521
#ifdef HAVE_EDIRECTORY
523
/* KDCSERVERS ATTRIBUTE */
524
if (mask & LDAP_REALM_KDCSERVERS) {
525
/* validate the server list */
526
for (i=0; rparams->kdcservers[i] != NULL; ++i) {
527
st = checkattributevalue(ld, rparams->kdcservers[i], "objectClass", kdcclass,
529
CHECK_CLASS_VALIDITY(st, objectmask,
530
_("kdc service object value: "));
533
if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbkdcservers", LDAP_MOD_REPLACE,
534
rparams->kdcservers)) != 0)
538
/* ADMINSERVERS ATTRIBUTE */
539
if (mask & LDAP_REALM_ADMINSERVERS) {
540
/* validate the server list */
541
for (i=0; rparams->adminservers[i] != NULL; ++i) {
542
st = checkattributevalue(ld, rparams->adminservers[i], "objectClass", adminclass,
544
CHECK_CLASS_VALIDITY(st, objectmask,
545
_("admin service object value: "));
548
if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbadmservers", LDAP_MOD_REPLACE,
549
rparams->adminservers)) != 0)
553
/* PASSWDSERVERS ATTRIBUTE */
554
if (mask & LDAP_REALM_PASSWDSERVERS) {
555
/* validate the server list */
556
for (i=0; rparams->passwdservers[i] != NULL; ++i) {
557
st = checkattributevalue(ld, rparams->passwdservers[i], "objectClass", pwdclass,
559
CHECK_CLASS_VALIDITY(st, objectmask,
560
_("password service object value: "));
563
if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbpwdservers", LDAP_MOD_REPLACE,
564
rparams->passwdservers)) != 0)
569
* Read the old values of the krbkdcservers, krbadmservers and
570
* krbpwdservers. This information is later used to decided the
571
* deletions/additions to the list.
573
if (mask & LDAP_REALM_KDCSERVERS || mask & LDAP_REALM_ADMINSERVERS ||
574
mask & LDAP_REALM_PASSWDSERVERS) {
575
char *servers[] = {"krbKdcServers", "krbAdmServers", "krbPwdServers", NULL};
577
if ((st= ldap_search_ext_s(ld,
587
&result)) != LDAP_SUCCESS) {
588
st = set_ldap_error (context, st, OP_SEARCH);
592
ent = ldap_first_entry(ld, result);
594
if ((values=ldap_get_values(ld, ent, "krbKdcServers")) != NULL) {
595
count = ldap_count_values(values);
596
if ((st=copy_arrays(values, &oldkdcservers, count)) != 0)
598
ldap_value_free(values);
601
if ((values=ldap_get_values(ld, ent, "krbAdmServers")) != NULL) {
602
count = ldap_count_values(values);
603
if ((st=copy_arrays(values, &oldadminservers, count)) != 0)
605
ldap_value_free(values);
608
if ((values=ldap_get_values(ld, ent, "krbPwdServers")) != NULL) {
609
count = ldap_count_values(values);
610
if ((st=copy_arrays(values, &oldpasswdservers, count)) != 0)
612
ldap_value_free(values);
615
ldap_msgfree(result);
619
506
/* Realm modify opearation */
620
507
if (mods != NULL) {
621
508
if ((st=ldap_modify_ext_s(ld, rparams->realmdn, mods, NULL, NULL)) != LDAP_SUCCESS) {
627
#ifdef HAVE_EDIRECTORY
628
/* krbRealmReferences attribute is updated here, depending on the additions/deletions
629
* to the 4 servers' list.
