Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in / Register
Toggle navigation
Menu
Open sidebar
openldap
OpenLDAP
Commits
a2e299eb
Commit
a2e299eb
authored
Jan 10, 2007
by
Howard Chu
Browse files
ITS#4799 remove kerberos / kbind
parent
bec25494
Changes
12
Hide whitespace changes
Inline
Side-by-side
servers/slapd/Makefile.in
View file @
a2e299eb
...
...
@@ -29,7 +29,7 @@ SRCS = main.c globals.c bconfig.c config.c daemon.c \
dn.c compare.c modify.c delete.c modrdn.c ch_malloc.c
\
value.c ava.c bind.c unbind.c abandon.c filterentry.c
\
phonetic.c acl.c str2filter.c aclparse.c init.c user.c
\
repl.c lock.c controls.c extended.c
kerberos.c
passwd.c
\
repl.c lock.c controls.c extended.c passwd.c
\
schema.c schema_check.c schema_init.c schema_prep.c
\
schemaparse.c ad.c at.c mr.c syntax.c oc.c saslauthz.c
\
oidm.c starttls.c index.c sets.c referral.c root_dse.c
\
...
...
@@ -47,7 +47,7 @@ OBJS = main.o globals.o bconfig.o config.o daemon.o \
dn.o compare.o modify.o delete.o modrdn.o ch_malloc.o
\
value.o ava.o bind.o unbind.o abandon.o filterentry.o
\
phonetic.o acl.o str2filter.o aclparse.o init.o user.o
\
repl.o lock.o controls.o extended.o
kerberos.o
passwd.o
\
repl.o lock.o controls.o extended.o passwd.o
\
schema.o schema_check.o schema_init.o schema_prep.o
\
schemaparse.o ad.o at.o mr.o syntax.o oc.o saslauthz.o
\
oidm.o starttls.o index.o sets.o referral.o root_dse.o
\
...
...
servers/slapd/back-bdb/bind.c
View file @
a2e299eb
...
...
@@ -17,7 +17,6 @@
#include
"portable.h"
#include
<stdio.h>
#include
<ac/krb.h>
#include
<ac/string.h>
#include
<ac/unistd.h>
...
...
@@ -30,12 +29,6 @@ bdb_bind( Operation *op, SlapReply *rs )
Entry
*
e
;
Attribute
*
a
;
EntryInfo
*
ei
;
#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
char
krbname
[
MAX_K_NAME_SZ
+
1
];
AttributeDescription
*
krbattr
=
slap_schema
.
si_ad_krbName
;
struct
berval
krbval
;
AUTH_DAT
ad
;
#endif
AttributeDescription
*
password
=
slap_schema
.
si_ad_userPassword
;
...
...
@@ -144,50 +137,8 @@ dn2entry_retry:
rs
->
sr_err
=
0
;
break
;
#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
case
LDAP_AUTH_KRBV41
:
if
(
krbv4_ldap_auth
(
op
->
o_bd
,
&
op
->
oq_bind
.
rb_cred
,
&
ad
)
!=
LDAP_SUCCESS
)
{
rs
->
sr_err
=
LDAP_INVALID_CREDENTIALS
,
goto
done
;
}
rs
->
sr_err
=
access_allowed
(
op
,
e
,
krbattr
,
NULL
,
ACL_AUTH
,
NULL
);
if
(
!
rs
->
sr_err
)
{
rs
->
sr_err
=
LDAP_INSUFFICIENT_ACCESS
,
goto
done
;
}
krbval
.
bv_len
=
sprintf
(
krbname
,
"%s%s%s@%s"
,
ad
.
pname
,
*
ad
.
pinst
?
"."
