summaryrefslogtreecommitdiff
path: root/source4/kdc
diff options
context:
space:
mode:
Diffstat (limited to 'source4/kdc')
-rw-r--r--source4/kdc/hdb-ldb.c62
1 files changed, 35 insertions, 27 deletions
diff --git a/source4/kdc/hdb-ldb.c b/source4/kdc/hdb-ldb.c
index 0aa18423a0..78084f2e89 100644
--- a/source4/kdc/hdb-ldb.c
+++ b/source4/kdc/hdb-ldb.c
@@ -447,7 +447,7 @@ static krb5_error_code LDB_lookup_principal(krb5_context context, struct ldb_con
TALLOC_CTX *mem_ctx,
krb5_const_principal principal,
enum hdb_ldb_ent_type ent_type,
- const char *realm_dn,
+ const struct ldb_dn *realm_dn,
struct ldb_message ***pmsg)
{
krb5_error_code ret;
@@ -460,6 +460,8 @@ static krb5_error_code LDB_lookup_principal(krb5_context context, struct ldb_con
char *princ_str_talloc;
char *short_princ;
+ char *realm_dn_str;
+
struct ldb_message **msg = NULL;
/* Structure assignment, so we don't mess with the source parameter */
@@ -520,18 +522,20 @@ static krb5_error_code LDB_lookup_principal(krb5_context context, struct ldb_con
count = ldb_search(ldb_ctx, realm_dn, LDB_SCOPE_SUBTREE, filter,
princ_attrs, &msg);
+ realm_dn_str = ldb_dn_linearize(mem_ctx, realm_dn);
+
if (count < 1) {
krb5_warnx(context, "ldb_search: basedn: '%s' filter: '%s' failed: %d",
- realm_dn, filter, count);
+ realm_dn_str, filter, count);
krb5_set_error_string(context, "ldb_search: basedn: '%s' filter: '%s' failed: %d",
- realm_dn, filter, count);
+ realm_dn_str, filter, count);
return HDB_ERR_NOENTRY;
} else if (count > 1) {
talloc_free(msg);
krb5_warnx(context, "ldb_search: basedn: '%s' filter: '%s' more than 1 entry: %d",
- realm_dn, filter, count);
+ realm_dn_str, filter, count);
krb5_set_error_string(context, "ldb_search: basedn: '%s' filter: '%s' more than 1 entry: %d",
- realm_dn, filter, count);
+ realm_dn_str, filter, count);
return HDB_ERR_NOENTRY;
}
*pmsg = talloc_steal(mem_ctx, msg);
@@ -544,7 +548,8 @@ static krb5_error_code LDB_lookup_realm(krb5_context context, struct ldb_context
struct ldb_message ***pmsg)
{
int count;
- const char *realm_dn;
+ struct ldb_dn *realm_dn;
+ const char *realm_dn_str;
char *cross_ref_filter;
struct ldb_message **cross_ref_msg;
struct ldb_message **msg;
@@ -585,7 +590,8 @@ static krb5_error_code LDB_lookup_realm(krb5_context context, struct ldb_context
return HDB_ERR_NOENTRY;
}
- realm_dn = ldb_msg_find_string(cross_ref_msg[0], "nCName", NULL);
+ realm_dn_str = ldb_msg_find_string(cross_ref_msg[0], "nCName", NULL);
+ realm_dn = ldb_dn_explode(mem_ctx, realm_dn_str);
count = ldb_search(ldb_ctx, realm_dn, LDB_SCOPE_BASE, "(objectClass=domain)",
realm_attrs, &msg);
@@ -596,12 +602,12 @@ static krb5_error_code LDB_lookup_realm(krb5_context context, struct ldb_context
}
if (count < 1) {
- krb5_warnx(context, "ldb_search: dn: %s not found: %d", realm_dn, count);
- krb5_set_error_string(context, "ldb_search: dn: %s not found: %d", realm_dn, count);
+ krb5_warnx(context, "ldb_search: dn: %s not found: %d", realm_dn_str, count);
+ krb5_set_error_string(context, "ldb_search: dn: %s not found: %d", realm_dn_str, count);
return HDB_ERR_NOENTRY;
} else if (count > 1) {
- krb5_warnx(context, "ldb_search: dn: '%s' more than 1 entry: %d", realm_dn, count);
- krb5_set_error_string(context, "ldb_search: dn: %s more than 1 entry: %d", realm_dn, count);
+ krb5_warnx(context, "ldb_search: dn: '%s' more than 1 entry: %d", realm_dn_str, count);
+ krb5_set_error_string(context, "ldb_search: dn: %s more than 1 entry: %d", realm_dn_str, count);
return HDB_ERR_NOENTRY;
}
@@ -610,7 +616,7 @@ static krb5_error_code LDB_lookup_realm(krb5_context context, struct ldb_context
static krb5_error_code LDB_lookup_spn_alias(krb5_context context, struct ldb_context *ldb_ctx,
TALLOC_CTX *mem_ctx,
- const char *realm_dn,
+ const struct ldb_dn *realm_dn,