631
if (mask & LDAP_REALM_KDCSERVERS) {
632
char **newkdcservers=NULL;
634
count = ldap_count_values(rparams->kdcservers);
635
if ((st=copy_arrays(rparams->kdcservers, &newkdcservers, count)) != 0)
638
/* find the deletions and additions to the server list */
639
if (oldkdcservers && newkdcservers)
640
disjoint_members(oldkdcservers, newkdcservers);
642
/* delete the krbRealmReferences attribute from the servers that are dis-associated. */
644
for (i=0; oldkdcservers[i]; ++i)
645
if ((st=deleteAttribute(ld, oldkdcservers[i], "krbRealmReferences",
646
rparams->realmdn)) != 0) {
647
snprintf(errbuf, sizeof(errbuf),
648
_("Error removing 'krbRealmReferences' from "
649
"%s: "), oldkdcservers[i]);
650
prepend_err_str(context, errbuf, st, st);
654
/* add the krbRealmReferences attribute from the servers that are associated. */
656
for (i=0; newkdcservers[i]; ++i)
657
if ((st=updateAttribute(ld, newkdcservers[i], "krbRealmReferences",
658
rparams->realmdn)) != 0) {
659
snprintf(errbuf, sizeof(errbuf),
660
_("Error adding 'krbRealmReferences' to %s: "),
662
prepend_err_str(context, errbuf, st, st);
667
ldap_value_free(newkdcservers);
670
if (mask & LDAP_REALM_ADMINSERVERS) {
671
char **newadminservers=NULL;
673
count = ldap_count_values(rparams->adminservers);
674
if ((st=copy_arrays(rparams->adminservers, &newadminservers, count)) != 0)
677
/* find the deletions and additions to the server list */
678
if (oldadminservers && newadminservers)
679
disjoint_members(oldadminservers, newadminservers);
681
/* delete the krbRealmReferences attribute from the servers that are dis-associated. */
683
for (i=0; oldadminservers[i]; ++i)
684
if ((st=deleteAttribute(ld, oldadminservers[i], "krbRealmReferences",
685
rparams->realmdn)) != 0) {
686
snprintf(errbuf, sizeof(errbuf),
687
_("Error removing 'krbRealmReferences' from "
688
"%s: "), oldadminservers[i]);
689
prepend_err_str(context, errbuf, st, st);
693
/* add the krbRealmReferences attribute from the servers that are associated. */
695
for (i=0; newadminservers[i]; ++i)
696
if ((st=updateAttribute(ld, newadminservers[i], "krbRealmReferences",
697
rparams->realmdn)) != 0) {
698
snprintf(errbuf, sizeof(errbuf),
699
_("Error adding 'krbRealmReferences' to %s: "),
701
prepend_err_str(context, errbuf, st, st);
705
ldap_value_free(newadminservers);
708
if (mask & LDAP_REALM_PASSWDSERVERS) {
709
char **newpasswdservers=NULL;
711
count = ldap_count_values(rparams->passwdservers);
712
if ((st=copy_arrays(rparams->passwdservers, &newpasswdservers, count)) != 0)
715
/* find the deletions and additions to the server list */
716
if (oldpasswdservers && newpasswdservers)
717
disjoint_members(oldpasswdservers, newpasswdservers);
719
/* delete the krbRealmReferences attribute from the servers that are dis-associated. */
720
if (oldpasswdservers)
721
for (i=0; oldpasswdservers[i]; ++i)
722
if ((st=deleteAttribute(ld, oldpasswdservers[i], "krbRealmReferences",
723
rparams->realmdn)) != 0) {
724
snprintf(errbuf, sizeof(errbuf),
725
_("Error removing 'krbRealmReferences' from "
726
"%s: "), oldpasswdservers[i]);
727
prepend_err_str(context, errbuf, st, st);
731
/* add the krbRealmReferences attribute from the servers that are associated. */
732
if (newpasswdservers)
733
for (i=0; newpasswdservers[i]; ++i)
734
if ((st=updateAttribute(ld, newpasswdservers[i], "krbRealmReferences",
735
rparams->realmdn)) != 0) {
736
snprintf(errbuf, sizeof(errbuf),
737
_("Error adding 'krbRealmReferences' to %s: "),
738
newpasswdservers[i]);
739
prepend_err_str(context, errbuf, st, st);
742
if (newpasswdservers)
743
ldap_value_free(newpasswdservers);
749
#ifdef HAVE_EDIRECTORY
751
for (i=0; oldkdcservers[i]; ++i)
752
free(oldkdcservers[i]);
756
if (oldadminservers) {
757
for (i=0; oldadminservers[i]; ++i)
758
free(oldadminservers[i]);
759
free(oldadminservers);
762
if (oldpasswdservers) {
763
for (i=0; oldpasswdservers[i]; ++i)
764
free(oldpasswdservers[i]);
765
free(oldpasswdservers);
769
516
ldap_mods_free(mods, 1);
770
517
krb5_ldap_put_handle_to_pool(ldap_context, ldap_server_handle);
857
#ifdef HAVE_EDIRECTORY
859
/* free the mods array */
860
ldap_mods_free(mods, 1);
