← Back to branch summary

~ubuntu-branches/ubuntu/precise/krb5/precise-updates

« back to all changes in this revision

Viewing changes to src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c

  • Committer: Package Import Robot
  • Author(s): Sam Hartman
  • Date: 2011-12-01 19:34:41 UTC
  • mfrom: (28.1.14 sid)
  • Revision ID: package-import@ubuntu.com-20111201193441-9tipg3aru1jsidyv
Tags: 1.10+dfsg~alpha1-6
http://bugs.debian.org/650671
http://bugs.debian.org/650603
http://bugs.debian.org/650611
* Fix segfault with unknown hostnames in krb5_sname_to_principal,
  Closes: #650671
* Indicate that this library breaks libsmbclient versions that depend on
  krb5_locate_kdc, Closes: #650603, #650611

Show diffs side-by-side

added added

removed removed

Lines of Context:
src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c
1
1
/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 
2
/* plugins/kdb/ldap/libkdb_ldap/ldap_realm.c */
2
3
/*
3
 
 * lib/kdb/kdb_ldap/ldap_realm.c
4
 
 *
5
4
 * Copyright (c) 2004-2005, Novell, Inc.
6
5
 * All rights reserved.
7
6
 *
268
267
 
269
268
    if (lrealm == NULL) {
270
269
        st = EINVAL;
271
 
        krb5_set_error_message (context, st, "Realm information not available");
 
270
        krb5_set_error_message(context, st,
 
271
                               _("Realm information not available"));
272
272
        goto cleanup;
273
273
    }
274
274
 
340
340
    /* Delete all ticket policies */
341
341
    {
342
342
        if ((st = krb5_ldap_list_policy (context, ldap_context->lrparams->realmdn, &policy)) != 0) {
343
 
            prepend_err_str (context, "Error reading ticket policy: ", st, st);
 
343
            prepend_err_str(context, _("Error reading ticket policy: "), st,
 
344
                            st);
344
345
            goto cleanup;
345
346
        }
346
347
 
352
353
    if ((st=ldap_delete_ext_s(ld, ldap_context->lrparams->realmdn, NULL, NULL)) != LDAP_SUCCESS) {
353
354
        int ost = st;
354
355
        st = translate_ldap_error (st, OP_DEL);
355
 
        krb5_set_error_message (context, st, "Realm Delete FAILED: %s",
356
 
                                ldap_err2string(ost));
 
356
        krb5_set_error_message(context, st, _("Realm Delete FAILED: %s"),
 
357
                               ldap_err2string(ost));
357
358
    }
358
359
 
359
360
cleanup:
442
443
            free (voidptr);
443
444
        } else {
444
445
            st = EINVAL;
445
 
            krb5_set_error_message (context, st, "tl_data not available");
 
446
            krb5_set_error_message(context, st, _("tl_data not available"));
446
447
            return st;
447
448
        }
448
449
    }
456
457
                if (strlen(rparams->subtree[k]) != 0) {
457
458
                    st = checkattributevalue(ld, rparams->subtree[k], "Objectclass", subtreeclass,
458
459
                                             &objectmask);
459
 
                    CHECK_CLASS_VALIDITY(st, objectmask, "subtree value: ");
 
460
                    CHECK_CLASS_VALIDITY(st, objectmask, _("subtree value: "));
460
461
                }
461
462
            }
462
463
            strval = rparams->subtree;
472
473
        if (strlen(rparams->containerref) != 0 ) {
473
474
            st = checkattributevalue(ld, rparams->containerref, "Objectclass", subtreeclass,
474
475
                                     &objectmask);
475
 
            CHECK_CLASS_VALIDITY(st, objectmask, "container reference value: ");
 
476
            CHECK_CLASS_VALIDITY(st, objectmask,
 
477
                                 _("container reference value: "));
476
478
            strvalprc[0] = rparams->containerref;
477
479
            strvalprc[1] = NULL;
478
480
            if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbPrincContainerRef", LDAP_MOD_REPLACE,
524
526
        for (i=0; rparams->kdcservers[i] != NULL; ++i) {
525
527
            st = checkattributevalue(ld, rparams->kdcservers[i], "objectClass", kdcclass,
526
528
                                     &objectmask);
527
 
            CHECK_CLASS_VALIDITY(st, objectmask, "kdc service object value: ");
 
529
            CHECK_CLASS_VALIDITY(st, objectmask,
 
530
                                 _("kdc service object value: "));
528
531
        }
529
532
 
530
533
        if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbkdcservers", LDAP_MOD_REPLACE,
538
541
        for (i=0; rparams->adminservers[i] != NULL; ++i) {
539
542
            st = checkattributevalue(ld, rparams->adminservers[i], "objectClass", adminclass,
540
543
                                     &objectmask);
541
 
