Back to index

openldap  2.4.31
Classes | Defines | Typedefs | Enumerations | Functions | Variables
smbk5pwd.c File Reference
#include <portable.h>
#include <slap.h>
#include <ac/errno.h>
#include <ac/string.h>
#include "config.h"

Go to the source code of this file.

Classes

struct  smbk5pwd_t

Defines

#define SLAPD_OVER_SMBK5PWD   SLAPD_MOD_DYNAMIC
#define SMBK5PWD_F_KRB5   (0x1U)
#define SMBK5PWD_F_SAMBA   (0x2U)
#define SMBK5PWD_F_SHADOW   (0x4U)
#define SMBK5PWD_DO_KRB5(pi)   ((pi)->mode & SMBK5PWD_F_KRB5)
#define SMBK5PWD_DO_SAMBA(pi)   ((pi)->mode & SMBK5PWD_F_SAMBA)
#define SMBK5PWD_DO_SHADOW(pi)   ((pi)->mode & SMBK5PWD_F_SHADOW)

Typedefs

typedef struct smbk5pwd_t smbk5pwd_t

Enumerations

enum  { PC_SMB_MUST_CHANGE = 1, PC_SMB_CAN_CHANGE, PC_SMB_ENABLE }

Functions

static int smbk5pwd_modules_init (smbk5pwd_t *pi)
static int smbk5pwd_exop_passwd (Operation *op, SlapReply *rs)
static int smbk5pwd_cf_func (ConfigArgs *c)
static int smbk5pwd_db_init (BackendDB *be, ConfigReply *cr)
static int smbk5pwd_db_open (BackendDB *be, ConfigReply *cr)
static int smbk5pwd_db_destroy (BackendDB *be, ConfigReply *cr)
int smbk5pwd_initialize (void)
int init_module (int argc, char *argv[])

Variables

static const unsigned SMBK5PWD_F_ALL
static slap_overinst smbk5pwd
static ConfigDriver smbk5pwd_cf_func
static ConfigTable smbk5pwd_cfats []
static ConfigOCs smbk5pwd_cfocs []
static slap_verbmasks smbk5pwd_modules []

Class Documentation

struct smbk5pwd_t

Definition at line 91 of file smbk5pwd.c.

Class Members
unsigned mode

Define Documentation

#define SLAPD_OVER_SMBK5PWD   SLAPD_MOD_DYNAMIC

Definition at line 26 of file smbk5pwd.c.

#define SMBK5PWD_DO_KRB5 (   pi)    ((pi)->mode & SMBK5PWD_F_KRB5)

Definition at line 97 of file smbk5pwd.c.

#define SMBK5PWD_DO_SAMBA (   pi)    ((pi)->mode & SMBK5PWD_F_SAMBA)

Definition at line 98 of file smbk5pwd.c.

#define SMBK5PWD_DO_SHADOW (   pi)    ((pi)->mode & SMBK5PWD_F_SHADOW)

Definition at line 99 of file smbk5pwd.c.

#define SMBK5PWD_F_KRB5   (0x1U)

Definition at line 93 of file smbk5pwd.c.

#define SMBK5PWD_F_SAMBA   (0x2U)

Definition at line 94 of file smbk5pwd.c.

#define SMBK5PWD_F_SHADOW   (0x4U)

Definition at line 95 of file smbk5pwd.c.


Typedef Documentation

typedef struct smbk5pwd_t smbk5pwd_t

Enumeration Type Documentation

anonymous enum
Enumerator:
PC_SMB_MUST_CHANGE 
PC_SMB_CAN_CHANGE 
PC_SMB_ENABLE 

Definition at line 709 of file smbk5pwd.c.


Function Documentation

int init_module ( int  argc,
char *  argv[] 
)

Definition at line 1181 of file smbk5pwd.c.

                                        {
       return smbk5pwd_initialize();
}

Here is the call graph for this function:

static int smbk5pwd_cf_func ( ConfigArgs c) [static]

Definition at line 767 of file smbk5pwd.c.

