int main() { krb5_db_entry *ent; krb5_context context; krb5_string_attr *strings; char *val; int count; assert(krb5int_init_context_kdc(&context) == 0); /* Start with an empty entry. */ ent = calloc(1, sizeof(*ent)); if (ent == NULL) { fprintf(stderr, "Can't allocate memory for entry.\n"); return 1; } /* Check that the entry has no strings to start. */ assert(krb5_dbe_get_strings(context, ent, &strings, &count) == 0); assert(strings == NULL && count == 0); krb5_dbe_free_strings(context, strings, count); /* Check that we get a null value querying a specific attribute. */ assert(krb5_dbe_get_string(context, ent, "foo", &val) == 0); assert(val == NULL); /* Set some attributes one at a time, including a deletion. */ assert(krb5_dbe_set_string(context, ent, "eggs", "dozen") == 0); assert(krb5_dbe_set_string(context, ent, "price", "right") == 0); assert(krb5_dbe_set_string(context, ent, "eggs", NULL) == 0); assert(krb5_dbe_set_string(context, ent, "time", "flies") == 0); /* Query each attribute. */ assert(krb5_dbe_get_string(context, ent, "price", &val) == 0); assert(strcmp(val, "right") == 0); krb5_dbe_free_string(context, val); assert(krb5_dbe_get_string(context, ent, "time", &val) == 0); assert(strcmp(val, "flies") == 0); krb5_dbe_free_string(context, val); assert(krb5_dbe_get_string(context, ent, "eggs", &val) == 0); assert(val == NULL); /* Query the list of attributes and verify it. */ assert(krb5_dbe_get_strings(context, ent, &strings, &count) == 0); assert(count == 2); assert(strcmp(strings[0].key, "price") == 0); assert(strcmp(strings[0].value, "right") == 0); assert(strcmp(strings[1].key, "time") == 0); assert(strcmp(strings[1].value, "flies") == 0); krb5_dbe_free_strings(context, strings, count); krb5_db_free_principal(context, ent); krb5_free_context(context); return 0; }
/* Get any auth indicator values from LDAP and update the "require_auth" * string. */ static krb5_error_code get_ldap_auth_ind(krb5_context context, LDAP *ld, LDAPMessage *ldap_ent, krb5_db_entry *entry, unsigned int *mask) { krb5_error_code ret; int i; char **auth_inds = NULL; struct k5buf buf = EMPTY_K5BUF; auth_inds = ldap_get_values(ld, ldap_ent, "krbPrincipalAuthInd"); if (auth_inds == NULL) return 0; k5_buf_init_dynamic(&buf); /* Make a space seperated list of indicators. */ for (i = 0; auth_inds[i] != NULL; i++) { k5_buf_add(&buf, auth_inds[i]); if (auth_inds[i + 1] != NULL) k5_buf_add(&buf, " "); } ret = k5_buf_status(&buf); if (ret) goto cleanup; ret = krb5_dbe_set_string(context, entry, KRB5_KDB_SK_REQUIRE_AUTH, buf.data); if (!ret) *mask |= KDB_AUTH_IND_ATTR; cleanup: k5_buf_free(&buf); ldap_value_free(auth_inds); return ret; }