdef HAVE_EDIRECTORY /* KDCSERVERS ATTRIBUTE */ @@ -1147,8 +1001,6 @@ krb5_ldap_create_realm(context, rparams, mask) ((mask & LDAP_REALM_SUBTREE) && rparams->subtree == NULL) || ((mask & LDAP_REALM_CONTREF) && rparams->containerref == NULL) || ((mask & LDAP_REALM_POLICYREFERENCE) && rparams->policyreference == NULL) || - ((mask & LDAP_REALM_SUPPSALTTYPE) && rparams->suppsalttypes == NULL) || - ((mask & LDAP_REALM_SUPPENCTYPE) && rparams->suppenctypes == NULL) || #ifdef HAVE_EDIRECTORY ((mask & LDAP_REALM_KDCSERVERS) && rparams->kdcservers == NULL) || ((mask & LDAP_REALM_ADMINSERVERS) && rparams->adminservers == NULL) || @@ -1428,8 +1280,7 @@ krb5_ldap_read_realm_params(context, lrealm, rlparamp, mask) LDAP_SEARCH(rlparams->realmdn, LDAP_SCOPE_BASE, "(objectclass=krbRealmContainer)", realm_attributes); - if ((st = ldap_count_entries(ld, result)) == 0) - { + if ((st = ldap_count_entries(ld, result)) <= 0) { /* This could happen when the DN used to bind and read the realm object * does not have sufficient rights to read its attributes */ @@ -1504,49 +1355,6 @@ krb5_ldap_read_realm_params(context, lrealm, rlparamp, mask) ldap_value_free(values); } - if ((values=ldap_get_values(ld, ent, "krbDefaultEncType")) != NULL) { - rlparams->defenctype = atoi(values[0]); - if (krb5_c_valid_enctype(rlparams->defenctype) == 0) - rlparams->defenctype = ENCTYPE_DES3_CBC_SHA1; - *mask |= LDAP_REALM_DEFENCTYPE; - ldap_value_free(values); - } - - if ((values=ldap_get_values(ld, ent, "krbDefaultSaltType")) != NULL) { - rlparams->defsalttype = atoi(values[0]); - if (!(rlparams->defsalttype>=0 && rlparams->defsalttype<6)) - rlparams->defsalttype = KRB5_KDB_SALTTYPE_NORMAL; - *mask |= LDAP_REALM_DEFSALTTYPE; - ldap_value_free(values); - } - if ((values=ldap_get_values(ld, ent, "krbSupportedEncTypes")) != NULL) { - count = ldap_count_values(values); - rlparams->suppenctypes = malloc (sizeof(krb5_int32) * (count + 1)); - if (rlparams->suppenctypes == NULL) { - st = ENOMEM; - goto cleanup; - } - for (i=0; isuppenctypes[i] = atoi(values[i]); - rlparams->suppenctypes[count] = -1; - *mask |= LDAP_REALM_SUPPENCTYPE; - ldap_value_free(values); - } - - if ((values=ldap_get_values(ld, ent, "krbSupportedSaltTypes")) != NULL) { - count = ldap_count_values(values); - rlparams->suppsalttypes = malloc (sizeof(krb5_int32) * (count + 1)); - if (rlparams->suppsalttypes == NULL) { - st = ENOMEM; - goto cleanup; - } - for (i=0; isuppsalttypes[i] = atoi(values[i]); - rlparams->suppsalttypes[count] = -1; - *mask |= LDAP_REALM_SUPPSALTTYPE; - ldap_value_free(values); - } - #ifdef HAVE_EDIRECTORY if ((values=ldap_get_values(ld, ent, "krbKdcServers")) != NULL) { @@ -1659,12 +1467,6 @@ krb5_ldap_free_realm_params(rparams) krb5_xfree(rparams->subtree); } - if (rparams->suppenctypes) - krb5_xfree(rparams->suppenctypes); - - if (rparams->suppsalttypes) - krb5_xfree(rparams->suppsalttypes); - if (rparams->kdcservers) { for (i=0; rparams->kdcservers[i]; ++i) krb5_xfree(rparams->kdcservers[i]); diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.h b/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.h index 3879bf437..05c2b1432 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.h +++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.h @@ -34,20 +34,16 @@ /* realm specific