            CHECK_CLASS_VALIDITY(st, objectmask, "admin service object value: ");
 
544
            CHECK_CLASS_VALIDITY(st, objectmask,
 
545
                                 _("admin service object value: "));
542
546
        }
543
547
 
544
548
        if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbadmservers", LDAP_MOD_REPLACE,
552
556
        for (i=0; rparams->passwdservers[i] != NULL; ++i) {
553
557
            st = checkattributevalue(ld, rparams->passwdservers[i], "objectClass", pwdclass,
554
558
                                     &objectmask);
555
 
            CHECK_CLASS_VALIDITY(st, objectmask, "password service object value: ");
 
559
            CHECK_CLASS_VALIDITY(st, objectmask,
 
560
                                 _("password service object value: "));
556
561
        }
557
562
 
558
563
        if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbpwdservers", LDAP_MOD_REPLACE,
639
644
            for (i=0; oldkdcservers[i]; ++i)
640
645
                if ((st=deleteAttribute(ld, oldkdcservers[i], "krbRealmReferences",
641
646
                                        rparams->realmdn)) != 0) {
642
 
                    snprintf (errbuf, sizeof(errbuf), "Error removing 'krbRealmReferences' from %s: ",
643
 
                              oldkdcservers[i]);
644
 
                    prepend_err_str (context, errbuf, st, st);
 
647
                    snprintf(errbuf, sizeof(errbuf),
 
648
                             _("Error removing 'krbRealmReferences' from "
 
649
                               "%s: "), oldkdcservers[i]);
 
650
                    prepend_err_str(context, errbuf, st, st);
645
651
                    goto cleanup;
646
652
                }
647
653
 
650
656
            for (i=0; newkdcservers[i]; ++i)
651
657
                if ((st=updateAttribute(ld, newkdcservers[i], "krbRealmReferences",
652
658
                                        rparams->realmdn)) != 0) {
653
 
                    snprintf (errbuf, sizeof(errbuf), "Error adding 'krbRealmReferences' to %s: ",
654
 
                              newkdcservers[i]);
655
 
                    prepend_err_str (context, errbuf, st, st);
 
659
                    snprintf(errbuf, sizeof(errbuf),
 
660
                             _("Error adding 'krbRealmReferences' to %s: "),
 
661
                             newkdcservers[i]);
 
662
                    prepend_err_str(context, errbuf, st, st);
656
663
                    goto cleanup;
657
664
                }
658
665
 
676
683
            for (i=0; oldadminservers[i]; ++i)
677
684
                if ((st=deleteAttribute(ld, oldadminservers[i], "krbRealmReferences",
678
685
                                        rparams->realmdn)) != 0) {
679
 
                    snprintf(errbuf, sizeof(errbuf), "Error removing 'krbRealmReferences' from "
680
 
                             "%s: ", oldadminservers[i]);
681
 
                    prepend_err_str (context, errbuf, st, st);
 
686
                    snprintf(errbuf, sizeof(errbuf),
 
687
                             _("Error removing 'krbRealmReferences' from "
 
688
                               "%s: "), oldadminservers[i]);
 
689
                    prepend_err_str(context, errbuf, st, st);
682
690
                    goto cleanup;
683
691
                }
684
692
 
687
695
            for (i=0; newadminservers[i]; ++i)
688
696
                if ((st=updateAttribute(ld, newadminservers[i], "krbRealmReferences",
689
697
                                        rparams->realmdn)) != 0) {
690
 
                    snprintf(errbuf, sizeof(errbuf), "Error adding 'krbRealmReferences' to %s: ",
 
698
                    snprintf(errbuf, sizeof(errbuf),
 
699
                             _("Error adding 'krbRealmReferences' to %s: "),
691
700
                             newadminservers[i]);
692
 
                    prepend_err_str (context, errbuf, st, st);
 
701
                    prepend_err_str(context, errbuf, st, st);
693
702
                    goto cleanup;
694
703
                }
695
704
        if (newadminservers)
712
721
            for (i=0; oldpasswdservers[i]; ++i)
713
722
                if ((st=deleteAttribute(ld, oldpasswdservers[i], "krbRealmReferences",
714
723
                                        rparams->realmdn)) != 0) {
715
 
                    snprintf(errbuf, sizeof(errbuf), "Error removing 'krbRealmReferences' from "
716
 
                             "%s: ", oldpasswdservers[i]);
717
 
                    prepend_err_str (context, errbuf, st, st);
 
724
                    snprintf(errbuf, sizeof(errbuf),
 
725
                             _("Error removing 'krbRealmReferences' from "
 
726
                               "%s: "), oldpasswdservers[i]);
 
727
                    prepend_err_str(context, errbuf, st, st);
718
728
                    goto cleanup;
719
729
                }
720
730
 