{
       slap_overinst *on = (slap_overinst *)c->bi;

       int           rc = 0;
       smbk5pwd_t    *pi = on->on_bi.bi_private;

       if ( c->op == SLAP_CONFIG_EMIT ) {
              switch( c->type ) {
              case PC_SMB_MUST_CHANGE:
#ifdef DO_SAMBA
                     c->value_int = pi->smb_must_change;
#else /* ! DO_SAMBA */
                     c->value_int = 0;
#endif /* ! DO_SAMBA */
                     break;

              case PC_SMB_CAN_CHANGE:
#ifdef DO_SAMBA
                     c->value_int = pi->smb_can_change;
#else /* ! DO_SAMBA */
                     c->value_int = 0;
#endif /* ! DO_SAMBA */
                     break;

              case PC_SMB_ENABLE:
                     c->rvalue_vals = NULL;
                     if ( pi->mode ) {
                            mask_to_verbs( smbk5pwd_modules, pi->mode, &c->rvalue_vals );
                            if ( c->rvalue_vals == NULL ) {
                                   rc = 1;
                            }
                     }
                     break;

              default:
                     assert( 0 );
                     rc = 1;
              }
              return rc;

       } else if ( c->op == LDAP_MOD_DELETE ) {
              switch( c->type ) {
              case PC_SMB_MUST_CHANGE:
                     break;

                case PC_SMB_CAN_CHANGE:
                        break;

              case PC_SMB_ENABLE:
                     if ( !c->line ) {
                            pi->mode = 0;

                     } else {
                            int i;

                            i = verb_to_mask( c->line, smbk5pwd_modules );
                            pi->mode &= ~smbk5pwd_modules[i].mask;
                     }
                     break;

              default:
                     assert( 0 );
                     rc = 1;
              }
              return rc;
       }

       switch( c->type ) {
       case PC_SMB_MUST_CHANGE:
#ifdef DO_SAMBA
              if ( c->value_int < 0 ) {
                     Debug( LDAP_DEBUG_ANY, "%s: smbk5pwd: "
                            "<%s> invalid negative value \"%d\".",
                            c->log, c->argv[ 0 ], 0 );
                     return 1;
              }
              pi->smb_must_change = c->value_int;
#else /* ! DO_SAMBA */
              Debug( LDAP_DEBUG_ANY, "%s: smbk5pwd: "
                     "<%s> only meaningful "
                     "when compiled with -DDO_SAMBA.\n",
                     c->log, c->argv[ 0 ], 0 );
              return 1;
#endif /* ! DO_SAMBA */
              break;

        case PC_SMB_CAN_CHANGE:
#ifdef DO_SAMBA
                if ( c->value_int < 0 ) {
                        Debug( LDAP_DEBUG_ANY, "%s: smbk5pwd: "
                                "<%s> invalid negative value \"%d\".",
                                c->log, c->argv[ 0 ], 0 );
                        return 1;
                }
                pi->smb_can_change = c->value_int;
#else /* ! DO_SAMBA */
                Debug( LDAP_DEBUG_ANY, "%s: smbk5pwd: "
                        "<%s> only meaningful "
                        "when compiled with -DDO_SAMBA.\n",
                        c->log, c->argv[ 0 ], 0 );
                return 1;
#endif /* ! DO_SAMBA */
                break;

       case PC_SMB_ENABLE: {
              slap_mask_t   mode = pi->mode, m = 0;

              rc = verbs_to_mask( c->argc, c->argv, smbk5pwd_modules, &m );
              if ( rc > 0 ) {
                     Debug( LDAP_DEBUG_ANY, "%s: smbk5pwd: "
                            "<%s> unknown module \"%s\".\n",
                            c->log, c->argv[ 0 ], c->argv[ rc ] );
                     return 1;
              }

              /* we can hijack the smbk5pwd_t structure because
               * from within the configuration, this is the only
               * active thread. */
              pi->mode |= m;

#ifndef DO_KRB5
              if ( SMBK5PWD_DO_KRB5( pi ) ) {
                     Debug( LDAP_DEBUG_ANY, "%s: smbk5pwd: "
                            "<%s> module \"%s\" only allowed when compiled with -DDO_KRB5.\n",
                            c->log, c->argv[ 0 ], c->argv[ rc ] );
                     pi->mode = mode;
                     return 1;
              }
#endif /* ! DO_KRB5 */