mask */ #define LDAP_REALM_SUBTREE 0x0001 #define LDAP_REALM_SEARCHSCOPE 0x0002 -#define LDAP_REALM_DEFENCTYPE 0x0004 -#define LDAP_REALM_DEFSALTTYPE 0x0008 -#define LDAP_REALM_SUPPENCTYPE 0x0010 -#define LDAP_REALM_SUPPSALTTYPE 0x0020 -#define LDAP_REALM_POLICYREFERENCE 0x0040 -#define LDAP_REALM_UPENABLED 0x0080 -#define LDAP_REALM_LDAPSERVERS 0x0100 -#define LDAP_REALM_KDCSERVERS 0x0200 -#define LDAP_REALM_ADMINSERVERS 0x0400 -#define LDAP_REALM_PASSWDSERVERS 0x0800 -#define LDAP_REALM_MAXTICKETLIFE 0x1000 -#define LDAP_REALM_MAXRENEWLIFE 0x2000 -#define LDAP_REALM_KRBTICKETFLAGS 0x4000 -#define LDAP_REALM_CONTREF 0x8000 +#define LDAP_REALM_POLICYREFERENCE 0x0004 +#define LDAP_REALM_UPENABLED 0x0008 +#define LDAP_REALM_LDAPSERVERS 0x0010 +#define LDAP_REALM_KDCSERVERS 0x0020 +#define LDAP_REALM_ADMINSERVERS 0x0040 +#define LDAP_REALM_PASSWDSERVERS 0x0080 +#define LDAP_REALM_MAXTICKETLIFE 0x0100 +#define LDAP_REALM_MAXRENEWLIFE 0x0200 +#define LDAP_REALM_KRBTICKETFLAGS 0x0400 +#define LDAP_REALM_CONTREF 0x0800 extern char *policy_attributes[]; @@ -67,10 +63,6 @@ typedef struct _krb5_ldap_realm_params { krb5_int32 max_life; krb5_int32 max_renewable_life; krb5_int32 tktflags; - krb5_enctype defenctype; - krb5_int32 defsalttype; - krb5_enctype *suppenctypes; - krb5_int32 *suppsalttypes; char **kdcservers; char **adminservers; char **passwdservers; diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_service_rights.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_service_rights.c index e4a28a5ac..b32ba9186 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_service_rights.c +++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_service_rights.c @@ -151,10 +151,8 @@ static char *kdcrights_realmcontainer[][2]={ {"2#subtree#","#krbPrincContainerRef"}, {"2#subtree#","#krbSearchScope"}, {"2#subtree#","#krbLdapServers"}, - {"2#subtree#","#krbSupportedEncTypes"}, - {"2#subtree#","#krbSupportedSaltTypes"}, - {"2#subtree#","#krbDefaultEncType"}, - {"2#subtree#","#krbDefaultSaltType"}, + {"2#subtree#","#krbSupportedEncSaltTypes"}, + {"2#subtree#","#krbDefaultEncSaltTypes"}, {"2#subtree#","#krbKdcServers"}, {"2#subtree#","#krbPwdServers"}, {"2#subtree#","#krbTicketFlags"}, @@ -195,10 +193,8 @@ static char *adminrights_realmcontainer[][2]={ {"2#subtree#","#krbPrincContainerRef"}, {"2#subtree#","#krbSearchScope"}, {"2#subtree#","#krbLdapServers"}, - {"2#subtree#","#krbSupportedEncTypes"}, - {"2#subtree#","#krbSupportedSaltTypes"}, - {"2#subtree#","#krbDefaultEncType"}, - {"2#subtree#","#krbDefaultSaltType"}, + {"2#subtree#","#krbSupportedEncSaltTypes"}, + {"2#subtree#","#krbDefaultEncSaltTypes"}, {"2#subtree#","#krbKdcServers"}, {"2#subtree#","#krbPwdServers"}, {"6#subtree#","#krbTicketFlags"}, @@ -244,10 +240,8 @@ static char *pwdrights_realmcontainer[][2]={ {"2#subtree#","#krbPrincContainerRef"}, {"2#subtree#","#krbSearchScope"}, {"2#subtree#","#krbLdapServers"}, - {"2#subtree#","#krbSupportedEncTypes"}, - {"2#subtree#","#krbSupportedSaltTypes"}, - {"2#subtree#","#krbDefaultEncType"}, - {"2#subtree#","#krbDefaultSaltType"}, + {"2#subtree#","#krbSupportedEncSaltTypes"}, + {"2#subtree#","#krbDefaultEncSaltTypes"}, {"2#subtree#","#krbKdcServers"}, {"2#subtree#","#krbPwdServers"}, {"6#subtree#","#krbTicketFlags"}, -- 2.26.2