723
733
            for (i=0; newpasswdservers[i]; ++i)
724
734
                if ((st=updateAttribute(ld, newpasswdservers[i], "krbRealmReferences",
725
735
                                        rparams->realmdn)) != 0) {
726
 
                    snprintf(errbuf, sizeof(errbuf), "Error adding 'krbRealmReferences' to %s: ",
 
736
                    snprintf(errbuf, sizeof(errbuf),
 
737
                             _("Error adding 'krbRealmReferences' to %s: "),
727
738
                             newpasswdservers[i]);
728
 
                    prepend_err_str (context, errbuf, st, st);
 
739
                    prepend_err_str(context, errbuf, st, st);
729
740
                    goto cleanup;
730
741
                }
731
742
        if (newpasswdservers)
796
807
        kerberoscontdn = KERBEROS_CONTAINER;
797
808
#else
798
809
        st = EINVAL;
799
 
        krb5_set_error_message (context, st, "Kerberos Container information is missing");
 
810
        krb5_set_error_message(context, st,
 
811
                               _("Kerberos Container information is missing"));
800
812
        goto cleanup;
801
813
#endif
802
814
    }
809
821
    rdns = ldap_explode_dn(kerberoscontdn, 1);
810
822
    if (rdns == NULL) {
811
823
        st = EINVAL;
812
 
        krb5_set_error_message(context, st, "Invalid Kerberos container DN");
 
824
        krb5_set_error_message(context, st,
 
825
                               _("Invalid Kerberos container DN"));
813
826
        goto cleanup;
814
827
    }
815
828
 
822
835
    if (krbcontparams && krbcontparams->policyreference) {
823
836
        st = checkattributevalue(ld, krbcontparams->policyreference, "objectclass", policyclass,
824
837
                                 &pmask);
825
 
        CHECK_CLASS_VALIDITY(st, pmask, "ticket policy object value: ");
 
838
        CHECK_CLASS_VALIDITY(st, pmask, _("ticket policy object value: "));
826
839
 
827
840
        strval[0] = krbcontparams->policyreference;
828
841
        strval[1] = NULL;
835
848
    if ((st = ldap_add_ext_s(ld, kerberoscontdn, mods, NULL, NULL)) != LDAP_SUCCESS) {
836
849
        int ost = st;
837
850
        st = translate_ldap_error (st, OP_ADD);
838
 
        krb5_set_error_message (context, st, "Kerberos Container create FAILED: %s", ldap_err2string(ost));
 
851
        krb5_set_error_message(context, st,
 
852
                               _("Kerberos Container create FAILED: %s"),
 
853
                               ldap_err2string(ost));
839
854
        goto cleanup;
840
855
    }
841
856
 
848
863
    /* check whether the security container is bound to krbcontainerrefaux object class */
849
864
    if ((st=checkattributevalue(ld, SECURITY_CONTAINER, "objectClass",
850
865
                                krbContainerRefclass, &crmask)) != 0) {
851
 
        prepend_err_str (context, "Security Container read FAILED: ", st, st);
 
866
        prepend_err_str(context, _("Security Container read FAILED: "), st,
 
867
                        st);
852
868
        /* delete Kerberos Container, status ignored intentionally */
853
869
        ldap_delete_ext_s(ld, kerberoscontdn, NULL, NULL);
854
870
        goto cleanup;
870
886
    if ((st=ldap_modify_ext_s(ld, SECURITY_CONTAINER, mods, NULL, NULL)) != LDAP_SUCCESS) {
871
887
        int ost = st;
872
888
        st = translate_ldap_error (st, OP_MOD);
873
 
        krb5_set_error_message (context, st, "Security Container update FAILED: %s", ldap_err2string(ost));
 
889
        krb5_set_error_message(context, st,
 
890
                               _("Security Container update FAILED: %s"),
 
891
                               ldap_err2string(ost));
874
892
        /* delete Kerberos Container, status ignored intentionally */
875
893
        ldap_delete_ext_s(ld, kerberoscontdn, NULL, NULL);
876
894
        goto cleanup;
916
934
        kerberoscontdn = KERBEROS_CONTAINER;
917
935
#else
918
936
        st = EINVAL;
919
 
        krb5_set_error_message (context, st, "Kerberos Container information is missing");
 
937
        krb5_set_error_message(context, st,
 
938
                               _("Kerberos Container information is missing"));
920
939
        goto cleanup;
921
940
#endif
922
941
    }
925
944
    if ((st = ldap_delete_ext_s(ld, kerberoscontdn, NULL, NULL)) != LDAP_SUCCESS) {
926
945
        int ost = st;
927
946
        st = translate_ldap_error (st, OP_ADD);
928
 
        krb5_set_error_message (context, st, "Kerberos Container delete FAILED: %s", ldap_err2string(ost));
 