#ifndef DO_SAMBA
              if ( SMBK5PWD_DO_SAMBA( pi ) ) {
                     Debug( LDAP_DEBUG_ANY, "%s: smbk5pwd: "
                            "<%s> module \"%s\" only allowed when compiled with -DDO_SAMBA.\n",
                            c->log, c->argv[ 0 ], c->argv[ rc ] );
                     pi->mode = mode;
                     return 1;
              }
#endif /* ! DO_SAMBA */

#ifndef DO_SHADOW
              if ( SMBK5PWD_DO_SHADOW( pi ) ) {
                     Debug( LDAP_DEBUG_ANY, "%s: smbk5pwd: "
                            "<%s> module \"%s\" only allowed when compiled with -DDO_SHADOW.\n",
                            c->log, c->argv[ 0 ], c->argv[ rc ] );
                     pi->mode = mode;
                     return 1;
              }
#endif /* ! DO_SHADOW */

              {
                     BackendDB     db = *c->be;

                     /* Re-initialize the module, because
                      * the configuration might have changed */
                     db.bd_info = (BackendInfo *)on;
                     rc = smbk5pwd_modules_init( pi );
                     if ( rc ) {
                            pi->mode = mode;
                            return 1;
                     }
              }

              } break;

       default:
              assert( 0 );
              return 1;
       }
       return rc;
}

Here is the call graph for this function:

static int smbk5pwd_db_destroy ( BackendDB be,
ConfigReply *  cr 
) [static]

Definition at line 1139 of file smbk5pwd.c.

{
       slap_overinst *on = (slap_overinst *)be->bd_info;
       smbk5pwd_t    *pi = (smbk5pwd_t *)on->on_bi.bi_private;

       if ( pi ) {
              ch_free( pi );
       }

       return 0;
}

Here is the call graph for this function:

Here is the caller graph for this function:

static int smbk5pwd_db_init ( BackendDB be,
ConfigReply *  cr 
) [static]

Definition at line 1104 of file smbk5pwd.c.

{
       slap_overinst *on = (slap_overinst *)be->bd_info;
       smbk5pwd_t    *pi;

       pi = ch_calloc( 1, sizeof( smbk5pwd_t ) );
       if ( pi == NULL ) {
              return 1;
       }
       on->on_bi.bi_private = (void *)pi;

       return 0;
}

Here is the call graph for this function:

Here is the caller graph for this function:

static int smbk5pwd_db_open ( BackendDB be,
ConfigReply *  cr 
) [static]

Definition at line 1119 of file smbk5pwd.c.

{
       slap_overinst *on = (slap_overinst *)be->bd_info;
       smbk5pwd_t    *pi = (smbk5pwd_t *)on->on_bi.bi_private;

       int    rc;

       if ( pi->mode == 0 ) {
              pi->mode = SMBK5PWD_F_ALL;
       }

       rc = smbk5pwd_modules_init( pi );
       if ( rc ) {
              return rc;
       }

       return 0;
}

Here is the call graph for this function:

Here is the caller graph for this function:

static int smbk5pwd_exop_passwd ( Operation op,
SlapReply rs 
) [static]

Definition at line 409 of file smbk5pwd.c.

{
       int rc;
       req_pwdexop_s *qpw = &op->oq_pwdexop;
       Entry *e;
       Modifications *ml;
       slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
       smbk5pwd_t *pi = on->on_bi.bi_private;
       char term;

       /* Not the operation we expected, pass it on... */
       if ( ber_bvcmp( &slap_EXOP_MODIFY_PASSWD, &op->ore_reqoid ) ) {
              return SLAP_CB_CONTINUE;
       }

       op->o_bd->bd_info = (BackendInfo *)on->on_info;
       rc = be_entry_get_rw( op, &op->o_req_ndn, NULL, NULL, 0, &e );
       if ( rc != LDAP_SUCCESS ) return rc;

       term = qpw->rs_new.bv_val[qpw->rs_new.bv_len];
       qpw->rs_new.bv_val[qpw->rs_new.bv_len] = '\0';

