int
main()
{
krb5_db_entry *ent;
krb5_context context;
krb5_string_attr *strings;
char *val;
int count;
assert(krb5int_init_context_kdc(&context) == 0);
/* Start with an empty entry. */
ent = calloc(1, sizeof(*ent));
if (ent == NULL) {
fprintf(stderr, "Can't allocate memory for entry.\n");
return 1;
}
/* Check that the entry has no strings to start. */
assert(krb5_dbe_get_strings(context, ent, &strings, &count) == 0);
assert(strings == NULL && count == 0);
krb5_dbe_free_strings(context, strings, count);
/* Check that we get a null value querying a specific attribute. */
assert(krb5_dbe_get_string(context, ent, "foo", &val) == 0);
assert(val == NULL);
/* Set some attributes one at a time, including a deletion. */
assert(krb5_dbe_set_string(context, ent, "eggs", "dozen") == 0);
assert(krb5_dbe_set_string(context, ent, "price", "right") == 0);
assert(krb5_dbe_set_string(context, ent, "eggs", NULL) == 0);
assert(krb5_dbe_set_string(context, ent, "time", "flies") == 0);
/* Query each attribute. */
assert(krb5_dbe_get_string(context, ent, "price", &val) == 0);
assert(strcmp(val, "right") == 0);
krb5_dbe_free_string(context, val);
assert(krb5_dbe_get_string(context, ent, "time", &val) == 0);
assert(strcmp(val, "flies") == 0);
krb5_dbe_free_string(context, val);
assert(krb5_dbe_get_string(context, ent, "eggs", &val) == 0);
assert(val == NULL);
/* Query the list of attributes and verify it. */
assert(krb5_dbe_get_strings(context, ent, &strings, &count) == 0);
assert(count == 2);
assert(strcmp(strings[0].key, "price") == 0);
assert(strcmp(strings[0].value, "right") == 0);
assert(strcmp(strings[1].key, "time") == 0);
assert(strcmp(strings[1].value, "flies") == 0);
krb5_dbe_free_strings(context, strings, count);
krb5_db_free_principal(context, ent);
krb5_free_context(context);
return 0;
}
/* Get any auth indicator values from LDAP and update the "require_auth"
* string. */
static krb5_error_code
get_ldap_auth_ind(krb5_context context, LDAP *ld, LDAPMessage *ldap_ent,
krb5_db_entry *entry, unsigned int *mask)
{
krb5_error_code ret;
int i;
char **auth_inds = NULL;
struct k5buf buf = EMPTY_K5BUF;
auth_inds = ldap_get_values(ld, ldap_ent, "krbPrincipalAuthInd");
if (auth_inds == NULL)
return 0;
k5_buf_init_dynamic(&buf);
/* Make a space seperated list of indicators. */
for (i = 0; auth_inds[i] != NULL; i++) {
k5_buf_add(&buf, auth_inds[i]);
if (auth_inds[i + 1] != NULL)
k5_buf_add(&buf, " ");
}
ret = k5_buf_status(&buf);
if (ret)
goto cleanup;
ret = krb5_dbe_set_string(context, entry, KRB5_KDB_SK_REQUIRE_AUTH,
buf.data);
if (!ret)
*mask |= KDB_AUTH_IND_ATTR;
cleanup:
k5_buf_free(&buf);
ldap_value_free(auth_inds);
return ret;
}