const char *alias_from,
char **alias_to)
{
@@ -618,9 +624,11 @@ static krb5_error_code LDB_lookup_spn_alias(krb5_context context, struct ldb_con
int count;
struct ldb_message **msg;
struct ldb_message_element *spnmappings;
- char *service_dn = talloc_asprintf(mem_ctx,
- "CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,%s",
- realm_dn);
+ struct ldb_dn *service_dn = ldb_dn_compose_string_dn(mem_ctx,
+ "CN=Directory Service,CN=Windows NT"
+ ",CN=Services,CN=Configuration",
+ realm_dn);
+ char *service_dn_str = ldb_dn_linearize(mem_ctx, service_dn);
const char *directory_attrs[] = {
"sPNMappings",
NULL
@@ -631,19 +639,19 @@ static krb5_error_code LDB_lookup_spn_alias(krb5_context context, struct ldb_con
talloc_steal(mem_ctx, msg);
if (count < 1) {
- krb5_warnx(context, "ldb_search: dn: %s not found: %d", service_dn, count);
- krb5_set_error_string(context, "ldb_search: dn: %s not found: %d", service_dn, count);
+ krb5_warnx(context, "ldb_search: dn: %s not found: %d", service_dn_str, count);
+ krb5_set_error_string(context, "ldb_search: dn: %s not found: %d", service_dn_str, count);
return HDB_ERR_NOENTRY;
} else if (count > 1) {
- krb5_warnx(context, "ldb_search: dn: %s found %d times!", service_dn, count);
- krb5_set_error_string(context, "ldb_search: dn: %s found %d times!", service_dn, count);
+ krb5_warnx(context, "ldb_search: dn: %s found %d times!", service_dn_str, count);
+ krb5_set_error_string(context, "ldb_search: dn: %s found %d times!", service_dn_str, count);
return HDB_ERR_NOENTRY;
}
spnmappings = ldb_msg_find_element(msg[0], "sPNMappings");
if (!spnmappings || spnmappings->num_values == 0) {
- krb5_warnx(context, "ldb_search: dn: %s no sPNMappings attribute", service_dn);
- krb5_set_error_string(context, "ldb_search: dn: %s no sPNMappings attribute", service_dn);
+ krb5_warnx(context, "ldb_search: dn: %s no sPNMappings attribute", service_dn_str);
+ krb5_set_error_string(context, "ldb_search: dn: %s no sPNMappings attribute", service_dn_str);
return HDB_ERR_NOENTRY;
}
@@ -652,8 +660,8 @@ static krb5_error_code LDB_lookup_spn_alias(krb5_context context, struct ldb_con
mapping = talloc_strdup(mem_ctx,
(const char *)spnmappings->values[i].data);
if (!mapping) {
- krb5_warnx(context, "LDB_lookup_spn_alias: ldb_search: dn: %s did not have an sPNMapping", service_dn);
- krb5_set_error_string(context, "LDB_lookup_spn_alias: ldb_search: dn: %s did not have an sPNMapping", service_dn);
+ krb5_warnx(context, "LDB_lookup_spn_alias: ldb_search: dn: %s did not have an sPNMapping", service_dn_str);
+ krb5_set_error_string(context, "LDB_lookup_spn_alias: ldb_search: dn: %s did not have an sPNMapping", service_dn_str);
return HDB_ERR_NOENTRY;
}
@@ -662,9 +670,9 @@ static krb5_error_code LDB_lookup_spn_alias(krb5_context context, struct ldb_con
p = strchr(mapping, '=');
if (!p) {
krb5_warnx(context, "ldb_search: dn: %s sPNMapping malformed: %s",
- service_dn, mapping);
+ service_dn_str, mapping);
krb5_set_error_string(context, "ldb_search: dn: %s sPNMapping malformed: %s",
- service_dn, mapping);
+ service_dn_str, mapping);
return HDB_ERR_NOENTRY;
}
p[0] = '\0';
@@ -729,7 +737,7 @@ static krb5_error_code LDB_fetch(krb5_context context, HDB *db, unsigned flags,
krb5_error_code ret;
const char *realm;
- const char *realm_dn;
+ const struct ldb_dn *realm_dn;
TALLOC_CTX *mem_ctx = talloc_named(NULL, 0, "LDB_fetch context");
if (!mem_ctx) {
@@ -927,7 +935,7 @@ static krb5_error_code LDB_firstkey(krb5_context context, HDB *db, unsigned flag
struct ldb_context *ldb_ctx = (struct ldb_context *)db->hdb_db;
struct hdb_ldb_seq *priv = (struct hdb_ldb_seq *)db->hdb_openp;
char *realm;
- char *realm_dn = NULL;
+ struct ldb_dn *realm_dn = NULL;
struct ldb_message **msgs = NULL;
struct ldb_message **realm_msgs = NULL;
krb5_error_code ret;