#ifdef DO_KRB5
       /* Kerberos stuff */
       do {
              krb5_error_code ret;
              hdb_entry ent;
              struct berval *keys;
              size_t nkeys;
              int kvno, i;
              Attribute *a;

              if ( !SMBK5PWD_DO_KRB5( pi ) ) break;

              if ( !is_entry_objectclass(e, oc_krb5KDCEntry, 0 ) ) break;

              a = attr_find( e->e_attrs, ad_krb5PrincipalName );
              if ( !a ) break;

              memset( &ent, 0, sizeof(ent) );
              ret = krb5_parse_name(context, a->a_vals[0].bv_val, &ent.principal);
              if ( ret ) break;

              a = attr_find( e->e_attrs, ad_krb5KeyVersionNumber );
              kvno = 0;
              if ( a ) {
                     if ( lutil_atoi( &kvno, a->a_vals[0].bv_val ) != 0 ) {
                            Debug( LDAP_DEBUG_ANY, "%s smbk5pwd EXOP: "
                                   "dn=\"%s\" unable to parse krb5KeyVersionNumber=\"%s\"\n",
                                   op->o_log_prefix, e->e_name.bv_val, a->a_vals[0].bv_val );
                     }

              } else {
                     /* shouldn't happen, this is a required attr */
                     Debug( LDAP_DEBUG_ANY, "%s smbk5pwd EXOP: "
                            "dn=\"%s\" missing krb5KeyVersionNumber\n",
                            op->o_log_prefix, e->e_name.bv_val, 0 );
              }

              ret = hdb_generate_key_set_password(context, ent.principal,
                     qpw->rs_new.bv_val, &ent.keys.val, &nkeys);
              ent.keys.len = nkeys;
              hdb_seal_keys(context, db, &ent);
              krb5_free_principal( context, ent.principal );

              keys = ch_malloc( (ent.keys.len + 1) * sizeof(struct berval));

              for (i = 0; i < ent.keys.len; i++) {
                     unsigned char *buf;
                     size_t len;

                     ASN1_MALLOC_ENCODE(Key, buf, len, &ent.keys.val[i], &len, ret);
                     if (ret != 0)
                            break;
                     
                     keys[i].bv_val = (char *)buf;
                     keys[i].bv_len = len;
              }
              BER_BVZERO( &keys[i] );

              hdb_free_keys(context, ent.keys.len, ent.keys.val);

              if ( i != ent.keys.len ) {
                     ber_bvarray_free( keys );
                     break;
              }

              ml = ch_malloc(sizeof(Modifications));
              if (!qpw->rs_modtail) qpw->rs_modtail = &ml->sml_next;
              ml->sml_next = qpw->rs_mods;
              qpw->rs_mods = ml;

              ml->sml_desc = ad_krb5Key;
              ml->sml_op = LDAP_MOD_REPLACE;
#ifdef SLAP_MOD_INTERNAL
              ml->sml_flags = SLAP_MOD_INTERNAL;
#endif
              ml->sml_numvals = i;
              ml->sml_values = keys;
              ml->sml_nvalues = NULL;
              
              ml = ch_malloc(sizeof(Modifications));
              ml->sml_next = qpw->rs_mods;
              qpw->rs_mods = ml;
              
              ml->sml_desc = ad_krb5KeyVersionNumber;
              ml->sml_op = LDAP_MOD_REPLACE;
#ifdef SLAP_MOD_INTERNAL
              ml->sml_flags = SLAP_MOD_INTERNAL;
#endif
              ml->sml_numvals = 1;
              ml->sml_values = ch_malloc( 2 * sizeof(struct berval));
              ml->sml_values[0].bv_val = ch_malloc( 64 );
              ml->sml_values[0].bv_len = sprintf(ml->sml_values[0].bv_val,
                     "%d", kvno+1 );
              BER_BVZERO( &ml->sml_values[1] );
              ml->sml_nvalues = NULL;
       } while ( 0 );
#endif /* DO_KRB5 */

