static krb5_error_code
LDAP_firstkey(krb5_context context, HDB *db, unsigned flags,
hdb_entry *entry)
{
krb5_error_code ret;
int msgid;
ret = LDAP__connect(context, db);
if (ret)
return ret;
ret = LDAP_no_size_limit(context, HDB2LDAP(db));
if (ret)
return ret;
msgid = ldap_search(HDB2LDAP(db), HDB2BASE(db),
LDAP_SCOPE_SUBTREE,
"(|(objectClass=krb5Principal)(objectClass=sambaSamAccount))",
krb5kdcentry_attrs, 0);
if (msgid < 0)
return HDB_ERR_NOENTRY;
HDBSETMSGID(db, msgid);
return LDAP_seq(context, db, flags, entry);
}
static krb5_error_code
LDAP_destroy(krb5_context context, HDB * db)
{
krb5_error_code ret;
LDAP_close(context, db);
ret = hdb_clear_master_key(context, db);
if (HDB2BASE(db))
free(HDB2BASE(db));
if (HDB2CREATE(db))
free(HDB2CREATE(db));
if (db->hdb_name)
free(db->hdb_name);
free(db->hdb_db);
free(db);
return ret;
}
static krb5_error_code
LDAP__lookup_princ(krb5_context context,
HDB *db,
const char *princname,
const char *userid,
LDAPMessage **msg)
{
krb5_error_code ret;
int rc;
char *filter = NULL;
ret = LDAP__connect(context, db);
if (ret)
return ret;
rc = asprintf(&filter,
"(&(objectClass=krb5Principal)(krb5PrincipalName=%s))",
princname);
if (rc < 0) {
krb5_set_error_string(context, "asprintf: out of memory");
ret = ENOMEM;
goto out;
}
ret = LDAP_no_size_limit(context, HDB2LDAP(db));
if (ret)
goto out;
rc = ldap_search_s(HDB2LDAP(db), HDB2BASE(db), LDAP_SCOPE_SUBTREE, filter,
krb5kdcentry_attrs, 0, msg);
if (check_ldap(context, db, rc)) {
krb5_set_error_string(context, "ldap_search_s: %s",
ldap_err2string(rc));
ret = HDB_ERR_NOENTRY;
goto out;
}
if (userid && ldap_count_entries(HDB2LDAP(db), *msg) == 0) {
free(filter);
filter = NULL;
ldap_msgfree(*msg);
*msg = NULL;
rc = asprintf(&filter,
"(&(|(objectClass=sambaSamAccount)(objectClass=%s))(uid=%s))",
structural_object, userid);
if (rc < 0) {
krb5_set_error_string(context, "asprintf: out of memory");
ret = ENOMEM;
goto out;
}
ret = LDAP_no_size_limit(context, HDB2LDAP(db));
if (ret)
goto out;
rc = ldap_search_s(HDB2LDAP(db), HDB2BASE(db), LDAP_SCOPE_SUBTREE,
filter, krb5kdcentry_attrs, 0, msg);
if (check_ldap(context, db, rc)) {
krb5_set_error_string(context, "ldap_search_s: %s",
ldap_err2string(rc));
ret = HDB_ERR_NOENTRY;
goto out;
}
}
ret = 0;
out:
if (filter)
free(filter);
return ret;
}
static krb5_error_code
LDAP__lookup_princ(krb5_context context,
HDB *db,
const char *princname,
const char *userid,
LDAPMessage **msg)
{
struct berval namebv, quotedp;
krb5_error_code ret;
int rc;
char *filter = NULL;
ret = LDAP__connect(context, db);
if (ret)
return ret;
/*
* Quote searches that contain filter language, this quote
* searches for *@REALM, which takes very long time.
*/
ber_str2bv(princname, 0, 0, &namebv);
if (ldap_bv2escaped_filter_value(&namebv, "edp) != 0) {
ret = ENOMEM;
krb5_set_error_message(context, ret, "malloc: out of memory");
goto out;
}
rc = asprintf(&filter,
"(&(objectClass=krb5Principal)(krb5PrincipalName=%s))",
quotedp.bv_val);
ber_memfree(quotedp.bv_val);
if (rc < 0) {
ret = ENOMEM;
krb5_set_error_message(context, ret, "malloc: out of memory");
goto out;
}
ret = LDAP_no_size_limit(context, HDB2LDAP(db));
if (ret)
goto out;
rc = ldap_search_ext_s(HDB2LDAP(db), HDB2BASE(db),
LDAP_SCOPE_SUBTREE, filter,
krb5kdcentry_attrs, 0,
NULL, NULL, NULL,
0, msg);
if (check_ldap(context, db, rc)) {
ret = HDB_ERR_NOENTRY;
krb5_set_error_message(context, ret, "ldap_search_ext_s: "
"filter: %s - error: %s",
filter, ldap_err2string(rc));
goto out;
}
if (userid && ldap_count_entries(HDB2LDAP(db), *msg) == 0) {
free(filter);
filter = NULL;
ldap_msgfree(*msg);
*msg = NULL;
ber_str2bv(userid, 0, 0, &namebv);
if (ldap_bv2escaped_filter_value(&namebv, "edp) != 0) {
ret = ENOMEM;
krb5_set_error_message(context, ret, "malloc: out of memory");
goto out;
}
rc = asprintf(&filter,
"(&(|(objectClass=sambaSamAccount)(objectClass=%s))(uid=%s))",
structural_object, quotedp.bv_val);
ber_memfree(quotedp.bv_val);
if (rc < 0) {
ret = ENOMEM;
krb5_set_error_message(context, ret, "asprintf: out of memory");
goto out;
}
ret = LDAP_no_size_limit(context, HDB2LDAP(db));
if (ret)
goto out;
rc = ldap_search_ext_s(HDB2LDAP(db), HDB2BASE(db), LDAP_SCOPE_SUBTREE,
filter, krb5kdcentry_attrs, 0,
NULL, NULL, NULL,
0, msg);
if (check_ldap(context, db, rc)) {
ret = HDB_ERR_NOENTRY;
krb5_set_error_message(context, ret,
"ldap_search_ext_s: filter: %s error: %s",
filter, ldap_err2string(rc));
goto out;
}
}
ret = 0;
out:
if (filter)
free(filter);
return ret;
}