863
/* check whether the security container is bound to krbcontainerrefaux object class */
864
if ((st=checkattributevalue(ld, SECURITY_CONTAINER, "objectClass",
865
krbContainerRefclass, &crmask)) != 0) {
866
prepend_err_str(context, _("Security Container read FAILED: "), st,
868
/* delete Kerberos Container, status ignored intentionally */
869
ldap_delete_ext_s(ld, kerberoscontdn, NULL, NULL);
874
/* Security Container is extended with krbcontainerrefaux object class */
875
strval[0] = "krbContainerRefAux";
876
if ((st=krb5_add_str_mem_ldap_mod(&mods, "objectclass", LDAP_MOD_ADD, strval)) != 0)
880
strval[0] = kerberoscontdn;
882
if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbcontainerreference", LDAP_MOD_ADD, strval)) != 0)
885
/* update the security container with krbContainerReference attribute */
886
if ((st=ldap_modify_ext_s(ld, SECURITY_CONTAINER, mods, NULL, NULL)) != LDAP_SUCCESS) {
888
st = translate_ldap_error (st, OP_MOD);
889
krb5_set_error_message(context, st,
890
_("Security Container update FAILED: %s"),
891
ldap_err2string(ost));
892
/* delete Kerberos Container, status ignored intentionally */
893
ldap_delete_ext_s(ld, kerberoscontdn, NULL, NULL);
1099
#ifdef HAVE_EDIRECTORY
1101
/* KDCSERVERS ATTRIBUTE */
1102
if (mask & LDAP_REALM_KDCSERVERS) {
1103
/* validate the server list */
1104
for (i=0; rparams->kdcservers[i] != NULL; ++i) {
1105
st = checkattributevalue(ld, rparams->kdcservers[i], "objectClass", kdcclass,
1107
CHECK_CLASS_VALIDITY(st, objectmask,
1108
_("kdc service object value: "));
1112
if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbkdcservers", LDAP_MOD_ADD,
1113
rparams->kdcservers)) != 0)
1117
/* ADMINSERVERS ATTRIBUTE */
1118
if (mask & LDAP_REALM_ADMINSERVERS) {
1119
/* validate the server list */
1120
for (i=0; rparams->adminservers[i] != NULL; ++i) {
1121
st = checkattributevalue(ld, rparams->adminservers[i], "objectClass", adminclass,
1123
CHECK_CLASS_VALIDITY(st, objectmask,
1124
_("admin service object value: "));
1128
if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbadmservers", LDAP_MOD_ADD,
1129
rparams->adminservers)) != 0)
1133
/* PASSWDSERVERS ATTRIBUTE */
1134
if (mask & LDAP_REALM_PASSWDSERVERS) {
1135
/* validate the server list */
1136
for (i=0; rparams->passwdservers[i] != NULL; ++i) {
1137
st = checkattributevalue(ld, rparams->passwdservers[i], "objectClass", pwdclass,
1139
CHECK_CLASS_VALIDITY(st, objectmask, "password service object value: ");
1143
if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbpwdservers", LDAP_MOD_ADD,
1144
rparams->passwdservers)) != 0)
1149
784
/* realm creation operation */
1150
785
if ((st=ldap_add_ext_s(ld, dn, mods, NULL, NULL)) != LDAP_SUCCESS) {
1151
786
st = set_ldap_error (context, st, OP_ADD);
1155
#ifdef HAVE_EDIRECTORY
1156
if (mask & LDAP_REALM_KDCSERVERS)
1157
for (i=0; rparams->kdcservers[i]; ++i)
1158
if ((st=updateAttribute(ld, rparams->kdcservers[i], "krbRealmReferences", dn)) != 0) {
1159
snprintf(errbuf, sizeof(errbuf),
1160
_("Error adding 'krbRealmReferences' to %s: "),
1161
rparams->kdcservers[i]);
1162
prepend_err_str (context, errbuf, st, st);
1163
/* delete Realm, status ignored intentionally */
1164
ldap_delete_ext_s(ld, dn, NULL, NULL);
1168
if (mask & LDAP_REALM_ADMINSERVERS)
1169
for (i=0; rparams->adminservers[i]; ++i)
1170
if ((st=updateAttribute(ld, rparams->adminservers[i], "krbRealmReferences", dn)) != 0) {
1171
snprintf(errbuf, sizeof(errbuf),
1172
_("Error adding 'krbRealmReferences' to %s: "),
1173
rparams->adminservers[i]);
1174
prepend_err_str (context, errbuf, st, st);
1175
/* delete Realm, status ignored intentionally */
1176
ldap_delete_ext_s(ld, dn, NULL, NULL);
1180
if (mask & LDAP_REALM_PASSWDSERVERS)
1181
for (i=0; rparams->passwdservers[i]; ++i)
1182
if ((st=updateAttribute(ld, rparams->passwdservers[i], "krbRealmReferences", dn)) != 0) {
1183
snprintf(errbuf, sizeof(errbuf),
1184
_("Error adding 'krbRealmReferences' to %s: "),
1185
rparams->passwdservers[i]);
1186
prepend_err_str (context, errbuf, st, st);
1187
/* delete Realm, status ignored intentionally */
1188
ldap_delete_ext_s(ld, dn, NULL, NULL);