svn commit: lorikeet r44 - in trunk/heimdal/lib/hdb: .

Mon Sep 6 02:45:24 GMT 2004

Author: abartlet
Date: 2004-09-06 02:45:23 +0000 (Mon, 06 Sep 2004)
New Revision: 44

WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=lorikeet&path=/trunk/heimdal/lib/hdb&rev=44&nolog=1

Log:
Do a 'fully qualified' search for the principal, by first searching
for the realm, then searching the subtree for the unqualified name.

Remove the hooks for 'get' and 'put' as these are unimplementated by
the LDAP backend, so there is no need to use them in LDB.

Andrew Bartlett

Modified:
   trunk/heimdal/lib/hdb/hdb-ldb.c


Changeset:
Modified: trunk/heimdal/lib/hdb/hdb-ldb.c
===================================================================

--- trunk/heimdal/lib/hdb/hdb-ldb.c	2004-09-05 13:09:03 UTC (rev 43)
+++ trunk/heimdal/lib/hdb/hdb-ldb.c	2004-09-06 02:45:23 UTC (rev 44)
@@ -1,6 +1,6 @@
 /*
  * Copyright (c) 1999-2001, 2003, PADL Software Pty Ltd.
- * Copyright (c) 2004, Andrew Bartlett.
+ * Copyright (c) 2004, Andrew Bartlett <abartlet at samba.org>.
  * Copyright (c) 2004, Stefan Metzmacher <metze at samba.org>
  * All rights reserved.
  *
@@ -314,12 +314,24 @@
 	const char * const *princ_attrs = user_attrs;
 	char *p;
 	char *basedn = NULL;
+	char *realm;
+	char *realm_filter;
+	struct ldb_message **realm_msg;
 
+	const char *realm_attrs[] = {
+		"realm", 
+		NULL
+	};
+
 	princ = strdup(princname);
 
 	p = strchr(princ,'@');
 	if (p != NULL) {
 		p[0] = '\0';
+		realm = p+1;
+	} else {
+		ret = HDB_ERR_NOENTRY;
+		goto out;
 	}
 
 	p = strchr(princ,'/');
@@ -328,6 +340,33 @@
 		princ_attrs = service_attrs;
 	}
 
+	rc = asprintf(&realm_filter,
+		"(&(objectClass=domain)(realm=%s))",
+		    realm);
+	if (rc < 0) {
+		krb5_set_error_string(context, "asprintf: out of memory");
+		ret = ENOMEM;
+		goto out;
+	}
+
+	count = ldb_search(ldb_ctx, NULL, LDB_SCOPE_SUBTREE, realm_filter, 
+			   realm_attrs, &realm_msg);
+	if (count < 1) {
+		krb5_warnx(context, "ldb_search: filter: '%s' failed", realm_filter);
+		krb5_set_error_string(context, "ldb_search: filter: '%s' failed", realm_filter);
+		ret = HDB_ERR_NOENTRY;
+		goto out;
+	} else if (count > 1) {
+		krb5_warnx(context, "ldb_search: filter: '%s' more than 1 entry", realm_filter);
+		krb5_set_error_string(context, "ldb_search: filter: '%s' more than 1 entry", realm_filter);
+		ret = HDB_ERR_NOENTRY;
+		goto out;		
+	}
+
+	basedn = realm_msg[0]->dn;
+
+	krb5_warnx(context, "LDB_lookup_principal: realm ok\n");
+
 	rc = asprintf(&filter,
 		"(&(objectClass=user)(%s=%s))",
 		    princ_attr, princ);
@@ -357,6 +396,10 @@
 
 	ret = 0;
 out:
+	if (realm_msg) {
+    		ldb_search_free(ldb_ctx, realm_msg);
+	}
+
 	if (filter) {
 		free(filter);
 	}
@@ -462,28 +505,6 @@
 	return 0;
 }
 
-static krb5_error_code LDB__get(krb5_context context, HDB *db, krb5_data key, krb5_data *reply)
-{
-	fprintf(stderr, "LDB__get not implemented\n");
-	abort();
-	return 0;
-}
-
-static krb5_error_code LDB__put(krb5_context context, HDB *db, int replace,
-				krb5_data key, krb5_data value)
-{
-	fprintf(stderr, "LDB__put not implemented\n");
-	abort();
-	return 0;
-}
-
-static krb5_error_code LDB__del(krb5_context context, HDB *db, krb5_data key)
-{
-	fprintf(stderr, "LDB__del not implemented\n");
-	abort();
-	return 0;
-}
-
 static krb5_error_code LDB_fetch(krb5_context context, HDB *db, unsigned flags,
 					hdb_entry *entry)
 {
@@ -657,10 +678,11 @@
 	(*db)->hdb_lock = LDB_lock;
 	(*db)->hdb_unlock = LDB_unlock;
 	(*db)->hdb_rename = LDB_rename;
-	/* can we ditch these? */
-	(*db)->hdb__get = LDB__get;
-	(*db)->hdb__put = LDB__put;
-	(*db)->hdb__del = LDB__del;
+	/* we don't implement these, as we are not a lockable database */
+	(*db)->hdb__get = NULL;
+	(*db)->hdb__put = NULL;
+	/* kadmin should not be used for deletes - use other tools instead */
+	(*db)->hdb__del = NULL;
 	(*db)->hdb_destroy = LDB_destroy;
 
 	return 0;