#ifdef DO_SAMBA
       /* Samba stuff */
       if ( SMBK5PWD_DO_SAMBA( pi ) && is_entry_objectclass(e, oc_sambaSamAccount, 0 ) ) {
              struct berval *keys;
              ber_len_t j,l;
              wchar_t *wcs, wc;
              char *c, *d;
              struct berval pwd;
              
              /* Expand incoming UTF8 string to UCS4 */
              l = ldap_utf8_chars(qpw->rs_new.bv_val);
              wcs = ch_malloc((l+1) * sizeof(wchar_t));

              ldap_x_utf8s_to_wcs( wcs, qpw->rs_new.bv_val, l );
              
              /* Truncate UCS4 to UCS2 */
              c = (char *)wcs;
              for (j=0; j<l; j++) {
                     wc = wcs[j];
                     *c++ = wc & 0xff;
                     *c++ = (wc >> 8) & 0xff;
              }
              *c++ = 0;
              pwd.bv_val = (char *)wcs;
              pwd.bv_len = l * 2;

              ml = ch_malloc(sizeof(Modifications));
              if (!qpw->rs_modtail) qpw->rs_modtail = &ml->sml_next;
              ml->sml_next = qpw->rs_mods;
              qpw->rs_mods = ml;

              keys = ch_malloc( 2 * sizeof(struct berval) );
              BER_BVZERO( &keys[1] );
              nthash( &pwd, keys );
              
              ml->sml_desc = ad_sambaNTPassword;
              ml->sml_op = LDAP_MOD_REPLACE;
#ifdef SLAP_MOD_INTERNAL
              ml->sml_flags = SLAP_MOD_INTERNAL;
#endif
              ml->sml_numvals = 1;
              ml->sml_values = keys;
              ml->sml_nvalues = NULL;

              /* Truncate UCS2 to 8-bit ASCII */
              c = pwd.bv_val+1;
              d = pwd.bv_val+2;
              for (j=1; j<l; j++) {
                     *c++ = *d++;
                     d++;
              }
              pwd.bv_len /= 2;
              pwd.bv_val[pwd.bv_len] = '\0';

              ml = ch_malloc(sizeof(Modifications));
              ml->sml_next = qpw->rs_mods;
              qpw->rs_mods = ml;

              keys = ch_malloc( 2 * sizeof(struct berval) );
              BER_BVZERO( &keys[1] );
              lmhash( &pwd, keys );
              
              ml->sml_desc = ad_sambaLMPassword;
              ml->sml_op = LDAP_MOD_REPLACE;
#ifdef SLAP_MOD_INTERNAL
              ml->sml_flags = SLAP_MOD_INTERNAL;
#endif
              ml->sml_numvals = 1;
              ml->sml_values = keys;
              ml->sml_nvalues = NULL;

              ch_free(wcs);

              ml = ch_malloc(sizeof(Modifications));
              ml->sml_next = qpw->rs_mods;
              qpw->rs_mods = ml;

              keys = ch_malloc( 2 * sizeof(struct berval) );
              keys[0].bv_val = ch_malloc( LDAP_PVT_INTTYPE_CHARS(long) );
              keys[0].bv_len = snprintf(keys[0].bv_val,
                     LDAP_PVT_INTTYPE_CHARS(long),
                     "%ld", slap_get_time());
              BER_BVZERO( &keys[1] );
              
              ml->sml_desc = ad_sambaPwdLastSet;
              ml->sml_op = LDAP_MOD_REPLACE;
#ifdef SLAP_MOD_INTERNAL
              ml->sml_flags = SLAP_MOD_INTERNAL;
#endif
              ml->sml_numvals = 1;
              ml->sml_values = keys;
              ml->sml_nvalues = NULL;

              if (pi->smb_must_change)
              {
                     ml = ch_malloc(sizeof(Modifications));
                     ml->sml_next = qpw->rs_mods;
                     qpw->rs_mods = ml;