947
        krb5_set_error_message(context, st,
 
948
                               _("Kerberos Container delete FAILED: %s"),
 
949
                               ldap_err2string(ost));
929
950
        goto cleanup;
930
951
    }
931
952
 
1016
1037
                if (strlen(rparams->subtree[i]) != 0) {
1017
1038
                    st = checkattributevalue(ld, rparams->subtree[i], "Objectclass", subtreeclass,
1018
1039
                                             &objectmask);
1019
 
                    CHECK_CLASS_VALIDITY(st, objectmask, "realm object value: ");
 
1040
                    CHECK_CLASS_VALIDITY(st, objectmask,
 
1041
                                         _("realm object value: "));
1020
1042
                }
1021
1043
            }
1022
1044
            if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbsubtrees", LDAP_MOD_ADD,
1082
1104
        for (i=0; rparams->kdcservers[i] != NULL; ++i) {
1083
1105
            st = checkattributevalue(ld, rparams->kdcservers[i], "objectClass", kdcclass,
1084
1106
                                     &objectmask);
1085
 
            CHECK_CLASS_VALIDITY(st, objectmask, "kdc service object value: ");
 
1107
            CHECK_CLASS_VALIDITY(st, objectmask,
 
1108
                                 _("kdc service object value: "));
1086
1109
 
1087
1110
        }
1088
1111
 
1097
1120
        for (i=0; rparams->adminservers[i] != NULL; ++i) {
1098
1121
            st = checkattributevalue(ld, rparams->adminservers[i], "objectClass", adminclass,
1099
1122
                                     &objectmask);
1100
 
            CHECK_CLASS_VALIDITY(st, objectmask, "admin service object value: ");
 
1123
            CHECK_CLASS_VALIDITY(st, objectmask,
 
1124
                                 _("admin service object value: "));
1101
1125
 
1102
1126
        }
1103
1127
 
1132
1156
    if (mask & LDAP_REALM_KDCSERVERS)
1133
1157
        for (i=0; rparams->kdcservers[i]; ++i)
1134
1158
            if ((st=updateAttribute(ld, rparams->kdcservers[i], "krbRealmReferences", dn)) != 0) {
1135
 
                snprintf(errbuf, sizeof(errbuf), "Error adding 'krbRealmReferences' to %s: ",
 
1159
                snprintf(errbuf, sizeof(errbuf),
 
1160
                         _("Error adding 'krbRealmReferences' to %s: "),
1136
1161
                         rparams->kdcservers[i]);
1137
1162
                prepend_err_str (context, errbuf, st, st);
1138
1163
                /* delete Realm, status ignored intentionally */
1143
1168
    if (mask & LDAP_REALM_ADMINSERVERS)
1144
1169
        for (i=0; rparams->adminservers[i]; ++i)
1145
1170
            if ((st=updateAttribute(ld, rparams->adminservers[i], "krbRealmReferences", dn)) != 0) {
1146
 
                snprintf(errbuf, sizeof(errbuf), "Error adding 'krbRealmReferences' to %s: ",
 
1171
                snprintf(errbuf, sizeof(errbuf),
 
1172
                         _("Error adding 'krbRealmReferences' to %s: "),
1147
1173
                         rparams->adminservers[i]);
1148
1174
                prepend_err_str (context, errbuf, st, st);
1149
1175
                /* delete Realm, status ignored intentionally */
1154
1180
    if (mask & LDAP_REALM_PASSWDSERVERS)
1155
1181
        for (i=0; rparams->passwdservers[i]; ++i)
1156
1182
            if ((st=updateAttribute(ld, rparams->passwdservers[i], "krbRealmReferences", dn)) != 0) {
1157
 
                snprintf(errbuf, sizeof(errbuf), "Error adding 'krbRealmReferences' to %s: ",
 
1183
                snprintf(errbuf, sizeof(errbuf),
 
1184
                         _("Error adding 'krbRealmReferences' to %s: "),
1158
1185
                         rparams->passwdservers[i]);
1159
1186
                prepend_err_str (context, errbuf, st, st);
1160
1187
                /* delete Realm, status ignored intentionally */
1364
1391
        if (st != LDAP_SUCCESS && st != LDAP_NO_SUCH_OBJECT) {
1365
1392
            int ost = st;
1366
1393
            st = translate_ldap_error (st, OP_SEARCH);
1367
 
            krb5_set_error_message (context, st, "Policy object read failed: %s", ldap_err2string(ost));
 
1394
            krb5_set_error_message(context, st,
 
1395
                                   _("Policy object read failed: %s"),
 
1396
                                   ldap_err2string(ost));
1368
1397
            goto cleanup;
1369
1398
        }
1370
1399
        ent = ldap_first_entry (ld, result);