Exemple #1
0
int
main()
{
    krb5_db_entry *ent;
    krb5_context context;
    krb5_string_attr *strings;
    char *val;
    int count;

    assert(krb5int_init_context_kdc(&context) == 0);

    /* Start with an empty entry. */
    ent = calloc(1, sizeof(*ent));
    if (ent == NULL) {
        fprintf(stderr, "Can't allocate memory for entry.\n");
        return 1;
    }

    /* Check that the entry has no strings to start. */
    assert(krb5_dbe_get_strings(context, ent, &strings, &count) == 0);
    assert(strings == NULL && count == 0);
    krb5_dbe_free_strings(context, strings, count);

    /* Check that we get a null value querying a specific attribute. */
    assert(krb5_dbe_get_string(context, ent, "foo", &val) == 0);
    assert(val == NULL);

    /* Set some attributes one at a time, including a deletion. */
    assert(krb5_dbe_set_string(context, ent, "eggs", "dozen") == 0);
    assert(krb5_dbe_set_string(context, ent, "price", "right") == 0);
    assert(krb5_dbe_set_string(context, ent, "eggs", NULL) == 0);
    assert(krb5_dbe_set_string(context, ent, "time", "flies") == 0);

    /* Query each attribute. */
    assert(krb5_dbe_get_string(context, ent, "price", &val) == 0);
    assert(strcmp(val, "right") == 0);
    krb5_dbe_free_string(context, val);
    assert(krb5_dbe_get_string(context, ent, "time", &val) == 0);
    assert(strcmp(val, "flies") == 0);
    krb5_dbe_free_string(context, val);
    assert(krb5_dbe_get_string(context, ent, "eggs", &val) == 0);
    assert(val == NULL);

    /* Query the list of attributes and verify it. */
    assert(krb5_dbe_get_strings(context, ent, &strings, &count) == 0);
    assert(count == 2);
    assert(strcmp(strings[0].key, "price") == 0);
    assert(strcmp(strings[0].value, "right") == 0);
    assert(strcmp(strings[1].key, "time") == 0);
    assert(strcmp(strings[1].value, "flies") == 0);
    krb5_dbe_free_strings(context, strings, count);

    krb5_db_free_principal(context, ent);
    krb5_free_context(context);
    return 0;
}
Exemple #2
0
/* Get any auth indicator values from LDAP and update the "require_auth"
 * string. */
static krb5_error_code
get_ldap_auth_ind(krb5_context context, LDAP *ld, LDAPMessage *ldap_ent,
                  krb5_db_entry *entry, unsigned int *mask)
{
    krb5_error_code ret;
    int i;
    char **auth_inds = NULL;
    struct k5buf buf = EMPTY_K5BUF;

    auth_inds = ldap_get_values(ld, ldap_ent, "krbPrincipalAuthInd");
    if (auth_inds == NULL)
        return 0;

    k5_buf_init_dynamic(&buf);

    /* Make a space seperated list of indicators. */
    for (i = 0; auth_inds[i] != NULL; i++) {
        k5_buf_add(&buf, auth_inds[i]);
        if (auth_inds[i + 1] != NULL)
            k5_buf_add(&buf, " ");
    }

    ret = k5_buf_status(&buf);
    if (ret)
        goto cleanup;

    ret = krb5_dbe_set_string(context, entry, KRB5_KDB_SK_REQUIRE_AUTH,
                              buf.data);
    if (!ret)
        *mask |= KDB_AUTH_IND_ATTR;

cleanup:
    k5_buf_free(&buf);
    ldap_value_free(auth_inds);
    return ret;
}