                     keys = ch_malloc( 2 * sizeof(struct berval) );
                     keys[0].bv_val = ch_malloc( LDAP_PVT_INTTYPE_CHARS(long) );
                     keys[0].bv_len = snprintf(keys[0].bv_val,
                                   LDAP_PVT_INTTYPE_CHARS(long),
                                   "%ld", slap_get_time() + pi->smb_must_change);
                     BER_BVZERO( &keys[1] );

                     ml->sml_desc = ad_sambaPwdMustChange;
                     ml->sml_op = LDAP_MOD_REPLACE;
#ifdef SLAP_MOD_INTERNAL
                     ml->sml_flags = SLAP_MOD_INTERNAL;
#endif
                     ml->sml_numvals = 1;
                     ml->sml_values = keys;
                     ml->sml_nvalues = NULL;
              }

              if (pi->smb_can_change)
              {
                     ml = ch_malloc(sizeof(Modifications));
                     ml->sml_next = qpw->rs_mods;
                     qpw->rs_mods = ml;

                     keys = ch_malloc( 2 * sizeof(struct berval) );
                     keys[0].bv_val = ch_malloc( LDAP_PVT_INTTYPE_CHARS(long) );
                     keys[0].bv_len = snprintf(keys[0].bv_val,
                                   LDAP_PVT_INTTYPE_CHARS(long),
                                   "%ld", slap_get_time() + pi->smb_can_change);
                     BER_BVZERO( &keys[1] );

                     ml->sml_desc = ad_sambaPwdCanChange;
                     ml->sml_op = LDAP_MOD_REPLACE;
#ifdef SLAP_MOD_INTERNAL
                     ml->sml_flags = SLAP_MOD_INTERNAL;
#endif
                     ml->sml_numvals = 1;
                     ml->sml_values = keys;
                     ml->sml_nvalues = NULL;
              }
       }
#endif /* DO_SAMBA */

#ifdef DO_SHADOW
       /* shadow stuff */
       if ( SMBK5PWD_DO_SHADOW( pi ) && is_entry_objectclass(e, oc_shadowAccount, 0 ) ) {
              struct berval *keys;

              ml = ch_malloc(sizeof(Modifications));
              if (!qpw->rs_modtail) qpw->rs_modtail = &ml->sml_next;
              ml->sml_next = qpw->rs_mods;
              qpw->rs_mods = ml;

              keys = ch_malloc( sizeof(struct berval) * 2);
              BER_BVZERO( &keys[1] );
              keys[0].bv_val = ch_malloc( LDAP_PVT_INTTYPE_CHARS(long) );
              keys[0].bv_len = snprintf(keys[0].bv_val,
                     LDAP_PVT_INTTYPE_CHARS(long),
                     "%ld", (long)(slap_get_time() / (60 * 60 * 24)));

              ml->sml_desc = ad_shadowLastChange;
              ml->sml_op = LDAP_MOD_REPLACE;
#ifdef SLAP_MOD_INTERNAL
              ml->sml_flags = SLAP_MOD_INTERNAL;
#endif
              ml->sml_numvals = 1;
              ml->sml_values = keys;
              ml->sml_nvalues = NULL;
       }
#endif /* DO_SHADOW */

       be_entry_release_r( op, e );
       qpw->rs_new.bv_val[qpw->rs_new.bv_len] = term;

       return SLAP_CB_CONTINUE;
}

Here is the call graph for this function:

Here is the caller graph for this function:

Definition at line 1152 of file smbk5pwd.c.

Here is the call graph for this function:

Here is the caller graph for this function:

static int smbk5pwd_modules_init ( smbk5pwd_t pi) [static]

Definition at line 941 of file smbk5pwd.c.

