krb5_error_code
krb5_get_linkdn(krb5_context context, krb5_db_entry *entry, char ***link_dn)
{
krb5_error_code ret;
krb5_tl_data tl_data;
void *ptr;
*link_dn = NULL;
tl_data.tl_data_type = KDB_TL_USER_INFO;
ret = krb5_dbe_lookup_tl_data(context, entry, &tl_data);
if (ret || tl_data.tl_data_length == 0)
return ret;
if (decode_tl_data(&tl_data, KDB_TL_LINKDN, &ptr) == 0)
*link_dn = ptr;
return 0;
}
static krb5_error_code
get_str_from_tl_data(krb5_context context, krb5_db_entry *entry, int type,
char **strval)
{
krb5_error_code ret;
krb5_tl_data tl_data;
void *ptr;
if (type != KDB_TL_USERDN)
return EINVAL;
tl_data.tl_data_type = KDB_TL_USER_INFO;
ret = krb5_dbe_lookup_tl_data(context, entry, &tl_data);
if (ret || tl_data.tl_data_length == 0)
return ret;
if (decode_tl_data(&tl_data, type, &ptr) == 0)
*strval = ptr;
return 0;
}
/*
* wrapper routines for decode_tl_data
*/
static krb5_error_code
get_int_from_tl_data(krb5_context context, krb5_db_entry *entry, int type,
int *intval)
{
krb5_error_code ret;
krb5_tl_data tl_data;
void *ptr;
int *intptr;
tl_data.tl_data_type = KDB_TL_USER_INFO;
ret = krb5_dbe_lookup_tl_data(context, entry, &tl_data);
if (ret || tl_data.tl_data_length == 0)
return ret;
if (decode_tl_data(&tl_data, type, &ptr) == 0) {
intptr = ptr;
*intval = *intptr;
free(intptr);
}
return 0;
}
krb5_error_code
krb5_ldap_modify_realm(krb5_context context, krb5_ldap_realm_params *rparams,
int mask)
{
LDAP *ld=NULL;
krb5_error_code st=0;
char **strval=NULL, *strvalprc[5]={NULL};
LDAPMod **mods = NULL;
int oldmask=0, objectmask=0,k=0;
kdb5_dal_handle *dal_handle=NULL;
krb5_ldap_context *ldap_context=NULL;
krb5_ldap_server_handle *ldap_server_handle=NULL;
if (mask == 0)
return 0;
if (rparams == NULL) {
st = EINVAL;
return st;
}
SETUP_CONTEXT ();
/* Check validity of arguments */
if (ldap_context->krbcontainer == NULL ||
rparams->tl_data == NULL ||
rparams->tl_data->tl_data_contents == NULL ||
((mask & LDAP_REALM_SUBTREE) && rparams->subtree == NULL) ||
((mask & LDAP_REALM_CONTREF) && rparams->containerref == NULL) ||
0) {
st = EINVAL;
goto cleanup;
}
/* get ldap handle */
GET_HANDLE ();
/* get the oldmask obtained from the krb5_ldap_read_realm_params */
{
void *voidptr=NULL;
if ((st=decode_tl_data(rparams->tl_data, KDB_TL_MASK, &voidptr)) == 0) {
oldmask = *((int *) voidptr);
free (voidptr);
} else {
st = EINVAL;
krb5_set_error_message(context, st, _("tl_data not available"));
return st;
}
}
/* SUBTREE ATTRIBUTE */
if (mask & LDAP_REALM_SUBTREE) {
if ( rparams->subtree!=NULL) {
/*replace the subtrees with the present if the subtrees are present*/
for(k=0;k<rparams->subtreecount && rparams->subtree[k]!=NULL;k++) {
if (strlen(rparams->subtree[k]) != 0) {
st = checkattributevalue(ld, rparams->subtree[k], "Objectclass", subtreeclass,
&objectmask);
CHECK_CLASS_VALIDITY(st, objectmask, _("subtree value: "));
}
}
strval = rparams->subtree;
if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbsubtrees", LDAP_MOD_REPLACE,
strval)) != 0) {
goto cleanup;
}
}
}
/* CONTAINERREF ATTRIBUTE */
if (mask & LDAP_REALM_CONTREF) {
if (strlen(rparams->containerref) != 0 ) {
st = checkattributevalue(ld, rparams->containerref, "Objectclass", subtreeclass,
&objectmask);
CHECK_CLASS_VALIDITY(st, objectmask,
_("container reference value: "));
strvalprc[0] = rparams->containerref;
strvalprc[1] = NULL;
if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbPrincContainerRef", LDAP_MOD_REPLACE,
strvalprc)) != 0)
goto cleanup;
}
}
/* SEARCHSCOPE ATTRIBUTE */
if (mask & LDAP_REALM_SEARCHSCOPE) {
if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbsearchscope", LDAP_MOD_REPLACE,
(rparams->search_scope == LDAP_SCOPE_ONELEVEL
|| rparams->search_scope == LDAP_SCOPE_SUBTREE) ?
rparams->search_scope : LDAP_SCOPE_SUBTREE)) != 0)
goto cleanup;
}
if (mask & LDAP_REALM_MAXRENEWLIFE) {
if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbMaxRenewableAge", LDAP_MOD_REPLACE,
rparams->max_renewable_life)) != 0)
goto cleanup;
}
/* krbMaxTicketLife ATTRIBUTE */
if (mask & LDAP_REALM_MAXTICKETLIFE) {
if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbMaxTicketLife", LDAP_MOD_REPLACE,
rparams->max_life)) != 0)
goto cleanup;
}
/* krbTicketFlags ATTRIBUTE */
if (mask & LDAP_REALM_KRBTICKETFLAGS) {
if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbTicketFlags", LDAP_MOD_REPLACE,
rparams->tktflags)) != 0)
goto cleanup;
}
/* Realm modify opearation */
if (mods != NULL) {
if ((st=ldap_modify_ext_s(ld, rparams->realmdn, mods, NULL, NULL)) != LDAP_SUCCESS) {
st = set_ldap_error (context, st, OP_MOD);
goto cleanup;
}
}
cleanup:
ldap_mods_free(mods, 1);
krb5_ldap_put_handle_to_pool(ldap_context, ldap_server_handle);
return st;
}