:
""
,
ad
.
pinst
,
ad
.
prealm
);
if
(
(
a
=
attr_find
(
e
->
e_attrs
,
krbattr
))
==
NULL
)
{
/*
* no krbname values present: check against DN
*/
if
(
strcasecmp
(
op
->
o_req_dn
.
bv_val
,
krbname
)
==
0
)
{
rs
->
sr_err
=
0
;
break
;
}
rs
->
sr_err
=
LDAP_INAPPROPRIATE_AUTH
,
goto
done
;
}
else
{
/* look for krbname match */
krbval
.
bv_val
=
krbname
;
if
(
value_find
(
a
->
a_desc
,
a
->
a_vals
,
&
krbval
)
!=
0
)
{
rs
->
sr_err
=
LDAP_INVALID_CREDENTIALS
;
goto
done
;
}
}
rs
->
sr_err
=
0
;
break
;
#endif
default:
assert
(
0
);
/* should not be
un
reachable */
assert
(
0
);
/* should not be reachable */
rs
->
sr_err
=
LDAP_STRONG_AUTH_NOT_SUPPORTED
;
rs
->
sr_text
=
"authentication method not supported"
;
}
...
...
servers/slapd/bconfig.c
View file @
a2e299eb
...
...
@@ -536,14 +536,6 @@ static ConfigTable config_back_cf_table[] = {
{
"sockbuf_max_incoming_auth"
,
"max"
,
2
,
2
,
0
,
ARG_BER_LEN_T
,
&
sockbuf_max_incoming_auth
,
"( OLcfgGlAt:62 NAME 'olcSockbufMaxIncomingAuth' "
"SYNTAX OMsInteger SINGLE-VALUE )"
,
NULL
,
NULL
},
{
"srvtab"
,
"file"
,
2
,
2
,
0
,
#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
ARG_STRING
,
&
ldap_srvtab
,
#else
ARG_IGNORED
,
NULL
,
#endif
"( OLcfgGlAt:63 NAME 'olcSrvtab' "
"SYNTAX OMsDirectoryString SINGLE-VALUE )"
,
NULL
,
NULL
},
{
"subordinate"
,
"[advertise]"
,
1
,
2
,
0
,
ARG_DB
|
ARG_MAGIC
,
&
config_subordinate
,
"( OLcfgDbAt:0.15 NAME 'olcSubordinate' "
"SYNTAX OMsDirectoryString SINGLE-VALUE )"
,
NULL
,
NULL
},
...
...
@@ -693,7 +685,7 @@ static ConfigOCs cf_ocs[] = {
"olcRootDSE $ "
"olcSaslHost $ olcSaslRealm $ olcSaslSecProps $ "
"olcSecurity $ olcSizeLimit $ "
"olcSockbufMaxIncoming $ olcSockbufMaxIncomingAuth $
olcSrvtab $
"
"olcSockbufMaxIncoming $ olcSockbufMaxIncomingAuth $ "
"olcThreads $ olcTimeLimit $ olcTLSCACertificateFile $ "
"olcTLSCACertificatePath $ olcTLSCertificateFile $ "
"olcTLSCertificateKeyFile $ olcTLSCipherSuite $ olcTLSCRLCheck $ "
...
...
@@ -2272,7 +2264,6 @@ config_disallows(ConfigArgs *c) {
slap_verbmasks
disallowable_ops
[]
=
{
{
BER_BVC
(
"bind_anon"
),
SLAP_DISALLOW_BIND_ANON
},
{
BER_BVC
(
"bind_simple"
),
SLAP_DISALLOW_BIND_SIMPLE
},
{
BER_BVC
(
"bind_krb4"
),
SLAP_DISALLOW_BIND_KRBV4
},
{
BER_BVC
(
"tls_2_anon"
),
SLAP_DISALLOW_TLS_2_ANON
},
{
BER_BVC
(
"tls_authc"
),
SLAP_DISALLOW_TLS_AUTHC
},
{
BER_BVNULL
,
0
}
...
...
servers/slapd/bind.c
View file @
a2e299eb
...
...