{
       static struct {
              const char           *name;
              AttributeDescription **adp;
       }
#ifdef DO_KRB5
       krb5_ad[] = {
              { "krb5Key",                &ad_krb5Key },
              { "krb5KeyVersionNumber",   &ad_krb5KeyVersionNumber },
              { "krb5PrincipalName",             &ad_krb5PrincipalName },
              { "krb5ValidEnd",           &ad_krb5ValidEnd },
              { NULL }
       },
#endif /* DO_KRB5 */
#ifdef DO_SAMBA
       samba_ad[] = {
              { "sambaLMPassword",        &ad_sambaLMPassword },
              { "sambaNTPassword",        &ad_sambaNTPassword },
              { "sambaPwdLastSet",        &ad_sambaPwdLastSet },
              { "sambaPwdMustChange",            &ad_sambaPwdMustChange },
              { "sambaPwdCanChange",             &ad_sambaPwdCanChange },
              { NULL }
       },
#endif /* DO_SAMBA */
#ifdef DO_SHADOW
       shadow_ad[] = {
              { "shadowLastChange",              &ad_shadowLastChange },
              { NULL }
       },
#endif /* DO_SHADOW */
       dummy_ad;

       /* this is to silence the unused var warning */
       dummy_ad.name = NULL;

#ifdef DO_KRB5
       if ( SMBK5PWD_DO_KRB5( pi ) && oc_krb5KDCEntry == NULL ) {
              krb5_error_code      ret;
              extern HDB    *_kadm5_s_get_db(void *);

              int           i, rc;

              /* Make sure all of our necessary schema items are loaded */
              oc_krb5KDCEntry = oc_find( "krb5KDCEntry" );
              if ( !oc_krb5KDCEntry ) {
                     Debug( LDAP_DEBUG_ANY, "smbk5pwd: "
                            "unable to find \"krb5KDCEntry\" objectClass.\n",
                            0, 0, 0 );
                     return -1;
              }

              for ( i = 0; krb5_ad[ i ].name != NULL; i++ ) {
                     const char    *text;

                     *(krb5_ad[ i ].adp) = NULL;

                     rc = slap_str2ad( krb5_ad[ i ].name, krb5_ad[ i ].adp, &text );
                     if ( rc != LDAP_SUCCESS ) {
                            Debug( LDAP_DEBUG_ANY, "smbk5pwd: "
                                   "unable to find \"%s\" attributeType: %s (%d).\n",
                                   krb5_ad[ i ].name, text, rc );
                            oc_krb5KDCEntry = NULL;
                            return rc;
                     }
              }

              /* Initialize Kerberos context */
              ret = krb5_init_context(&context);
              if (ret) {
                     Debug( LDAP_DEBUG_ANY, "smbk5pwd: "
                            "unable to initialize krb5 context (%d).\n",
                            ret, 0, 0 );
                     oc_krb5KDCEntry = NULL;
                     return -1;
              }

              ret = kadm5_s_init_with_password_ctx( context,
                     KADM5_ADMIN_SERVICE,
                     NULL,
                     KADM5_ADMIN_SERVICE,
                     &conf, 0, 0, &kadm_context );
              if (ret) {
                     char *err_str, *err_msg = "<unknown error>";
                     err_str = krb5_get_error_string( context );
                     if (!err_str)
                            err_msg = (char *)krb5_get_err_text( context, ret );
                     Debug( LDAP_DEBUG_ANY, "smbk5pwd: "
                            "unable to initialize krb5 admin context: %s (%d).\n",
                            err_str ? err_str : err_msg, ret, 0 );
                     if (err_str)
                            krb5_free_error_string( context, err_str );
                     krb5_free_context( context );
                     oc_krb5KDCEntry = NULL;
                     return -1;
              }

              db = _kadm5_s_get_db( kadm_context );
       }
#endif /* DO_KRB5 */

#ifdef DO_SAMBA
       if ( SMBK5PWD_DO_SAMBA( pi ) && oc_sambaSamAccount == NULL ) {
              int           i, rc;

              oc_sambaSamAccount = oc_find( "sambaSamAccount" );
              if ( !oc_sambaSamAccount ) {
                     Debug( LDAP_DEBUG_ANY, "smbk5pwd: "
                            "unable to find \"sambaSamAccount\" objectClass.\n",
                            0, 0, 0 );
                     return -1;
              }

              for ( i = 0; samba_ad[ i ].name != NULL; i++ ) {
                     const char    *text;

                     *(samba_ad[ i ].adp) = NULL;

                     rc = slap_str2ad( samba_ad[ i ].name, samba_ad[ i ].adp, &text );
                     if ( rc != LDAP_SUCCESS ) {
                            Debug( LDAP_DEBUG_ANY, "smbk5pwd: "
                                   "unable to find \"%s\" attributeType: %s (%d).\n",
                                   samba_ad[ i ].name, text, rc );
                            oc_sambaSamAccount = NULL;
                            return rc;
                     }
              }
       }
#endif /* DO_SAMBA */

#ifdef DO_SHADOW
       if ( SMBK5PWD_DO_SHADOW( pi ) && oc_shadowAccount == NULL ) {
              int           i, rc;

              oc_shadowAccount = oc_find( "shadowAccount" );
              if ( !oc_shadowAccount ) {
                     Debug( LDAP_DEBUG_ANY, "smbk5pwd: "
                            "unable to find \"shadowAccount\" objectClass.\n",
                            0, 0, 0 );
                     return -1;
              }

              for ( i = 0; shadow_ad[ i ].name != NULL; i++ ) {
                     const char    *text;

                     *(shadow_ad[ i ].adp) = NULL;

                     rc = slap_str2ad( shadow_ad[ i ].name, shadow_ad[ i ].adp, &text );
                     if ( rc != LDAP_SUCCESS ) {
                            Debug( LDAP_DEBUG_ANY, "smbk5pwd: "
                                   "unable to find \"%s\" attributeType: %s (%d).\n",
                                   shadow_ad[ i ].name, text, rc );
                            oc_shadowAccount = NULL;
                            return rc;
                     }
              }
       }
#endif /* DO_SHADOW */

       return 0;
}

Here is the call graph for this function:

Here is the caller graph for this function:


Variable Documentation

Definition at line 706 of file smbk5pwd.c.

Definition at line 715 of file smbk5pwd.c.

Initial value:
 {
       { "smbk5pwd-enable", "arg",
              2, 0, 0, ARG_MAGIC|PC_SMB_ENABLE, smbk5pwd_cf_func,
              "( OLcfgCtAt:1.1 NAME 'olcSmbK5PwdEnable' "
              "DESC 'Modules to be enabled' "
              "SYNTAX OMsDirectoryString )", NULL, NULL },
       { "smbk5pwd-must-change", "time",
              2, 2, 0, ARG_MAGIC|ARG_INT|PC_SMB_MUST_CHANGE, smbk5pwd_cf_func,
              "( OLcfgCtAt:1.2 NAME 'olcSmbK5PwdMustChange' "
              "DESC 'Credentials validity interval' "
              "SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
       { "smbk5pwd-can-change", "time",
              2, 2, 0, ARG_MAGIC|ARG_INT|PC_SMB_CAN_CHANGE, smbk5pwd_cf_func,
              "( OLcfgCtAt:1.3 NAME 'olcSmbK5PwdCanChange' "
              "DESC 'Credentials minimum validity interval' "
              "SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },

       { NULL, NULL, 0, 0, 0, ARG_IGNORED }
}

Definition at line 721 of file smbk5pwd.c.

Initial value:
 {
       { "( OLcfgCtOc:1.1 "
              "NAME 'olcSmbK5PwdConfig' "
              "DESC 'smbk5pwd overlay configuration' "
              "SUP olcOverlayConfig "
              "MAY ( "
                     "olcSmbK5PwdEnable "
                     "$ olcSmbK5PwdMustChange "
                     "$ olcSmbK5PwdCanChange "
              ") )", Cft_Overlay, smbk5pwd_cfats },

       { NULL, 0, NULL }
}

Definition at line 741 of file smbk5pwd.c.

Initial value:
       0

Definition at line 117 of file smbk5pwd.c.

Initial value:
 {
       { BER_BVC( "krb5" ),        SMBK5PWD_F_KRB5      },
       { BER_BVC( "samba" ),              SMBK5PWD_F_SAMBA },
       { BER_BVC( "shadow" ),             SMBK5PWD_F_SHADOW },
       { BER_BVNULL,               -1 }
}

Definition at line 759 of file smbk5pwd.c.