@@ -86,8 +86,8 @@ do_bind(
* name DistinguishedName, -- dn
* authentication CHOICE {
* simple [0] OCTET STRING -- passwd
* krbv42ldap [1] OCTET STRING
* krbv42dsa [2] OCTET STRING
* krbv42ldap [1] OCTET STRING
-- OBSOLETE
* krbv42dsa [2] OCTET STRING
-- OBSOLETE
* SASL [3] SaslCredentials
* }
* }
...
...
@@ -340,33 +340,6 @@ fe_op_bind( Operation *op, SlapReply *rs )
goto
cleanup
;
}
#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
}
else
if
(
op
->
orb_method
==
LDAP_AUTH_KRBV41
)
{
if
(
global_disallows
&
SLAP_DISALLOW_BIND_KRBV4
)
{
/* disallow krbv4 authentication */
rs
->
sr_err
=
LDAP_UNWILLING_TO_PERFORM
;
rs
->
sr_text
=
"unwilling to perform Kerberos V4 bind"
;
send_ldap_result
(
op
,
rs
);
Debug
(
LDAP_DEBUG_TRACE
,
"do_bind: v%d Kerberos V4 (step 1) bind refused
\n
"
,
op
->
o_protocol
,
0
,
0
);
goto
cleanup
;
}
BER_BVSTR
(
&
op
->
orb_tmp_mech
,
"KRBV4"
);
}
else
if
(
op
->
orb_method
==
LDAP_AUTH_KRBV42
)
{
rs
->
sr_err
=
LDAP_AUTH_METHOD_NOT_SUPPORTED
;
rs
->
sr_text
=
"Kerberos V4 (step 2) bind not supported"
;
send_ldap_result
(
op
,
rs
);
Debug
(
LDAP_DEBUG_TRACE
,
"do_bind: v%d Kerberos V4 (step 2) bind refused
\n
"
,
op
->
o_protocol
,
0
,
0
);
goto
cleanup
;
#endif
}
else
{
rs
->
sr_err
=
LDAP_AUTH_METHOD_NOT_SUPPORTED
;
rs
->
sr_text
=
"unknown authentication method"
;
...
...
servers/slapd/cancel.c
View file @
a2e299eb
...
...
@@ -18,7 +18,6 @@
#include
<stdio.h>
#include
<ac/krb.h>
#include
<ac/socket.h>
#include
<ac/string.h>
#include
<ac/unistd.h>
...
...
servers/slapd/config.c
View file @
a2e299eb
...
...
@@ -68,7 +68,6 @@ int global_gentlehup = 0;
int
global_idletimeout
=
0
;
char
*
global_host
=
NULL
;
char
*
global_realm
=
NULL
;
char
*
ldap_srvtab
=
""
;
char
**
default_passwd_hash
=
NULL
;
struct
berval
default_search_base
=
BER_BVNULL
;
struct
berval
default_search_nbase
=
BER_BVNULL
;
...
...
servers/slapd/kerberos.c
deleted
100644 → 0
View file @
bec25494
/* kerberos.c - kerberos bind routines */
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted only as authorized by the OpenLDAP
* Public License.
*
* A copy of this license is available in the file LICENSE in the
* top-level directory of the distribution or, alternatively, at
* <http://www.OpenLDAP.org/license.html>.
*/
#include
"portable.h"
#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
#include
<stdio.h>
#include
<ac/krb.h>
#include
<ac/socket.h>
#include
<ac/string.h>
#include
"slap.h"
#define LDAP_KRB_PRINCIPAL "ldapserver"
krbv4_ldap_auth
(
Backend
*
be
,
struct
berval
*
cred
,
AUTH_DAT
*
ad
)
{
KTEXT_ST
k
;
KTEXT
ktxt
=
&
k
;
char
instance
[
INST_SZ
];
int
err
;
Debug
(
LDAP_DEBUG_TRACE
,
"=> kerberosv4_ldap_auth
\n
"
,
0
,
0
,
0
);
if
(
cred
->
len
>
sizeof
(
ktxt
->
dat
)
)
{
return
LDAP_OTHER
;
}
AC_MEMCPY
(
ktxt
->
dat
,
cred
->
bv_val
,
cred
->
bv_len
);
ktxt
->
length
=
cred
->
bv_len
;
strcpy
(
instance
,
"*"
);
if
(
(
err
=
krb_rd_req
(
ktxt
,
LDAP_KRB_PRINCIPAL
,
instance
,
0L
,
ad
,
ldap_srvtab
))
!=
KSUCCESS
)
{
Debug
(
LDAP_DEBUG_ANY
,
"krb_rd_req failed (%s)
\n
"
,
krb_err_txt
[
err
],
0
,
0
);
return
(
LDAP_INVALID_CREDENTIALS
);
}
return
(
LDAP_SUCCESS
);
}
#endif
/* kerberos */
servers/slapd/passwd.c
View file @
a2e299eb
...
...
@@ -18,7 +18,6 @@
#include
<stdio.h>
#include
<ac/krb.h>
#include
<ac/socket.h>
#include
<ac/string.h>
#include
<ac/unistd.h>
...
...
servers/slapd/proto-slap.h
View file @
a2e299eb
...
...
@@ -1009,14 +1009,6 @@ LDAP_SLAPD_F (int) slap_destroy LDAP_P((void));
LDAP_SLAPD_V
(
char
*
)
slap_known_controls
[];
/*
* kerberos.c
*/
#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
LDAP_SLAPD_V
(
char
*
)
ldap_srvtab
;
LDAP_SLAPD_V
(
int
)
krbv4_ldap_auth
();
#endif
/*
* ldapsync.c
*/
...
...
servers/slapd/schema_prep.c
View file @
a2e299eb
...
...
@@ -986,18 +986,6 @@ static struct slap_schema_ad_map {
NULL
,
NULL
,
NULL
,
NULL
,
NULL
,
offsetof
(
struct
slap_internal_schema
,
si_ad_authPasswordSchemes
)
},
#endif
#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
{
"krbName"
,
"( 1.3.6.1.4.1.250.1.32 "
"NAME ( 'krbName' 'kerberosName' ) "
"DESC 'Kerberos principal associated with object' "
"EQUALITY caseIgnoreIA5Match "
"SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 "
"SINGLE-VALUE )"
,
NULL
,
0
,
NULL
,
NULL
,
NULL
,
NULL
,
NULL
,
NULL
,
NULL
,
offsetof
(
struct
slap_internal_schema
,
si_ad_krbName
)
},
#endif
{
"description"
,
"( 2.5.4.13 NAME 'description' "
"DESC 'RFC4519: descriptive information' "
...
...
servers/slapd/slap.h
View file @
a2e299eb
...
...
@@ -900,9 +900,6 @@ struct slap_internal_schema {
#ifdef SLAPD_AUTHPASSWD
AttributeDescription
*
si_ad_authPassword
;
AttributeDescription
*
si_ad_authPasswordSchemes
;
#endif
#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
AttributeDescription
*
si_ad_krbName
;
#endif
AttributeDescription
*
si_ad_description
;
AttributeDescription
*
si_ad_seeAlso
;
...
...
@@ -1815,7 +1812,6 @@ struct slap_backend_db {
#define SLAP_DISALLOW_BIND_ANON 0x0001U
/* no anonymous */
#define SLAP_DISALLOW_BIND_SIMPLE 0x0002U
/* simple authentication */
#define SLAP_DISALLOW_BIND_KRBV4 0x0004U
/* Kerberos V4 authentication */
#define SLAP_DISALLOW_TLS_2_ANON 0x0010U
/* StartTLS -> Anonymous */
#define SLAP_DISALLOW_TLS_AUTHC 0x0020U
/* TLS while authenticated */
...
...
servers/slapd/txn.c
View file @
a2e299eb
...
...
@@ -18,7 +18,6 @@
#include
<stdio.h>
#include
<ac/krb.h>
#include
<ac/socket.h>
#include
<ac/string.h>
#include
<ac/unistd.h>
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment